* SECURITY UPDATE: Implicit rejection for RSA PKCS#1 (LP: #2054090)
- debian/patches/openssl-pkcs1-implicit-rejection.patch:
Return deterministic random output instead of an error in case
there is a padding error in crypto/cms/cms_env.c,
crypto/evp/ctrl_params_translate.c, crypto/pkcs7/pk7_doit.c,
crypto/rsa/rsa_ossl.c, crypto/rsa/rsa_pk1.c,
crypto/rsa/rsa_pmeth.c, doc/man1/openssl-pkeyutl.pod.in,
doc/man1/openssl-rsautl.pod.in, doc/man3/EVP_PKEY_CTX_ctrl.pod,
doc/man3/EVP_PKEY_decrypt.pod,
doc/man3/RSA_padding_add_PKCS1_type_1.pod,
doc/man3/RSA_public_encrypt.pod, doc/man7/provider-asym_cipher.pod,
include/crypto/rsa.h, include/openssl/core_names.h,
include/openssl/rsa.h,
providers/implementations/asymciphers/rsa_enc.c and
test/recipes/30-test_evp_data/evppkey_rsa_common.txt.
-- David Fernandez Gonzalez <email address hidden> Tue, 14 May 2024 11:06:27 +0200
This bug was fixed in the package openssl - 3.0.13-0ubuntu3.1
---------------
openssl (3.0.13-0ubuntu3.1) noble-security; urgency=medium
* SECURITY UPDATE: Implicit rejection for RSA PKCS#1 (LP: #2054090) patches/ openssl- pkcs1-implicit- rejection. patch: cms/cms_ env.c, evp/ctrl_ params_ translate. c, crypto/ pkcs7/pk7_ doit.c, rsa/rsa_ ossl.c, crypto/ rsa/rsa_ pk1.c, rsa/rsa_ pmeth.c, doc/man1/ openssl- pkeyutl. pod.in, man1/openssl- rsautl. pod.in, doc/man3/ EVP_PKEY_ CTX_ctrl. pod, man3/EVP_ PKEY_decrypt. pod, man3/RSA_ padding_ add_PKCS1_ type_1. pod, man3/RSA_ public_ encrypt. pod, doc/man7/ provider- asym_cipher. pod, crypto/ rsa.h, include/ openssl/ core_names. h, openssl/ rsa.h, /implementation s/asymciphers/ rsa_enc. c and recipes/ 30-test_ evp_data/ evppkey_ rsa_common. txt.
- debian/
Return deterministic random output instead of an error in case
there is a padding error in crypto/
crypto/
crypto/
crypto/
doc/
doc/
doc/
doc/
include/
include/
providers
test/
-- David Fernandez Gonzalez <email address hidden> Tue, 14 May 2024 11:06:27 +0200