diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libcrypto/pkcs7/pk7_doit.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c index d0c27e98a9..81a72f6815 100644 --- a/src/lib/libcrypto/pkcs7/pk7_doit.c +++ b/src/lib/libcrypto/pkcs7/pk7_doit.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pk7_doit.c,v 1.43 2019/03/13 20:34:00 tb Exp $ */ | 1 | /* $OpenBSD: pk7_doit.c,v 1.44 2019/10/04 18:03:55 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -191,7 +191,7 @@ err: | |||
| 191 | 191 | ||
| 192 | static int | 192 | static int |
| 193 | pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, PKCS7_RECIP_INFO *ri, | 193 | pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, PKCS7_RECIP_INFO *ri, |
| 194 | EVP_PKEY *pkey) | 194 | EVP_PKEY *pkey, size_t fixlen) |
| 195 | { | 195 | { |
| 196 | EVP_PKEY_CTX *pctx = NULL; | 196 | EVP_PKEY_CTX *pctx = NULL; |
| 197 | unsigned char *ek = NULL; | 197 | unsigned char *ek = NULL; |
| @@ -222,8 +222,9 @@ pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, PKCS7_RECIP_INFO *ri, | |||
| 222 | goto err; | 222 | goto err; |
| 223 | } | 223 | } |
| 224 | 224 | ||
| 225 | if (EVP_PKEY_decrypt(pctx, ek, &eklen, | 225 | if (EVP_PKEY_decrypt(pctx, ek, &eklen, ri->enc_key->data, |
| 226 | ri->enc_key->data, ri->enc_key->length) <= 0) { | 226 | ri->enc_key->length) <= 0 || eklen == 0 || |
| 227 | (fixlen != 0 && eklen != fixlen)) { | ||
| 227 | ret = 0; | 228 | ret = 0; |
| 228 | PKCS7error(ERR_R_EVP_LIB); | 229 | PKCS7error(ERR_R_EVP_LIB); |
| 229 | goto err; | 230 | goto err; |
| @@ -535,14 +536,14 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) | |||
| 535 | for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { | 536 | for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { |
| 536 | ri = sk_PKCS7_RECIP_INFO_value(rsk, i); | 537 | ri = sk_PKCS7_RECIP_INFO_value(rsk, i); |
| 537 | 538 | ||
| 538 | if (pkcs7_decrypt_rinfo(&ek, &eklen, | 539 | if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, |
| 539 | ri, pkey) < 0) | 540 | EVP_CIPHER_key_length(evp_cipher)) < 0) |
| 540 | goto err; | 541 | goto err; |
| 541 | ERR_clear_error(); | 542 | ERR_clear_error(); |
| 542 | } | 543 | } |
| 543 | } else { | 544 | } else { |
| 544 | /* Only exit on fatal errors, not decrypt failure */ | 545 | /* Only exit on fatal errors, not decrypt failure */ |
| 545 | if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) | 546 | if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, 0) < 0) |
| 546 | goto err; | 547 | goto err; |
| 547 | ERR_clear_error(); | 548 | ERR_clear_error(); |
| 548 | } | 549 | } |