RT4148

Accept leading 0-byte in PKCS1 type 1 padding. Internally, the byte is stripped by BN_bn2bin but external callers may have other expectations. Reviewed-by: Kurt Roeckx<kurt@openssl.org>
author: Emilia Kasper <emilia@openssl.org> 2016-02-02 18:03:33 +0100
committer: Emilia Kasper <emilia@openssl.org> 2016-02-03 18:30:23 +0100
commit: ba2de73b185016e0a98e62f75b368ab6ae673919 (patch)
tree: 184eac5977e27c31f7cfbe1e3905ffd080f46f4d /CHANGES
parent: 20a5819f135cf55716cf4bea65deb24569016c9b (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index d0d3a2629a..fc5b8cb0a7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 1.0.2f and 1.1.0  [xx XXX xxxx]
 
+  *) RSA_padding_check_PKCS1_type_1 now accepts inputs with and without
+     the leading 0-byte.
+     [Emilia Käsper]
+
   *) CRIME protection: disable compression by default, even if OpenSSL is
      compiled with zlib enabled. Applications can still enable compression
      by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by
author	Emilia Kasper <emilia@openssl.org>	2016-02-02 18:03:33 +0100
committer	Emilia Kasper <emilia@openssl.org>	2016-02-03 18:30:23 +0100
commit	ba2de73b185016e0a98e62f75b368ab6ae673919 (patch)
tree	184eac5977e27c31f7cfbe1e3905ffd080f46f4d /CHANGES
parent	20a5819f135cf55716cf4bea65deb24569016c9b (diff)