Fix two invalid memory reads in RSA OAEP mode.

Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com> Reviewed by: steve
author: Dr. Stephen Henson <steve@openssl.org> 2008-05-19 21:33:55 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2008-05-19 21:33:55 +0000
commit: 94fd382f8b4abdc3e65e5be584b76c2b37017d7a (patch)
tree: 53e8a78208541e7dfad6e21d7859b367c3122c05 /CHANGES
parent: 4bd4afa34e4c67279edee29c93b03bd7ed144d88 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 2f26937ebd..b2b82024ad 100644
--- a/CHANGES
+++ b/CHANGES
@@ -685,6 +685,14 @@
      [NTT]
 
  Changes between 0.9.8g and 0.9.8h  [xx XXX xxxx]
+
+  *) RSA OAEP patches to fix two separate invalid memory reads.
+     The first one involves inputs when 'lzero' is greater than
+     'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes
+     before the beginning of from). The second one involves inputs where
+     the 'db' section contains nothing but zeroes (there is a one-byte
+     invalid read after the end of 'db').
+     [Ivan Nesterlode <inestlerode@us.ibm.com>]
   
   *) Add TLS session ticket callback. This allows an application to set
      TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed
author	Dr. Stephen Henson <steve@openssl.org>	2008-05-19 21:33:55 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2008-05-19 21:33:55 +0000
commit	94fd382f8b4abdc3e65e5be584b76c2b37017d7a (patch)
tree	53e8a78208541e7dfad6e21d7859b367c3122c05 /CHANGES
parent	4bd4afa34e4c67279edee29c93b03bd7ed144d88 (diff)