From: Hubert Kario <hkario@redhat.com>
Date: Fri, 9 Dec 2022 19:43:22 +0000 (+0100)
Subject: rsa: add implicit rejection CHANGES entry
X-Git-Tag: openssl-3.2.0-alpha1~1596
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c3aed7e4e6f1960eaa43ecbea2178b82481887af;p=thirdparty%2Fopenssl.git

rsa: add implicit rejection CHANGES entry

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13817)
---

diff --git a/CHANGES.md b/CHANGES.md
index 5a2692cee79..bf27b69fac2 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -192,6 +192,18 @@ OpenSSL 3.2
 
    *Maxim Mikityanskiy*
 
+ * Added and enabled by default implicit rejection in RSA PKCS#1 v1.5
+   decryption as a protection against Bleichenbacher-like attacks.
+   The RSA decryption API will now return a randomly generated deterministic
+   message instead of an error in case it detects an error when checking
+   padding during PKCS#1 v1.5 decryption. This is a general protection against
+   issues like CVE-2020-25659 and CVE-2020-25657. This protection can be
+   disabled by calling
+   `EVP_PKEY_CTX_ctrl_str(ctx, "rsa_pkcs1_implicit_rejection". "0")`
+   on the RSA decryption context.
+
+   *Hubert Kario*
+
 OpenSSL 3.1
 -----------