Skip to content

Commit

Permalink
rsa: add implicit rejection CHANGES entry
Browse files Browse the repository at this point in the history 
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #13817)
  • Loading branch information
@tomato42 @t8m
tomato42 authored and t8m committed Dec 12, 2022
1 parent 056dade commit c3aed7e
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions CHANGES.md
View file
Expand Up @@ -192,6 +192,18 @@ OpenSSL 3.2

*Maxim Mikityanskiy*

* Added and enabled by default implicit rejection in RSA PKCS#1 v1.5
decryption as a protection against Bleichenbacher-like attacks.
The RSA decryption API will now return a randomly generated deterministic
message instead of an error in case it detects an error when checking
padding during PKCS#1 v1.5 decryption. This is a general protection against
issues like CVE-2020-25659 and CVE-2020-25657. This protection can be
disabled by calling
`EVP_PKEY_CTX_ctrl_str(ctx, "rsa_pkcs1_implicit_rejection". "0")`
on the RSA decryption context.

*Hubert Kario*

OpenSSL 3.1
-----------

Expand Down

0 comments on commit c3aed7e

Please sign in to comment.