Dr. Stephen Henson
4f2fc3c2dd
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
...
continue with symmetric decryption process to avoid leaking timing
information to an attacker.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
2012-03-12 14:51:45 +00:00
Dr. Stephen Henson
188abf7e2a
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
...
Approved by: steve@openssl.org
Check return code properly in CMS_SignerInfo_verify_content().
2009-03-25 10:40:32 +00:00
Dr. Stephen Henson
07dd3bfcd4
Oops.
2009-03-15 14:03:29 +00:00
Dr. Stephen Henson
37afdc953e
Don't force S/MIME signing purpose: allow it to be overridden by store
...
settings.
Don't set default values in X509_VERIFY_PARAM_new(): it stops parameters
being inherited properly.
2009-03-15 13:36:01 +00:00
Dr. Stephen Henson
14d4074ee1
Update from HEAD.
2008-11-21 18:18:28 +00:00
Dr. Stephen Henson
405f382144
Fix from HEAD.
2008-08-05 15:56:11 +00:00
Dr. Stephen Henson
d140890259
Update from HEAD.
2008-04-18 11:19:56 +00:00
Dr. Stephen Henson
501af5ba89
Update from HEAD.
2008-04-12 10:15:33 +00:00
Dr. Stephen Henson
b983322bfb
Revert change from HEAD.
2008-04-11 23:23:57 +00:00
Dr. Stephen Henson
339654e163
Fix from HEAD.
2008-04-11 17:34:42 +00:00
Dr. Stephen Henson
173acc185c
Fix from HEAD.
2008-04-07 11:01:43 +00:00
Dr. Stephen Henson
94b2c29f9d
Backport of CMS code to 0.9.8-stable branch. Disabled by default.
2008-04-03 23:03:56 +00:00