rsa: add implicit rejection CHANGES entry

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13817)
author: Hubert Kario <hkario@redhat.com> 2022-12-09 20:43:22 +0100
committer: Tomas Mraz <tomas@openssl.org> 2022-12-12 11:30:52 +0100
commit: c3aed7e4e6f1960eaa43ecbea2178b82481887af (patch)
tree: d1d759d993156f1c262cf6e4d5c9e93a1877386b /CHANGES.md
parent: 056dade341d2589975a3aae71f81c8d7061583c7 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 5a2692cee7..bf27b69fac 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -192,6 +192,18 @@ OpenSSL 3.2
 
    *Maxim Mikityanskiy*
 
+ * Added and enabled by default implicit rejection in RSA PKCS#1 v1.5
+   decryption as a protection against Bleichenbacher-like attacks.
+   The RSA decryption API will now return a randomly generated deterministic
+   message instead of an error in case it detects an error when checking
+   padding during PKCS#1 v1.5 decryption. This is a general protection against
+   issues like CVE-2020-25659 and CVE-2020-25657. This protection can be
+   disabled by calling
+   `EVP_PKEY_CTX_ctrl_str(ctx, "rsa_pkcs1_implicit_rejection". "0")`
+   on the RSA decryption context.
+
+   *Hubert Kario*
+
 OpenSSL 3.1
 -----------
author	Hubert Kario <hkario@redhat.com>	2022-12-09 20:43:22 +0100
committer	Tomas Mraz <tomas@openssl.org>	2022-12-12 11:30:52 +0100
commit	c3aed7e4e6f1960eaa43ecbea2178b82481887af (patch)
tree	d1d759d993156f1c262cf6e4d5c9e93a1877386b /CHANGES.md
parent	056dade341d2589975a3aae71f81c8d7061583c7 (diff)