Check for cipher BIO errors and set key length after parameter decode.

crypto/cms/cms_enc.c

@@ -115,18 +115,6 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 	if (enc)
 		calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
 
-	/* If necessary set key length */
-
-	if (ec->keylen != EVP_CIPHER_CTX_key_length(ctx))
-		{
-		if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
-			{
-			CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-				CMS_R_INVALID_KEY_LENGTH);
-			goto err;
-			}
-		}
-
 	if (enc)
 		{
 		int ivlen;
@@ -146,6 +134,18 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 			goto err;
 			}
 
+	/* If necessary set key length */
+
+	if (ec->keylen != EVP_CIPHER_CTX_key_length(ctx))
+		{
+		if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
+			{
+			CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+				CMS_R_INVALID_KEY_LENGTH);
+			goto err;
+			}
+		}
+
 	if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0)
 		{
 		CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,

crypto/cms/cms_smime.c

@@ -77,12 +77,20 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
 	else
 		tmpout = out;
 
-	/* Read all content through chain to determine content digests */
+	/* Read all content through chain to process digest, decrypt etc */
 	for (;;)
 	{
 		i=BIO_read(in,buf,sizeof(buf));
 		if (i <= 0)
+			{
+			if (BIO_method_type(in) == BIO_TYPE_CIPHER)
+				{
+				if (!BIO_get_cipher_status(in))
+					goto err;
+				}
 			break;
+			}
+				
 		if (tmpout)
 			BIO_write(tmpout, buf, i);
 	}