This commit was generated by cvs2git to track changes on a CVS vendor

branch.
author: djm <> 2012-10-13 21:23:50 +0000
committer: djm <> 2012-10-13 21:23:50 +0000
commit: d56dbc3c72494d4b68c03f5bcc3ae1f9df7b17df (patch)
tree: 10ebe51c3542099b0ab8325d8f322372375dc3b4 /src/lib/libcrypto/cms/cms_enc.c
parent: bc685bd401e5657f7fb51b4e1a62a7a5c5ea4098 (diff)
parent: 228cae30b117c2493f69ad3c195341cd6ec8d430 (diff)
download: openbsd-d56dbc3c72494d4b68c03f5bcc3ae1f9df7b17df.tar.gz
openbsd-d56dbc3c72494d4b68c03f5bcc3ae1f9df7b17df.tar.bz2
openbsd-d56dbc3c72494d4b68c03f5bcc3ae1f9df7b17df.zip
1 files changed, 46 insertions, 14 deletions
diff --git a/src/lib/libcrypto/cms/cms_enc.c b/src/lib/libcrypto/cms/cms_enc.c
index bab26235bd..f873ce3794 100644
--- a/src/lib/libcrypto/cms/cms_enc.c
+++ b/src/lib/libcrypto/cms/cms_enc.c
@@ -73,6 +73,8 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
        const EVP_CIPHER *ciph;
        X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
        unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
+        unsigned char *tkey = NULL;
+        size_t tkeylen;
        int ok = 0;
@@ -137,32 +139,57 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
                                CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
                goto err;
                }
+        tkeylen = EVP_CIPHER_CTX_key_length(ctx);
+        /* Generate random session key */
-        if (enc && !ec->key)
+        if (!enc || !ec->key)
                {
-                /* Generate random key */
+                tkey = OPENSSL_malloc(tkeylen);
-                if (!ec->keylen)
+                if (!tkey)
-                        ec->keylen = EVP_CIPHER_CTX_key_length(ctx);
-                ec->key = OPENSSL_malloc(ec->keylen);
-                if (!ec->key)
                        {
                        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
                                                        ERR_R_MALLOC_FAILURE);
                        goto err;
                        }
-                if (EVP_CIPHER_CTX_rand_key(ctx, ec->key) <= 0)
+                if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
                        goto err;
-                keep_key = 1;
                }
-        else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx))
+        if (!ec->key)
+                {
+                ec->key = tkey;
+                ec->keylen = tkeylen;
+                tkey = NULL;
+                if (enc)
+                        keep_key = 1;
+                else
+                        ERR_clear_error();
+                
+                }
+        if (ec->keylen != tkeylen)
                {
                /* If necessary set key length */
                if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
                        {
-                        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                        /* Only reveal failure if debugging so we don't
-                                CMS_R_INVALID_KEY_LENGTH);
+                         * leak information which may be useful in MMA.
