Detect symmetric crypto errors in PKCS7_decrypt.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
openssl · Feb 27, 2012 · 236a99a · 236a99a
1 parent 04b4363
commit 236a99a
Showing 1 changed file with 17 additions and 2 deletions.
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
@@ -573,15 +573,30 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
 			return 0;
 		}
 		ret = SMIME_text(bread, data);
+		if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
+			{
+			if (!BIO_get_cipher_status(tmpmem))
+				ret = 0;
+			}
 		BIO_free_all(bread);
 		return ret;
 	} else {
 		for(;;) {
 			i = BIO_read(tmpmem, buf, sizeof(buf));
-			if(i <= 0) break;
+			if(i <= 0)
+				{
+				ret = 1;
+				if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
+					{
+					if (!BIO_get_cipher_status(tmpmem))
+						ret = 0;
+					}
+
+				break;
+				}
 			BIO_write(data, buf, i);
 		}
 		BIO_free_all(tmpmem);
-		return 1;
+		return ret;
 	}
 }