diff options
| author |   miod <miod@openbsd.org> | 2014-07-11 12:12:39 +0000 |
|---|---|---|
| committer | miod <miod@openbsd.org> | 2014-07-11 12:12:39 +0000 |
| commit | fcaed6dd74f03c86003a0ee280088dbf4993550a (patch) | |
| tree | 1679311b7a08ca437f4572136f0a277fb5f69d7e /lib/libssl/src | |
| parent | updated inode format, whitespace, re-formatting (diff) | |
| download | wireguard-openbsd-fcaed6dd74f03c86003a0ee280088dbf4993550a.tar.xz wireguard-openbsd-fcaed6dd74f03c86003a0ee280088dbf4993550a.zip | |
Make CMS_decrypt_set1_pkey() return an error if no recipient type matches,
instead of returning a random key; OpenSSL PR #3348 via OpenSSL trunk
Diffstat (limited to 'lib/libssl/src')
| -rw-r--r-- | lib/libssl/src/crypto/cms/cms_smime.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/libssl/src/crypto/cms/cms_smime.c b/lib/libssl/src/crypto/cms/cms_smime.c index 4f80561e5d8..712f08c32f7 100644 --- a/lib/libssl/src/crypto/cms/cms_smime.c +++ b/lib/libssl/src/crypto/cms/cms_smime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_smime.c,v 1.11 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: cms_smime.c,v 1.12 2014/07/11 12:12:39 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -586,7 +586,7 @@ CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) STACK_OF(CMS_RecipientInfo) *ris; CMS_RecipientInfo *ri; int i, r; - int debug = 0; + int debug = 0, match_ri = 0; ris = CMS_get0_RecipientInfos(cms); if (ris) @@ -595,6 +595,7 @@ CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) ri = sk_CMS_RecipientInfo_value(ris, i); if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS) continue; + match_ri = 1; /* If we have a cert try matching RecipientInfo * otherwise try them all. */ @@ -627,7 +628,7 @@ CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) } } /* If no cert and not debugging always return success */ - if (!cert && !debug) { + if (match_ri && !cert && !debug) { ERR_clear_error(); return 1; } |