Subject: CVS commit: src/crypto/dist/openssl/crypto/rsa
To: None <source-changes@NetBSD.org>
From: Christos Zoulas <christos@netbsd.org>
List: source-changes
Date: 09/05/2006 12:24:08
Module Name:	src
Committed By:	christos
Date:		Tue Sep  5 12:24:08 UTC 2006

Modified Files:
	src/crypto/dist/openssl/crypto/rsa: rsa.h rsa_eay.c rsa_err.c
	    rsa_sign.c

Log Message:
Apply patch-CVE-2006-4339.txt

Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5
signatures. If an RSA key with exponent 3 is used it may be possible
to forge a PKCS #1 v1.5 signature signed by that key. Implementations
may incorrectly verify the certificate if they are not checking for
excess data in the RSA exponentiation result of the signature.

Since there are CAs using exponent 3 in wide use, and PKCS #1 v1.5 is
used in X.509 certificates, all software that uses OpenSSL to verify
X.509 certificates is potentially vulnerable, as well as any other use
of PKCS #1 v1.5. This includes software that uses OpenSSL for SSL or
TLS.


To generate a diff of this commit:
cvs rdiff -r1.9 -r1.10 src/crypto/dist/openssl/crypto/rsa/rsa.h
cvs rdiff -r1.6 -r1.7 src/crypto/dist/openssl/crypto/rsa/rsa_eay.c
cvs rdiff -r1.1.1.6 -r1.2 src/crypto/dist/openssl/crypto/rsa/rsa_err.c \
    src/crypto/dist/openssl/crypto/rsa/rsa_sign.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.