Skip to content
Commit 8186c00e authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and

continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
parent c0b31ccb
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment