1 files changed, 57 insertions, 4 deletions
diff --git a/src/lib/libcrypto/cms/cms_smime.c b/src/lib/libcrypto/cms/cms_smime.c
index 4a799eb897..8c56e3a852 100644
--- a/src/lib/libcrypto/cms/cms_smime.c
+++ b/src/lib/libcrypto/cms/cms_smime.c
@@ -611,7 +611,10 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
        STACK_OF(CMS_RecipientInfo) *ris;
        CMS_RecipientInfo *ri;
        int i, r;
+        int debug = 0;
        ris = CMS_get0_RecipientInfos(cms);
+        if (ris)
+                debug = cms->d.envelopedData->encryptedContentInfo->debug;
        for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
                {
                ri = sk_CMS_RecipientInfo_value(ris, i);
@@ -625,17 +628,38 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
                        CMS_RecipientInfo_set0_pkey(ri, pk);
                        r = CMS_RecipientInfo_decrypt(cms, ri);
                        CMS_RecipientInfo_set0_pkey(ri, NULL);
-                        if (r > 0)
-                                return 1;
                        if (cert)
                                {
+                                /* If not debugging clear any error and
+                                 * return success to avoid leaking of
+                                 * information useful to MMA
+                                 */
+                                if (!debug)
+                                        {
+                                        ERR_clear_error();
+                                        return 1;
+                                        }
+                                if (r > 0)
+                                        return 1;
                                CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
                                                CMS_R_DECRYPT_ERROR);
                                return 0;
                                }
-                        ERR_clear_error();
+                        /* If no cert and not debugging don't leave loop
+                         * after first successful decrypt. Always attempt
+                         * to decrypt all recipients to avoid leaking timing
+                         * of a successful decrypt.
+                         */
+                        else if (r > 0 && debug)
+                                return 1;
                        }
                }
+        /* If no cert and not debugging always return success */
+        if (!cert && !debug)
+                {
+                ERR_clear_error();
+                return 1;
+                }
        CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
        return 0;
@@ -680,6 +704,30 @@ int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
        return 0;
        }
+int CMS_decrypt_set1_password(CMS_ContentInfo *cms, 
+                                unsigned char *pass, ossl_ssize_t passlen)
+        {
+        STACK_OF(CMS_RecipientInfo) *ris;
+        CMS_RecipientInfo *ri;
+        int i, r;
+        ris = CMS_get0_RecipientInfos(cms);
+        for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
+                {
+                ri = sk_CMS_RecipientInfo_value(ris, i);
+                if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS)
+                                continue;
+                CMS_RecipientInfo_set0_password(ri, pass, passlen);
+                r = CMS_RecipientInfo_decrypt(cms, ri);
+                CMS_RecipientInfo_set0_password(ri, NULL, 0);
+                if (r > 0)
+                        return 1;
+                }
+        CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT);
+        return 0;
+        }
        
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
                                BIO *dcont, BIO *out,
@@ -694,9 +742,14 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
                }
        if (!dcont && !check_content(cms))
                return 0;
+        if (flags & CMS_DEBUG_DECRYPT)
+                cms->d.envelopedData->encryptedContentInfo->debug = 1;
+        else
+                cms->d.envelopedData->encryptedContentInfo->debug = 0;
+        if (!pk && !cert && !dcont && !out)
+                return 1;
