diff options
| author | steve <steve> | 2012-03-12 16:31:39 +0000 |
|---|---|---|
| committer | steve <steve> | 2012-03-12 16:31:39 +0000 |
| commit | cff3258dc810607224f155da353dd6a7e2695a64 (patch) | |
| tree | 523f420ac2da43590816503b81e6ebb58339776e /crypto/cms/cms_lcl.h | |
| parent | 03f0dbc8fded9cfcf8d954fd258eecb48bfd79f1 (diff) | |
| download | openssl-cff3258dc810607224f155da353dd6a7e2695a64.tar.gz | |
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
continue with symmetric decryption process to avoid leaking timing
information to an attacker.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
Diffstat (limited to 'crypto/cms/cms_lcl.h')
| -rw-r--r-- | crypto/cms/cms_lcl.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h index 0839ed673..d5a70b466 100644 --- a/crypto/cms/cms_lcl.h +++ b/crypto/cms/cms_lcl.h @@ -175,6 +175,8 @@ struct CMS_EncryptedContentInfo_st const EVP_CIPHER *cipher; unsigned char *key; size_t keylen; + /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ + int debug; }; struct CMS_RecipientInfo_st |