diff options
author | Hubert Kario <hkario@redhat.com> | 2022-12-09 20:43:22 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-12-12 11:30:52 +0100 |
commit | c3aed7e4e6f1960eaa43ecbea2178b82481887af (patch) | |
tree | d1d759d993156f1c262cf6e4d5c9e93a1877386b | |
parent | 056dade341d2589975a3aae71f81c8d7061583c7 (diff) |
rsa: add implicit rejection CHANGES entry
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13817)
-rw-r--r-- | CHANGES.md | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index 5a2692cee7..bf27b69fac 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -192,6 +192,18 @@ OpenSSL 3.2 *Maxim Mikityanskiy* + * Added and enabled by default implicit rejection in RSA PKCS#1 v1.5 + decryption as a protection against Bleichenbacher-like attacks. + The RSA decryption API will now return a randomly generated deterministic + message instead of an error in case it detects an error when checking + padding during PKCS#1 v1.5 decryption. This is a general protection against + issues like CVE-2020-25659 and CVE-2020-25657. This protection can be + disabled by calling + `EVP_PKEY_CTX_ctrl_str(ctx, "rsa_pkcs1_implicit_rejection". "0")` + on the RSA decryption context. + + *Hubert Kario* + OpenSSL 3.1 ----------- |