1 files changed, 4 insertions, 57 deletions
diff --git a/src/lib/libcrypto/cms/cms_smime.c b/src/lib/libcrypto/cms/cms_smime.c
index 8c56e3a852..4a799eb897 100644
--- a/src/lib/libcrypto/cms/cms_smime.c
+++ b/src/lib/libcrypto/cms/cms_smime.c
@@ -611,10 +611,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
        STACK_OF(CMS_RecipientInfo) *ris;
        CMS_RecipientInfo *ri;
        int i, r;
-        int debug = 0;
        ris = CMS_get0_RecipientInfos(cms);
-        if (ris)
-                debug = cms->d.envelopedData->encryptedContentInfo->debug;
        for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
                {
                ri = sk_CMS_RecipientInfo_value(ris, i);
@@ -628,38 +625,17 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
                        CMS_RecipientInfo_set0_pkey(ri, pk);
                        r = CMS_RecipientInfo_decrypt(cms, ri);
                        CMS_RecipientInfo_set0_pkey(ri, NULL);
+                        if (r > 0)
+                                return 1;
                        if (cert)
                                {
-                                /* If not debugging clear any error and
-                                 * return success to avoid leaking of
-                                 * information useful to MMA
-                                 */
-                                if (!debug)
-                                        {
-                                        ERR_clear_error();
-                                        return 1;
-                                        }
-                                if (r > 0)
-                                        return 1;
                                CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
                                                CMS_R_DECRYPT_ERROR);
                                return 0;
                                }
-                        /* If no cert and not debugging don't leave loop
+                        ERR_clear_error();
-                         * after first successful decrypt. Always attempt
-                         * to decrypt all recipients to avoid leaking timing
-                         * of a successful decrypt.
-                         */
-                        else if (r > 0 && debug)
-                                return 1;
                        }
                }
-        /* If no cert and not debugging always return success */
-        if (!cert && !debug)
-                {
-                ERR_clear_error();
-                return 1;
-                }
        CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
        return 0;
@@ -704,30 +680,6 @@ int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
        return 0;
        }
-int CMS_decrypt_set1_password(CMS_ContentInfo *cms, 
-                                unsigned char *pass, ossl_ssize_t passlen)
-        {
-        STACK_OF(CMS_RecipientInfo) *ris;
-        CMS_RecipientInfo *ri;
-        int i, r;
-        ris = CMS_get0_RecipientInfos(cms);
-        for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
-                {
-                ri = sk_CMS_RecipientInfo_value(ris, i);
-                if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS)
-                                continue;
-                CMS_RecipientInfo_set0_password(ri, pass, passlen);
-                r = CMS_RecipientInfo_decrypt(cms, ri);
-                CMS_RecipientInfo_set0_password(ri, NULL, 0);
-                if (r > 0)
-                        return 1;
-                }
-        CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT);
-        return 0;
-        }
        
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
                                BIO *dcont, BIO *out,
@@ -742,14 +694,9 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
                }
        if (!dcont && !check_content(cms))
                return 0;
-        if (flags & CMS_DEBUG_DECRYPT)
-                cms->d.envelopedData->encryptedContentInfo->debug = 1;
-        else
-                cms->d.envelopedData->encryptedContentInfo->debug = 0;
-        if (!pk && !cert && !dcont && !out)
