improve OAEP check

commit: a9ed4da8eb6af03d551c68b4b9ec1c47e16fed19 [log] [tgz]
author: Bodo Möller <bodo@openssl.org> Thu Sep 06 10:42:56 2001 +0000
committer: Bodo Möller <bodo@openssl.org> Thu Sep 06 10:42:56 2001 +0000
tree: 744d8220ea31be43e7d4a0ac487d8fb92575acfb
parent: e1a4814cd4805b5c80cb6ea5adc3e888bb447e0d [diff] [blame]
diff --git a/CHANGES b/CHANGES
index a1294c5..b7a3b12 100644
--- a/CHANGES
+++ b/CHANGES

@@ -12,11 +12,18 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
+     'wristwatch attack' using huge encoding parameters (cf.
+     James H. Manger's CRYPTO 2001 paper).  Note that the
+     RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
+     encoding paramters and hence was not vulnerable.
+     [Bodo Moeller]
+
   +) Add a "destroy" handler to ENGINEs that allows structural cleanup to
      be done prior to destruction. Use this to unload error strings from
      ENGINEs that load their own error strings. NB: This adds two new API
      functions to "get" and "set" this destroy handler in an ENGINE.
-     [Geoff]
+     [Geoff Thorpe]
 
   +) Alter all existing ENGINE implementations (except "openssl" and
      "openbsd") to dynamically instantiate their own error strings. This
commit	a9ed4da8eb6af03d551c68b4b9ec1c47e16fed19	[log] [tgz]
author	Bodo Möller <bodo@openssl.org>	Thu Sep 06 10:42:56 2001 +0000
committer	Bodo Möller <bodo@openssl.org>	Thu Sep 06 10:42:56 2001 +0000
tree	744d8220ea31be43e7d4a0ac487d8fb92575acfb
parent	e1a4814cd4805b5c80cb6ea5adc3e888bb447e0d [diff] [blame]