git.openssl.org Git - openssl.git/commit

author	Dr. Stephen Henson <steve@openssl.org>
	Mon, 12 Mar 2012 16:27:50 +0000 (16:27 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Mon, 12 Mar 2012 16:27:50 +0000 (16:27 +0000)
commit	8186c00ef3202731b7be9ecadb25d34753d916b1
tree	261d8534e47c097060ecb40b3be9d125f088d5ea	tree \| snapshot
parent	c0b31ccb87679783c355616aa7c6c6e97eeb9c5d	commit \| diff

Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom

crypto/cms/cms.h		diff \| blob \| history
crypto/cms/cms_enc.c		diff \| blob \| history
crypto/cms/cms_env.c		diff \| blob \| history
crypto/cms/cms_lcl.h		diff \| blob \| history
crypto/cms/cms_smime.c		diff \| blob \| history
crypto/pkcs7/pk7_doit.c		diff \| blob \| history