-                return 1;
        if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
                return 0;
        cont = CMS_dataInit(cms, dcont);
        if (!cont)
                return 0;

diff --git a/src/lib/libcrypto/cms/cms_smime.c b/src/lib/libcrypto/cms/cms_smime.c index 8c56e3a852..4a799eb897 100644 --- a/src/lib/libcrypto/cms/cms_smime.c +++ b/src/lib/libcrypto/cms/cms_smime.c
@@ -611,10 +611,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo cms, EVP_PKEY pk, X509 *cert)
611	STACK_OF(CMS_RecipientInfo) *ris;	611	STACK_OF(CMS_RecipientInfo) *ris;
612	CMS_RecipientInfo *ri;	612	CMS_RecipientInfo *ri;
613	int i, r;	613	int i, r;
614	int debug = 0;
615	ris = CMS_get0_RecipientInfos(cms);	614	ris = CMS_get0_RecipientInfos(cms);
616	if (ris)
617	debug = cms->d.envelopedData->encryptedContentInfo->debug;
618	for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)	615	for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
619	{	616	{
620	ri = sk_CMS_RecipientInfo_value(ris, i);	617	ri = sk_CMS_RecipientInfo_value(ris, i);
@@ -628,38 +625,17 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo cms, EVP_PKEY pk, X509 *cert)
628	CMS_RecipientInfo_set0_pkey(ri, pk);	625	CMS_RecipientInfo_set0_pkey(ri, pk);
629	r = CMS_RecipientInfo_decrypt(cms, ri);	626	r = CMS_RecipientInfo_decrypt(cms, ri);
630	CMS_RecipientInfo_set0_pkey(ri, NULL);	627	CMS_RecipientInfo_set0_pkey(ri, NULL);
		628	if (r > 0)
		629	return 1;
631	if (cert)	630	if (cert)
632	{	631	{
633	/* If not debugging clear any error and
634	* return success to avoid leaking of
635	* information useful to MMA
636	*/
637	if (!debug)
638	{
639	ERR_clear_error();
640	return 1;
641	}
642	if (r > 0)
643	return 1;
644	CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,	632	CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
645	CMS_R_DECRYPT_ERROR);	633	CMS_R_DECRYPT_ERROR);
646	return 0;	634	return 0;
647	}	635	}
648	/* If no cert and not debugging don't leave loop	636	ERR_clear_error();
649	* after first successful decrypt. Always attempt
650	* to decrypt all recipients to avoid leaking timing
651	* of a successful decrypt.
652	*/
653	else if (r > 0 && debug)
654	return 1;
655	}	637	}
656	}	638	}
657	/* If no cert and not debugging always return success */
658	if (!cert && !debug)
659	{
660	ERR_clear_error();
661	return 1;
662	}
663		639
664	CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);	640	CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
665	return 0;	641	return 0;
@@ -704,30 +680,6 @@ int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
704	return 0;	680	return 0;
705		681
706	}	682	}
707
708	int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
709	unsigned char *pass, ossl_ssize_t passlen)
710	{
711	STACK_OF(CMS_RecipientInfo) *ris;
712	CMS_RecipientInfo *ri;
713	int i, r;
714	ris = CMS_get0_RecipientInfos(cms);
715	for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
716	{
717	ri = sk_CMS_RecipientInfo_value(ris, i);
718	if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS)
719	continue;
720	CMS_RecipientInfo_set0_password(ri, pass, passlen);
721	r = CMS_RecipientInfo_decrypt(cms, ri);
722	CMS_RecipientInfo_set0_password(ri, NULL, 0);
723	if (r > 0)
724	return 1;
725	}
726
727	CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT);
728	return 0;
729
730	}
731		683
732	int CMS_decrypt(CMS_ContentInfo cms, EVP_PKEY pk, X509 *cert,	684	int CMS_decrypt(CMS_ContentInfo cms, EVP_PKEY pk, X509 *cert,
733	BIO dcont, BIO out,	685	BIO dcont, BIO out,
@@ -742,14 +694,9 @@ int CMS_decrypt(CMS_ContentInfo cms, EVP_PKEY pk, X509 *cert,
742	}	694	}
743	if (!dcont && !check_content(cms))	695	if (!dcont && !check_content(cms))
744	return 0;	696	return 0;
745	if (flags & CMS_DEBUG_DECRYPT)
746	cms->d.envelopedData->encryptedContentInfo->debug = 1;
747	else
748	cms->d.envelopedData->encryptedContentInfo->debug = 0;
749	if (!pk && !cert && !dcont && !out)
750	return 1;
751	if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))	697	if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
752	return 0;	698	return 0;
		699
753	cont = CMS_dataInit(cms, dcont);	700	cont = CMS_dataInit(cms, dcont);
754	if (!cont)	701	if (!cont)
755	return 0;	702	return 0;