Commit 70ddf8ec authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Return an error if no recipient type matches. 

If the key type does not match any CMS recipient type return
an error instead of using a random key (MMA mitigation). This
does not leak any useful information to an attacker.

PR#3348
(cherry picked from commit 83a3182e0560f76548f4378325393461f6275493)
parent 9febee02

crypto/cms/cms_smime.c

+3 −2
Original line number Diff line number Diff line
@@ -622,7 +622,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) 
	STACK_OF(CMS_RecipientInfo) *ris;

	CMS_RecipientInfo *ri;

	int i, r;

	int debug = 0;

	int debug = 0, ri_match = 0;

	ris = CMS_get0_RecipientInfos(cms);

	if (ris)

		debug = cms->d.envelopedData->encryptedContentInfo->debug;
@@ -631,6 +631,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) 
		ri = sk_CMS_RecipientInfo_value(ris, i);

		if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)

				continue;

		ri_match = 1;

		/* If we have a cert try matching RecipientInfo

		 * otherwise try them all.

		 */
@@ -666,7 +667,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) 
			}

		}

	/* If no cert and not debugging always return success */

	if (!cert && !debug)

	if (ri_match && !cert && !debug)

		{

		ERR_clear_error();

		return 1;