projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ad3d952) | patch
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
authorDr. Stephen Henson <steve@openssl.org>
Mon, 12 Mar 2012 14:22:59 +0000 (14:22 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 12 Mar 2012 14:22:59 +0000 (14:22 +0000)
commit6a0a48433b3ad29027a3f2315a5a0e119b96ddc4
treeb7ccd62e77606e8fbd7fae0a4028af8f7effbc30tree | snapshot
parentad3d95222d94918cfe7e7f27b40a07b18af871a5commit | diff
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
CHANGES diff | blob | history
crypto/cms/cms.h diff | blob | history
crypto/cms/cms_enc.c diff | blob | history
crypto/cms/cms_env.c diff | blob | history
crypto/cms/cms_lcl.h diff | blob | history
crypto/cms/cms_smime.c diff | blob | history
crypto/pkcs7/pk7_doit.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.