Minimize timing leaks in PKINIT decryption pkcs7_dataDecode() is derived from OpenSSL's PKCS7_datadecode() and is used by PKINIT clients to decrypt ReplyKeyPack values in RSA mode. The upstream function was changed for CVE-2012-0884 to minimize the timing difference when RSA decryption results in the wrong padding. Although the impact on Kerberos is negligible (because clients do not ordinarily choose to use RSA mode, and cannot easily be induced to make many thousands of requests with the same key), change pkcs7_dataDecode() to match the upstream change, generating a random symmetric key and using it when RSA decryption fails. Also rename "tmp" and "tmp_len" to "ek" and "eklen" to match the more descriptive upstream variable names. https://github.com/krb5/krb5/commit/f7c6723fdc5142e43edb79d4c5963acc26da7088 Author: Greg Hudson Commit: f7c6723fdc5142e43edb79d4c5963acc26da7088 Branch: master src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 57 ++++++++++++-------- 1 files changed, 34 insertions(+), 23 deletions(-)