Fix OAEP key size check during encoding, and an array over-read when

decoding a message that was so large we decided it was invalid and truncated it.
author: lloyd <[email protected]> 2013-12-06 21:14:55 +0000
committer: lloyd <[email protected]> 2013-12-06 21:14:55 +0000
commit: c29e711dcebbfeeed813bd211d0090a2f00e4b38 (patch)
tree: f41066a2f63c7ca99438f4bb711a0c2117d4e64c /doc/relnotes
parent: 37609eba0f730fdcb0daf84d5f9c239b27fb010c (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/relnotes/1_11_6.rst b/doc/relnotes/1_11_6.rst
index b51339791..79b2dca2e 100644
--- a/doc/relnotes/1_11_6.rst
+++ b/doc/relnotes/1_11_6.rst
@@ -1,6 +1,11 @@
 Version 1.11.6, Not Yet Released
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
+* OAEP had two bugs, one of which allowed it to be used even if the
+  key was too small, and the other of which would cause a crash during
+  decoding if the input was too large to have been created for the
+  associated key.
+
  * Botan now requires Boost, specifically the filesystem and asio libraries.
 
  * The default TLS policy no longer includes RC4 in the cipher list.
author	lloyd <[email protected]>	2013-12-06 21:14:55 +0000
committer	lloyd <[email protected]>	2013-12-06 21:14:55 +0000
commit	c29e711dcebbfeeed813bd211d0090a2f00e4b38 (patch)
tree	f41066a2f63c7ca99438f4bb711a0c2117d4e64c /doc/relnotes
parent	37609eba0f730fdcb0daf84d5f9c239b27fb010c (diff)