Commit 225055c3 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Reported by: Solar Designer of Openwall 

Make sure tkeylen is initialised properly when encrypting CMS messages.
parent e0311481

CHANGES

+4 −0
Original line number Diff line number Diff line
@@ -292,6 +292,10 @@ 
 

 Changes between 1.0.1b and 1.0.1c [xx XXX xxxx]



  *) Initialise tkeylen properly when encrypting CMS messages.

     Thanks to Solar Designer of Openwall for reporting this issue.

     [Steve Henson]

 

  *) In FIPS mode don't try to use composite ciphers as they are not

     approved.

     [Steve Henson]

crypto/cms/cms_enc.c

+2 −2
Original line number Diff line number Diff line
@@ -139,10 +139,10 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) 
				CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);

		goto err;

		}

	tkeylen = EVP_CIPHER_CTX_key_length(ctx);

	/* Generate random session key */

	if (!enc || !ec->key)

		{

		tkeylen = EVP_CIPHER_CTX_key_length(ctx);

		tkey = OPENSSL_malloc(tkeylen);

		if (!tkey)

			{
@@ -174,7 +174,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) 
			/* Only reveal failure if debugging so we don't

			 * leak information which may be useful in MMA.

			 */

			if (ec->debug)

			if (enc || ec->debug)

				{

				CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,

						CMS_R_INVALID_KEY_LENGTH);