generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Return an error if no recipient type matches.

Browse Source 
If the key type does not match any CMS recipient type return
an error instead of using a random key (MMA mitigation). This
does not leak any useful information to an attacker.

PR#3348
This commit is contained in:
Dr. Stephen Henson 2014-05-08 13:10:56 +01:00
parent a935132099
commit 0bcb17a777
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
crypto/cms/cms_smime.c
View File

@ -697,7 +697,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
STACK_OF(CMS_RecipientInfo) *ris; STACK_OF(CMS_RecipientInfo) *ris;
CMS_RecipientInfo *ri; CMS_RecipientInfo *ri;
int i, r, ri_type; int i, r, ri_type;
int debug = 0; int debug = 0, match_ri = 0;
ris = CMS_get0_RecipientInfos(cms); ris = CMS_get0_RecipientInfos(cms);
if (ris) if (ris)
debug = cms->d.envelopedData->encryptedContentInfo->debug; debug = cms->d.envelopedData->encryptedContentInfo->debug;
@ -714,6 +714,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
ri = sk_CMS_RecipientInfo_value(ris, i); ri = sk_CMS_RecipientInfo_value(ris, i);
if (CMS_RecipientInfo_type(ri) != ri_type) if (CMS_RecipientInfo_type(ri) != ri_type)
continue; continue;
match_ri = 1;
if (ri_type == CMS_RECIPINFO_AGREE) if (ri_type == CMS_RECIPINFO_AGREE)
{ {
r = cms_kari_set1_pkey(cms, ri, pk, cert); r = cms_kari_set1_pkey(cms, ri, pk, cert);
@ -757,7 +758,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
} }
} }
/* If no cert and not debugging always return success */ /* If no cert and not debugging always return success */
if (!cert && !debug) if (match_ri && !cert && !debug)
{ {
ERR_clear_error(); ERR_clear_error();
return 1; return 1;