projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 13747c6) | patch
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
authorDr. Stephen Henson <steve@openssl.org>
Mon, 12 Mar 2012 16:31:39 +0000 (16:31 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 12 Mar 2012 16:31:39 +0000 (16:31 +0000)
commit146b52edd122f55e2b2bfeb486dae8dbe96f739e
treeb097163337fabe71cc7d2861c4ae7c91f3babc98tree | snapshot
parent13747c6fdabbba33cb187a133548b73d41ae282dcommit | diff
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
crypto/cms/cms.h diff | blob | history
crypto/cms/cms_enc.c diff | blob | history
crypto/cms/cms_env.c diff | blob | history
crypto/cms/cms_lcl.h diff | blob | history
crypto/cms/cms_smime.c diff | blob | history
crypto/pkcs7/pk7_doit.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.