improve OAEP check

author: Bodo Möller <bodo@openssl.org> 2001-09-06 10:42:56 +0000
committer: Bodo Möller <bodo@openssl.org> 2001-09-06 10:42:56 +0000
commit: a9ed4da8eb6af03d551c68b4b9ec1c47e16fed19 (patch)
tree: 744d8220ea31be43e7d4a0ac487d8fb92575acfb /CHANGES
parent: e1a4814cd4805b5c80cb6ea5adc3e888bb447e0d (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index a1294c5ace..b7a3b12485 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,11 +12,18 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
+     'wristwatch attack' using huge encoding parameters (cf.
+     James H. Manger's CRYPTO 2001 paper).  Note that the
+     RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
+     encoding paramters and hence was not vulnerable.
+     [Bodo Moeller]
+
   +) Add a "destroy" handler to ENGINEs that allows structural cleanup to
      be done prior to destruction. Use this to unload error strings from
      ENGINEs that load their own error strings. NB: This adds two new API
      functions to "get" and "set" this destroy handler in an ENGINE.
-     [Geoff]
+     [Geoff Thorpe]
 
   +) Alter all existing ENGINE implementations (except "openssl" and
      "openbsd") to dynamically instantiate their own error strings. This
author	Bodo Möller <bodo@openssl.org>	2001-09-06 10:42:56 +0000
committer	Bodo Möller <bodo@openssl.org>	2001-09-06 10:42:56 +0000
commit	a9ed4da8eb6af03d551c68b4b9ec1c47e16fed19 (patch)
tree	744d8220ea31be43e7d4a0ac487d8fb92575acfb /CHANGES
parent	e1a4814cd4805b5c80cb6ea5adc3e888bb447e0d (diff)