diff options
author | Matt Caswell <matt@openssl.org> | 2018-05-17 14:53:07 +0300 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-05-24 19:26:03 +0300 |
commit | a0abb6a10f4c5fc6dd20c487aa0db085fbfb3562 (patch) | |
tree | 711cca97bea1c2b1a25d66496c246e1592332282 /CHANGES | |
parent | 07824f304a220ea09ec369bad60f4fcfd01d5d14 (diff) |
Add a sanity check on the length of pkeyutl inputs
When signing or verifying a file using pkeyutl the input is supposed to
be a hash. Some algorithms sanity check the length of the input, while
others don't and silently truncate. To avoid accidents we check that the
length of the input looks sane.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6284)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -8,6 +8,10 @@ release branch. Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) Enforce checking in the pkeyutl command line app to ensure that the input + length does not exceed the maximum supported digest length when performing + a sign, verify or verifyrecover operation. + [Matt Caswell] *) SSL_MODE_AUTO_RETRY is enabled by default. Applications that use blocking I/O in combination with something like select() or poll() will hang. This |