projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 48819f4) | patch
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
authorDr. Stephen Henson <steve@openssl.org>
Mon, 12 Mar 2012 14:51:45 +0000 (14:51 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 12 Mar 2012 14:51:45 +0000 (14:51 +0000)
commit4f2fc3c2ddf6289daf9fc1d57e48a0f6ec4e772a
treed363d0d0d7a1648958e9cba47a0895deeee166e5tree | snapshot
parent48819f4d545a16fbfd45a0eb22fb93e08a3a6096commit | diff
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
CHANGES diff | blob | history
apps/cms.c diff | blob | history
crypto/cms/cms.h diff | blob | history
crypto/cms/cms_enc.c diff | blob | history
crypto/cms/cms_env.c diff | blob | history
crypto/cms/cms_lcl.h diff | blob | history
crypto/cms/cms_smime.c diff | blob | history
crypto/pkcs7/pk7_doit.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.