generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Reported by: Solar Designer of Openwall

Browse Source 
Make sure tkeylen is initialised properly when encrypting CMS messages.
This commit is contained in:
Dr. Stephen Henson 2012-05-10 13:46:09 +00:00
parent e0311481b8
commit 225055c30b
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -291,6 +291,10 @@
Changes between 1.0.1b and 1.0.1c [xx XXX xxxx]
*) Initialise tkeylen properly when encrypting CMS messages.
Thanks to Solar Designer of Openwall for reporting this issue.
[Steve Henson]
*) In FIPS mode don't try to use composite ciphers as they are not
approved.

4
crypto/cms/cms_enc.c
View File

@ -139,10 +139,10 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err;
}
tkeylen = EVP_CIPHER_CTX_key_length(ctx);
/* Generate random session key */
if (!enc || !ec->key)
{
tkeylen = EVP_CIPHER_CTX_key_length(ctx);
tkey = OPENSSL_malloc(tkeylen);
if (!tkey)
{
@ -174,7 +174,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
/* Only reveal failure if debugging so we don't
* leak information which may be useful in MMA.
*/
if (ec->debug)
if (enc || ec->debug)
{
CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
CMS_R_INVALID_KEY_LENGTH);