diff options
Diffstat (limited to 'src/lib/libcrypto/cms/cms_env.c')
| -rw-r--r-- | src/lib/libcrypto/cms/cms_env.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/src/lib/libcrypto/cms/cms_env.c b/src/lib/libcrypto/cms/cms_env.c index b3237d4b94..be20b1c024 100644 --- a/src/lib/libcrypto/cms/cms_env.c +++ b/src/lib/libcrypto/cms/cms_env.c | |||
| @@ -65,14 +65,13 @@ | |||
| 65 | /* CMS EnvelopedData Utilities */ | 65 | /* CMS EnvelopedData Utilities */ |
| 66 | 66 | ||
| 67 | DECLARE_ASN1_ITEM(CMS_EnvelopedData) | 67 | DECLARE_ASN1_ITEM(CMS_EnvelopedData) |
| 68 | DECLARE_ASN1_ITEM(CMS_RecipientInfo) | ||
| 69 | DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo) | 68 | DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo) |
| 70 | DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo) | 69 | DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo) |
| 71 | DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute) | 70 | DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute) |
| 72 | 71 | ||
| 73 | DECLARE_STACK_OF(CMS_RecipientInfo) | 72 | DECLARE_STACK_OF(CMS_RecipientInfo) |
| 74 | 73 | ||
| 75 | static CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms) | 74 | CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms) |
| 76 | { | 75 | { |
| 77 | if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) | 76 | if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) |
| 78 | { | 77 | { |
| @@ -371,6 +370,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, | |||
| 371 | unsigned char *ek = NULL; | 370 | unsigned char *ek = NULL; |
| 372 | size_t eklen; | 371 | size_t eklen; |
| 373 | int ret = 0; | 372 | int ret = 0; |
| 373 | CMS_EncryptedContentInfo *ec; | ||
| 374 | ec = cms->d.envelopedData->encryptedContentInfo; | ||
| 374 | 375 | ||
| 375 | if (ktri->pkey == NULL) | 376 | if (ktri->pkey == NULL) |
| 376 | { | 377 | { |
| @@ -417,8 +418,14 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, | |||
| 417 | 418 | ||
| 418 | ret = 1; | 419 | ret = 1; |
| 419 | 420 | ||
| 420 | cms->d.envelopedData->encryptedContentInfo->key = ek; | 421 | if (ec->key) |
| 421 | cms->d.envelopedData->encryptedContentInfo->keylen = eklen; | 422 | { |
| 423 | OPENSSL_cleanse(ec->key, ec->keylen); | ||
| 424 | OPENSSL_free(ec->key); | ||
| 425 | } | ||
| 426 | |||
| 427 | ec->key = ek; | ||
| 428 | ec->keylen = eklen; | ||
| 422 | 429 | ||
| 423 | err: | 430 | err: |
| 424 | if (pctx) | 431 | if (pctx) |
| @@ -786,6 +793,9 @@ int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) | |||
| 786 | case CMS_RECIPINFO_KEK: | 793 | case CMS_RECIPINFO_KEK: |
| 787 | return cms_RecipientInfo_kekri_decrypt(cms, ri); | 794 | return cms_RecipientInfo_kekri_decrypt(cms, ri); |
| 788 | 795 | ||
| 796 | case CMS_RECIPINFO_PASS: | ||
| 797 | return cms_RecipientInfo_pwri_crypt(cms, ri, 0); | ||
| 798 | |||
| 789 | default: | 799 | default: |
| 790 | CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT, | 800 | CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT, |
| 791 | CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE); | 801 | CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE); |
| @@ -829,6 +839,10 @@ BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) | |||
| 829 | r = cms_RecipientInfo_kekri_encrypt(cms, ri); | 839 | r = cms_RecipientInfo_kekri_encrypt(cms, ri); |
| 830 | break; | 840 | break; |
| 831 | 841 | ||
| 842 | case CMS_RECIPINFO_PASS: | ||
| 843 | r = cms_RecipientInfo_pwri_crypt(cms, ri, 1); | ||
| 844 | break; | ||
| 845 | |||
| 832 | default: | 846 | default: |
| 833 | CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, | 847 | CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, |
| 834 | CMS_R_UNSUPPORTED_RECIPIENT_TYPE); | 848 | CMS_R_UNSUPPORTED_RECIPIENT_TYPE); |