[This is my second attempt to send this email; the first one never appeared in
RT or in the openssl-dev archive ]

This bug report applies to 0.9.7k and 0.9.8c (it involves the security
fix that caused those releases).

I think that the recent fix for CVE-2006-4339 contains a bug in the
change to rsa_eay.c. That fix added a stricter padding check to rsa_eay.c.
The problem is that when this new padding check determines that there
is an error, it goes to the "err" label with a positive value in "r" (which
is used for the return value). "r" should be explicitly set to a negative
value before this goto (because the public decrypt API is supposed to return
a negative number on failure).

-Ivan Nestlerode

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org