-                        goto err;
+                         */
+                        if (enc || ec->debug)
+                                {
+                                CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                                                CMS_R_INVALID_KEY_LENGTH);
+                                goto err;
+                                }
+                        else
+                                {
+                                /* Use random key */
+                                OPENSSL_cleanse(ec->key, ec->keylen);
+                                OPENSSL_free(ec->key);
+                                ec->key = tkey;
+                                ec->keylen = tkeylen;
+                                tkey = NULL;
+                                ERR_clear_error();
+                                }
                        }
                }
@@ -198,6 +225,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
                OPENSSL_free(ec->key);
                ec->key = NULL;
                }
+        if (tkey)
+                {
+                OPENSSL_cleanse(tkey, tkeylen);
+                OPENSSL_free(tkey);
+                }
        if (ok)
                return b;
        BIO_free(b);
author	djm <>	2012-10-13 21:23:50 +0000
committer	djm <>	2012-10-13 21:23:50 +0000
commit	d56dbc3c72494d4b68c03f5bcc3ae1f9df7b17df (patch)
tree	10ebe51c3542099b0ab8325d8f322372375dc3b4 /src/lib/libcrypto/cms/cms_enc.c
parent	bc685bd401e5657f7fb51b4e1a62a7a5c5ea4098 (diff)
parent	228cae30b117c2493f69ad3c195341cd6ec8d430 (diff)
download	openbsd-d56dbc3c72494d4b68c03f5bcc3ae1f9df7b17df.tar.gz openbsd-d56dbc3c72494d4b68c03f5bcc3ae1f9df7b17df.tar.bz2 openbsd-d56dbc3c72494d4b68c03f5bcc3ae1f9df7b17df.zip

diff --git a/src/lib/libcrypto/cms/cms_enc.c b/src/lib/libcrypto/cms/cms_enc.c index bab26235bd..f873ce3794 100644 --- a/src/lib/libcrypto/cms/cms_enc.c +++ b/src/lib/libcrypto/cms/cms_enc.c
@@ -73,6 +73,8 @@ BIO cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo ec)
73	const EVP_CIPHER *ciph;	73	const EVP_CIPHER *ciph;
74	X509_ALGOR *calg = ec->contentEncryptionAlgorithm;	74	X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
75	unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;	75	unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
		76	unsigned char *tkey = NULL;
		77	size_t tkeylen;
76		78
77	int ok = 0;	79	int ok = 0;
78		80
@@ -137,32 +139,57 @@ BIO cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo ec)
137	CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);	139	CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
138	goto err;	140	goto err;
139	}	141	}
140		142	tkeylen = EVP_CIPHER_CTX_key_length(ctx);
141		143	/* Generate random session key */
142	if (enc && !ec->key)	144	if (!enc \|\| !ec->key)
143	{	145	{
144	/* Generate random key */	146	tkey = OPENSSL_malloc(tkeylen);
145	if (!ec->keylen)	147	if (!tkey)
146	ec->keylen = EVP_CIPHER_CTX_key_length(ctx);
147	ec->key = OPENSSL_malloc(ec->keylen);
148	if (!ec->key)
149	{	148	{
150	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,	149	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
151	ERR_R_MALLOC_FAILURE);	150	ERR_R_MALLOC_FAILURE);
152	goto err;	151	goto err;
153	}	152	}
154	if (EVP_CIPHER_CTX_rand_key(ctx, ec->key) <= 0)	153	if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
155	goto err;	154	goto err;
156	keep_key = 1;
157	}	155	}
158	else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx))	156
		157	if (!ec->key)
		158	{
		159	ec->key = tkey;
		160	ec->keylen = tkeylen;
		161	tkey = NULL;
		162	if (enc)
		163	keep_key = 1;
		164	else
		165	ERR_clear_error();
		166
		167	}
		168
		169	if (ec->keylen != tkeylen)
159	{	170	{
160	/* If necessary set key length */	171	/* If necessary set key length */
161	if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)	172	if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
162	{	173	{
163	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,	174	/* Only reveal failure if debugging so we don't
164	CMS_R_INVALID_KEY_LENGTH);	175	* leak information which may be useful in MMA.
165	goto err;	176	*/
		177	if (enc \|\| ec->debug)
		178	{
		179	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
		180	CMS_R_INVALID_KEY_LENGTH);
		181	goto err;
		182	}
		183	else
		184	{
		185	/* Use random key */
		186	OPENSSL_cleanse(ec->key, ec->keylen);
		187	OPENSSL_free(ec->key);
		188	ec->key = tkey;
		189	ec->keylen = tkeylen;
		190	tkey = NULL;
		191	ERR_clear_error();
		192	}
166	}	193	}
167	}	194	}
168		195
@@ -198,6 +225,11 @@ BIO cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo ec)
198	OPENSSL_free(ec->key);	225	OPENSSL_free(ec->key);
199	ec->key = NULL;	226	ec->key = NULL;
200	}	227	}
		228	if (tkey)
		229	{
		230	OPENSSL_cleanse(tkey, tkeylen);
		231	OPENSSL_free(tkey);
		232	}
201	if (ok)	233	if (ok)
202	return b;	234	return b;
203	BIO_free(b);	235	BIO_free(b);