rsa: add implicit rejection CHANGES entry

author Hubert Kario <hkario@redhat.com>

Fri, 9 Dec 2022 19:43:22 +0000 (20:43 +0100)

committer Tomas Mraz <tomas@openssl.org>

Mon, 12 Dec 2022 10:30:52 +0000 (11:30 +0100)
author Hubert Kario <hkario@redhat.com>
Fri, 9 Dec 2022 19:43:22 +0000 (20:43 +0100)
committer Tomas Mraz <tomas@openssl.org>
Mon, 12 Dec 2022 10:30:52 +0000 (11:30 +0100)
diff --git a/CHANGES.md b/CHANGES.md

index 5a2692cee79a4f17ab237c0bf77327d5d51b5de5..bf27b69fac2086e22303b1562fe1e706d8f35c63 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -192,6 +192,18 @@ OpenSSL 3.2
  
     *Maxim Mikityanskiy*
  
+ * Added and enabled by default implicit rejection in RSA PKCS#1 v1.5
+   decryption as a protection against Bleichenbacher-like attacks.
+   The RSA decryption API will now return a randomly generated deterministic
+   message instead of an error in case it detects an error when checking
+   padding during PKCS#1 v1.5 decryption. This is a general protection against
+   issues like CVE-2020-25659 and CVE-2020-25657. This protection can be
+   disabled by calling
+   `EVP_PKEY_CTX_ctrl_str(ctx, "rsa_pkcs1_implicit_rejection". "0")`
+   on the RSA decryption context.
+
+   *Hubert Kario*
+
  OpenSSL 3.1
  -----------
author	Hubert Kario <hkario@redhat.com>
	Fri, 9 Dec 2022 19:43:22 +0000 (20:43 +0100)
committer	Tomas Mraz <tomas@openssl.org>
	Mon, 12 Dec 2022 10:30:52 +0000 (11:30 +0100)