projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b717b08) | patch
Reject invalid PSS parameters.
authorDr. Stephen Henson <steve@openssl.org>
Mon, 9 Mar 2015 23:16:33 +0000 (23:16 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 19 Mar 2015 12:58:35 +0000 (12:58 +0000)
commit4b22cce3812052fe64fc3f6d58d8cc884e3cb834
treebd8bc185d36ee0ed6a31e5750faa5e9b3fdba571tree | snapshot
parentb717b083073b6cacc0a5e2397b661678aff7ae7fcommit | diff
Reject invalid PSS parameters.

Fix a bug where invalid PSS parameters are not rejected resulting in a
NULL pointer exception. This can be triggered during certificate
verification so could be a DoS attack against a client or a server
enabling client authentication.

Thanks to Brian Carpenter for reporting this issues.

CVE-2015-0208

Reviewed-by: Tim Hudson <tjh@openssl.org>
crypto/rsa/rsa_ameth.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.