diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2022-09-15 11:51:30 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2022-11-25 09:05:47 +0100 |
| commit | 25dd78048b69c2a780ab1a5378b62447c77a5e75 (patch) | |
| tree | b8e7aa1418729f5aceaaf52418bedc221a46bb16 /crypto/cms | |
| parent | 0b7ad5d928f9ee749cfc670ad08067a961217fea (diff) | |
CMS_decrypt*(): fix misconceptions and mem leak
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19222)
Diffstat (limited to 'crypto/cms')
| -rw-r--r-- | crypto/cms/cms_env.c | 5 | ||||
| -rw-r--r-- | crypto/cms/cms_smime.c | 21 |
2 files changed, 14 insertions, 12 deletions
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 7887defe25..d25504a03f 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -138,7 +138,7 @@ int ossl_cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd) return 1; } -CMS_EncryptedContentInfo* ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms) +CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms) { switch (cms_get_enveloped_type(cms)) { case CMS_ENVELOPED_STANDARD: @@ -266,7 +266,8 @@ BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data, ASN1_STRING_get0_data(secret), ASN1_STRING_length(secret)) != 1) goto end; - res = CMS_decrypt(ci, pkey, cert, detached_data, bio, flags); + res = CMS_decrypt(ci, secret == NULL ? pkey : NULL, + secret == NULL ? cert : NULL, detached_data, bio, flags); end: if (ci != NULL) diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index c5b82cf956..e49c611a28 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -707,10 +707,16 @@ int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk, CMS_RecipientInfo *ri; int i, r, cms_pkey_ri_type; int debug = 0, match_ri = 0; + CMS_EncryptedContentInfo *ec = ossl_cms_get0_env_enc_content(cms); + + /* Prevent mem leak on earlier CMS_decrypt_set1_{pkey_and_peer,password} */ + OPENSSL_clear_free(ec->key, ec->keylen); + ec->key = NULL; + ec->keylen = 0; ris = CMS_get0_RecipientInfos(cms); if (ris != NULL) - debug = ossl_cms_get0_env_enc_content(cms)->debug; + debug = ec->debug; cms_pkey_ri_type = ossl_cms_pkey_get_ri_type(pk); if (cms_pkey_ri_type == CMS_RECIPINFO_NONE) { @@ -845,7 +851,7 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, { int r; BIO *cont; - + CMS_EncryptedContentInfo *ec; int nid = OBJ_obj2nid(CMS_get0_type(cms)); if (nid != NID_pkcs7_enveloped @@ -855,14 +861,9 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, } if (dcont == NULL && !check_content(cms)) return 0; - if (flags & CMS_DEBUG_DECRYPT) - ossl_cms_get0_env_enc_content(cms)->debug = 1; - else - ossl_cms_get0_env_enc_content(cms)->debug = 0; - if (cert == NULL) - ossl_cms_get0_env_enc_content(cms)->havenocert = 1; - else - ossl_cms_get0_env_enc_content(cms)->havenocert = 0; + ec = ossl_cms_get0_env_enc_content(cms); + ec->debug = (flags & CMS_DEBUG_DECRYPT) != 0; + ec->havenocert = cert == NULL; if (pk == NULL && cert == NULL && dcont == NULL && out == NULL) return 1; if (pk != NULL && !CMS_decrypt_set1_pkey(cms, pk, cert)) |