-
Notifications
You must be signed in to change notification settings - Fork 19.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [30 Jan 2024]
* Fixed PKCS12 Decoding crashes
([CVE-2024-0727])
* Fixed Excessive time spent checking invalid RSA public keys
([CVE-2023-6237])
* Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
CPUs which support PowerISA 2.07
([CVE-2023-6129])
* Fix excessive time spent in DH check / generation with large Q parameter
value ([CVE-2023-5678])
Signed-off-by: Ivan Pavlov <[email protected]>- Loading branch information
1 parent
9ccbfda
commit 64f24a2
Showing
3 changed files
with
6 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -10,7 +10,7 @@ Signed-off-by: Eneas U de Queiroz <[email protected]> | |
|
|
||
| --- a/Configure | ||
| +++ b/Configure | ||
| @@ -1674,7 +1674,9 @@ $config{CFLAGS} = [ map { $_ eq '--ossl- | ||
| @@ -1677,7 +1677,9 @@ $config{CFLAGS} = [ map { $_ eq '--ossl- | ||
|
|
||
| unless ($disabled{afalgeng}) { | ||
| $config{afalgeng}=""; | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -16,7 +16,7 @@ Signed-off-by: Eneas U de Queiroz <[email protected]> | |
|
|
||
| --- a/ssl/ssl_ciph.c | ||
| +++ b/ssl/ssl_ciph.c | ||
| @@ -1505,11 +1505,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ | ||
| @@ -1506,11 +1506,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ | ||
| ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, | ||
| &tail); | ||
|
|
||
|
|
@@ -46,7 +46,7 @@ Signed-off-by: Eneas U de Queiroz <[email protected]> | |
|
|
||
| /* | ||
| * ...and generally, our preferred cipher is AES. | ||
| @@ -1564,7 +1582,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ | ||
| @@ -1565,7 +1583,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ | ||
| * Within each group, ciphers remain sorted by strength and previous | ||
| * preference, i.e., | ||
| * 1) ECDHE > DHE | ||
|
|
@@ -55,7 +55,7 @@ Signed-off-by: Eneas U de Queiroz <[email protected]> | |
| * 3) AES > rest | ||
| * 4) TLS 1.2 > legacy | ||
| * | ||
| @@ -2235,7 +2253,13 @@ const char *OSSL_default_cipher_list(voi | ||
| @@ -2236,7 +2254,13 @@ const char *OSSL_default_cipher_list(voi | ||
| */ | ||
| const char *OSSL_default_ciphersuites(void) | ||
| { | ||
|
|
||