        if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
                return 0;
        cont = CMS_dataInit(cms, dcont);
        if (!cont)
                return 0;

diff --git a/src/lib/libcrypto/cms/cms_smime.c b/src/lib/libcrypto/cms/cms_smime.c index 4a799eb897..8c56e3a852 100644 --- a/src/lib/libcrypto/cms/cms_smime.c +++ b/src/lib/libcrypto/cms/cms_smime.c
@@ -611,7 +611,10 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo cms, EVP_PKEY pk, X509 *cert)
611	STACK_OF(CMS_RecipientInfo) *ris;	611	STACK_OF(CMS_RecipientInfo) *ris;
612	CMS_RecipientInfo *ri;	612	CMS_RecipientInfo *ri;
613	int i, r;	613	int i, r;
		614	int debug = 0;
614	ris = CMS_get0_RecipientInfos(cms);	615	ris = CMS_get0_RecipientInfos(cms);
		616	if (ris)
		617	debug = cms->d.envelopedData->encryptedContentInfo->debug;
615	for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)	618	for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
616	{	619	{
617	ri = sk_CMS_RecipientInfo_value(ris, i);	620	ri = sk_CMS_RecipientInfo_value(ris, i);
@@ -625,17 +628,38 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo cms, EVP_PKEY pk, X509 *cert)
625	CMS_RecipientInfo_set0_pkey(ri, pk);	628	CMS_RecipientInfo_set0_pkey(ri, pk);
626	r = CMS_RecipientInfo_decrypt(cms, ri);	629	r = CMS_RecipientInfo_decrypt(cms, ri);
627	CMS_RecipientInfo_set0_pkey(ri, NULL);	630	CMS_RecipientInfo_set0_pkey(ri, NULL);
628	if (r > 0)
629	return 1;
630	if (cert)	631	if (cert)
631	{	632	{
		633	/* If not debugging clear any error and
		634	* return success to avoid leaking of
		635	* information useful to MMA
		636	*/
		637	if (!debug)
		638	{
		639	ERR_clear_error();
		640	return 1;
		641	}
		642	if (r > 0)
		643	return 1;
632	CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,	644	CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
633	CMS_R_DECRYPT_ERROR);	645	CMS_R_DECRYPT_ERROR);
634	return 0;	646	return 0;
635	}	647	}
636	ERR_clear_error();	648	/* If no cert and not debugging don't leave loop
		649	* after first successful decrypt. Always attempt
		650	* to decrypt all recipients to avoid leaking timing
		651	* of a successful decrypt.
		652	*/
		653	else if (r > 0 && debug)
		654	return 1;
637	}	655	}
638	}	656	}
		657	/* If no cert and not debugging always return success */
		658	if (!cert && !debug)
		659	{
		660	ERR_clear_error();
		661	return 1;
		662	}
639		663
640	CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);	664	CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
641	return 0;	665	return 0;
@@ -680,6 +704,30 @@ int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
680	return 0;	704	return 0;
681		705
682	}	706	}
		707
		708	int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
		709	unsigned char *pass, ossl_ssize_t passlen)
		710	{
		711	STACK_OF(CMS_RecipientInfo) *ris;
		712	CMS_RecipientInfo *ri;
		713	int i, r;
		714	ris = CMS_get0_RecipientInfos(cms);
		715	for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
		716	{
		717	ri = sk_CMS_RecipientInfo_value(ris, i);
		718	if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS)
		719	continue;
		720	CMS_RecipientInfo_set0_password(ri, pass, passlen);
		721	r = CMS_RecipientInfo_decrypt(cms, ri);
		722	CMS_RecipientInfo_set0_password(ri, NULL, 0);
		723	if (r > 0)
		724	return 1;
		725	}
		726
		727	CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT);
		728	return 0;
		729
		730	}
683		731
684	int CMS_decrypt(CMS_ContentInfo cms, EVP_PKEY pk, X509 *cert,	732	int CMS_decrypt(CMS_ContentInfo cms, EVP_PKEY pk, X509 *cert,
685	BIO dcont, BIO out,	733	BIO dcont, BIO out,
@@ -694,9 +742,14 @@ int CMS_decrypt(CMS_ContentInfo cms, EVP_PKEY pk, X509 *cert,
694	}	742	}
695	if (!dcont && !check_content(cms))	743	if (!dcont && !check_content(cms))
696	return 0;	744	return 0;
		745	if (flags & CMS_DEBUG_DECRYPT)
		746	cms->d.envelopedData->encryptedContentInfo->debug = 1;
		747	else
		748	cms->d.envelopedData->encryptedContentInfo->debug = 0;
		749	if (!pk && !cert && !dcont && !out)
		750	return 1;
697	if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))	751	if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
698	return 0;	752	return 0;
699
700	cont = CMS_dataInit(cms, dcont);	753	cont = CMS_dataInit(cms, dcont);
701	if (!cont)	754	if (!cont)
702	return 0;	755	return 0;