version 1.89, 2021/10/08 16:31:36 |
version 1.90, 2023/04/09 07:14:45 |
|
|
<li>Bug Fixes |
<li>Bug Fixes |
<ul> |
<ul> |
<li>Fix an off-by-one in the CBC padding removal. |
<li>Fix an off-by-one in the CBC padding removal. |
<li>Enforce in the TLSv1.3 server that that ClientHello messages after a HelloRetryRequest match the original ClientHello as per RFC 8446 section 4.1.2 |
<li>Enforce in the TLSv1.3 server that ClientHello messages after a HelloRetryRequest match the original ClientHello as per RFC 8446 section 4.1.2 |
<li>Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes. |
<li>Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes. |
<li>Correct use of sockaddr_storage instead of sockaddr in openssl(1) s_client, which could lead to using 14 bytes of stack garbage instead of an IPv6 address in DTLS mode. |
<li>Correct use of sockaddr_storage instead of sockaddr in openssl(1) s_client, which could lead to using 14 bytes of stack garbage instead of an IPv6 address in DTLS mode. |
<li>Fix a longstanding bug in <a href="https://man.openbsd.org/PEM_X509_INFO_read_bio">PEM_X509_INFO_read_bio(3)</a> that could cause use-after-free and double-free issues in calling programs. |
<li>Fix a longstanding bug in <a href="https://man.openbsd.org/PEM_X509_INFO_read_bio">PEM_X509_INFO_read_bio(3)</a> that could cause use-after-free and double-free issues in calling programs. |