generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Reported by: Solar Designer of Openwall

Browse Source 
Make sure tkeylen is initialised properly when encrypting CMS messages.
This commit is contained in:
Dr. Stephen Henson 2012-05-10 13:44:24 +00:00
parent 8baf604a39
commit 24547c23ca
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -54,6 +54,10 @@
Changes between 1.0.1b and 1.0.1c [xx XXX xxxx] Changes between 1.0.1b and 1.0.1c [xx XXX xxxx]
*) Initialise tkeylen properly when encrypting CMS messages.
Thanks to Solar Designer of Openwall for reporting this issue.
[Steve Henson]
*) In FIPS mode don't try to use composite ciphers as they are not *) In FIPS mode don't try to use composite ciphers as they are not
approved. approved.
[Steve Henson] [Steve Henson]

4
crypto/cms/cms_enc.c
View File

@ -139,10 +139,10 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err; goto err;
} }
tkeylen = EVP_CIPHER_CTX_key_length(ctx);
/* Generate random session key */ /* Generate random session key */
if (!enc || !ec->key) if (!enc || !ec->key)
{ {
tkeylen = EVP_CIPHER_CTX_key_length(ctx);
tkey = OPENSSL_malloc(tkeylen); tkey = OPENSSL_malloc(tkeylen);
if (!tkey) if (!tkey)
{ {
@ -174,7 +174,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
/* Only reveal failure if debugging so we don't /* Only reveal failure if debugging so we don't
* leak information which may be useful in MMA. * leak information which may be useful in MMA.
*/ */
if (ec->debug) if (enc || ec->debug)
{ {
CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
CMS_R_INVALID_KEY_LENGTH); CMS_R_INVALID_KEY_LENGTH);