Add additional DigestInfo checks.

Reencode DigestInto in DER and check against the original: this will reject any improperly encoded DigestInfo structures. Note: this is a precautionary measure, there is no known attack which can exploit this. Thanks to Brian Smith for reporting this issue. Reviewed-by: Tim Hudson <tjh@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2014-09-25 23:28:48 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2014-09-29 12:01:05 +0100
commit: 1cfd255c9123cdb4637cc9a65c6665fe4a06c6d5 (patch)
tree: 86e26adccb01a6f970de107123649ea51c055d91 /CHANGES
parent: 3d81ec5b92e1141762eb72caf2aeb9b2cd019a78 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 845b6be560..19c9f9c519 100644
--- a/CHANGES
+++ b/CHANGES
@@ -627,6 +627,16 @@
 
  Changes between 1.0.1g and 1.0.1h [5 Jun 2014]
 
+  *) Add additional DigestInfo checks.
+ 
+     Reencode DigestInto in DER and check against the original: this
+     will reject any improperly encoded DigestInfo structures.
+
+     Note: this is a precautionary measure OpenSSL and no attacks
+     are currently known.
+
+     [Steve Henson]
+
   *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
      handshake can force the use of weak keying material in OpenSSL
      SSL/TLS clients and servers.
author	Dr. Stephen Henson <steve@openssl.org>	2014-09-25 23:28:48 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2014-09-29 12:01:05 +0100
commit	1cfd255c9123cdb4637cc9a65c6665fe4a06c6d5 (patch)
tree	86e26adccb01a6f970de107123649ea51c055d91 /CHANGES
parent	3d81ec5b92e1141762eb72caf2aeb9b2cd019a78 (diff)