Commit graph

12 commits

Author SHA1 Message Date
Dr. Stephen Henson
4f2fc3c2dd Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
2012-03-12 14:51:45 +00:00
Dr. Stephen Henson
188abf7e2a Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Approved by: steve@openssl.org

Check return code properly in CMS_SignerInfo_verify_content().
2009-03-25 10:40:32 +00:00
Dr. Stephen Henson
07dd3bfcd4 Oops. 2009-03-15 14:03:29 +00:00
Dr. Stephen Henson
37afdc953e Don't force S/MIME signing purpose: allow it to be overridden by store
settings.

Don't set default values in X509_VERIFY_PARAM_new(): it stops parameters
being inherited properly.
2009-03-15 13:36:01 +00:00
Dr. Stephen Henson
14d4074ee1 Update from HEAD. 2008-11-21 18:18:28 +00:00
Dr. Stephen Henson
405f382144 Fix from HEAD. 2008-08-05 15:56:11 +00:00
Dr. Stephen Henson
d140890259 Update from HEAD. 2008-04-18 11:19:56 +00:00
Dr. Stephen Henson
501af5ba89 Update from HEAD. 2008-04-12 10:15:33 +00:00
Dr. Stephen Henson
b983322bfb Revert change from HEAD. 2008-04-11 23:23:57 +00:00
Dr. Stephen Henson
339654e163 Fix from HEAD. 2008-04-11 17:34:42 +00:00
Dr. Stephen Henson
173acc185c Fix from HEAD. 2008-04-07 11:01:43 +00:00
Dr. Stephen Henson
94b2c29f9d Backport of CMS code to 0.9.8-stable branch. Disabled by default. 2008-04-03 23:03:56 +00:00