« Changelog History


OpenSSL v1.0.0.e Release Notes

Release Date: 2012-01-04 // over 12 years ago
    • Nadhem Alfardan and Kenny Paterson have discovered an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. Their attack exploits timing differences arising during decryption processing. A research paper describing this attack can be found at: http://www.isg.rhul.ac.uk/~kp/dtls.pdf Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann [email protected] and Michael Tuexen [email protected] for preparing the fix. [CVE-2011-4108][]

    Robin Seggelmann, Michael Tuexen

    • Clear bytes used for block padding of SSL 3.0 records. [CVE-2011-4576][]

    Adam Langley (Google)

    • Only allow one SGC handshake restart for SSL/TLS. Thanks to George Kadianakis [email protected] for discovering this issue and Adam Langley for preparing the fix. [CVE-2011-4619][]

    Adam Langley (Google)

    • Check parameters are not NULL in GOST ENGINE. [CVE-2012-0027][]

    Andrey Kulikov [email protected]

    • Prevent malformed RFC3779 data triggering an assertion failure. Thanks to Andrew Chi, BBN Technologies, for discovering the flaw and Rob Austein [email protected] for fixing it. [CVE-2011-4577][]

    Rob Austein [email protected]

    • Improved PRNG seeding for VOS.

    Paul Green [email protected]

    • Fix ssl_ciph.c set-up race.

    Adam Langley (Google)

    • Fix spurious failures in ecdsatest.c.

    Emilia Käsper (Google)

    • Fix the BIO_f_buffer() implementation (which was mixing different interpretations of the '..._len' fields).

    Adam Langley (Google)

    • Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent threads won't reuse the same blinding coefficients.

    This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING lock to call BN_BLINDING_invert_ex, and avoids one use of BN_BLINDING_update for each BN_BLINDING structure (previously, the last update always remained unused).

    Emilia Käsper (Google)

    • In ssl3_clear, preserve s3->init_extra along with s3->rbuf.

    Bob Buckholz (Google)