Changes between 1.0.2s and 1.0.2t [xx XXX xxxx]
+ *) Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt(). In situations
+ where an attacker receives automated notification of the success or failure
+ of a decryption attempt an attacker, after sending a very large number of
+ messages to be decrypted, can recover a CMS/PKCS7 transported encryption
+ key or decrypt any RSA encrypted message that was encrypted with the public
+ RSA key, using a Bleichenbacher padding oracle attack. Applications are not
+ affected if they use a certificate together with the private RSA key to the
+ CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info
+ to decrypt.
+ (CVE-2019-1563)
+ [Bernd Edlinger]
+
*) For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters, when loading a serialized key
or calling `EC_GROUP_new_from_ecpkparameters()`/
Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2t [under development]
- o
+ o Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt()
+ (CVE-2019-1563)
+ o For built-in EC curves, ensure an EC_GROUP built from the curve name is
+ used even when parsing explicit parameters
+ o Compute ECC cofactors if not provided during EC_GROUP construction
+ (CVE-2019-1547)
+ o Document issue with installation paths in diverse Windows builds
+ (CVE-2019-1552)
Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019]
projects / oweals / openssl.git / commitdiff