diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-09-25 23:28:48 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-09-29 12:22:32 +0100 |
commit | 55614f89f0beb53ebafbfc680cf7b4d114b44d30 (patch) | |
tree | 63273f30d99ba3756745058bd12e6a206f035ec2 /CHANGES | |
parent | b1620443f3784fa11ae3018361b4fe547dc926bb (diff) |
Add additional DigestInfo checks.
Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.
Note: this is a precautionary measure, there is no known attack
which can exploit this.
Thanks to Brian Smith for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -4,7 +4,15 @@ Changes between 1.0.1i and 1.0.1j [xx XXX xxxx] - *) + *) Add additional DigestInfo checks. + + Reencode DigestInto in DER and check against the original when + verifying RSA signature: this will reject any improperly encoded + DigestInfo structures. + + Note: this is a precautionary measure and no attacks are currently known. + + [Steve Henson] Changes between 1.0.1h and 1.0.1i [6 Aug 2014] |