projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c0b31cc) | patch
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
authorDr. Stephen Henson <steve@openssl.org>
Mon, 12 Mar 2012 16:27:50 +0000 (16:27 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 12 Mar 2012 16:27:50 +0000 (16:27 +0000)
commit8186c00ef3202731b7be9ecadb25d34753d916b1
tree261d8534e47c097060ecb40b3be9d125f088d5eatree | snapshot
parentc0b31ccb87679783c355616aa7c6c6e97eeb9c5dcommit | diff
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
crypto/cms/cms.h diff | blob | history
crypto/cms/cms_enc.c diff | blob | history
crypto/cms/cms_env.c diff | blob | history
crypto/cms/cms_lcl.h diff | blob | history
crypto/cms/cms_smime.c diff | blob | history
crypto/pkcs7/pk7_doit.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.