generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Return an error if no recipient type matches.

Browse Source 
If the key type does not match any CMS recipient type return
an error instead of using a random key (MMA mitigation). This
does not leak any useful information to an attacker.

PR#3348
(cherry picked from commit bd43b4cf778a53ffa5d77510ecd408a009dc00d2)
This commit is contained in:
Dr. Stephen Henson 2014-05-08 13:10:56 +01:00
parent 2fc04cb872
commit 2c4144638a
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
crypto/cms/cms_smime.c
View File

@ -637,7 +637,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
STACK_OF(CMS_RecipientInfo) *ris;
CMS_RecipientInfo *ri;
int i, r, ri_type;
int debug = 0;
int debug = 0, match_ri = 0;
ris = CMS_get0_RecipientInfos(cms);
if (ris)
debug = cms->d.envelopedData->encryptedContentInfo->debug;
@ -654,6 +654,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
ri = sk_CMS_RecipientInfo_value(ris, i);
if (CMS_RecipientInfo_type(ri) != ri_type)
continue;
match_ri = 1;
if (ri_type == CMS_RECIPINFO_AGREE)
{
r = cms_kari_set1_pkey(cms, ri, pk, cert);
@ -697,7 +698,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
}
}
/* If no cert and not debugging always return success */
if (!cert && !debug)
if (match_ri && !cert && !debug)
{
ERR_clear_error();
return 1;