Diffstat (limited to 'CHANGES')
1 files changed, 20 insertions, 2 deletions
@@ -7,6 +7,21 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
+ Changes between 1.0.2n and 1.0.2o [27 Mar 2018]
+ *) Constructed ASN.1 types with a recursive definition could exceed the stack
+ Constructed ASN.1 types with a recursive definition (such as can be found
+ in PKCS7) could eventually exceed the stack given malicious input with
+ excessive recursion. This could result in a Denial Of Service attack. There
+ are no such structures used within SSL/TLS that come from untrusted sources
+ so this is considered safe.
+ This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
+ [Matt Caswell]
Changes between 1.0.2m and 1.0.2n [7 Dec 2017]
*) Read/write after SSL object in error state
@@ -2012,8 +2027,11 @@
to work with OPENSSL_NO_SSL_INTERN defined.
- *) Add SRP support.
- [Tom Wu <email@example.com> and Ben Laurie]
+ *) A long standing patch to add support for SRP from EdelWeb (Peter
+ Sylvester and Christophe Renou) was integrated.
+ [Christophe Renou <firstname.lastname@example.org>, Peter Sylvester
+ <email@example.com>, Tom Wu <firstname.lastname@example.org>, and
+ Ben Laurie]
*) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.