Detect symmetric crypto errors in PKCS7_decrypt.
authorDr. Stephen Henson <steve@openssl.org>
Mon, 27 Feb 2012 15:22:41 +0000 (15:22 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 27 Feb 2012 15:22:41 +0000 (15:22 +0000)
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.

crypto/pkcs7/pk7_smime.c

index 86742d0..0ed0fea 100644 (file)
@@ -573,15 +573,30 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
                        return 0;
                }
                ret = SMIME_text(bread, data);
+               if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
+                       {
+                       if (!BIO_get_cipher_status(tmpmem))
+                               ret = 0;
+                       }
                BIO_free_all(bread);
                return ret;
        } else {
                for(;;) {
                        i = BIO_read(tmpmem, buf, sizeof(buf));
-                       if(i <= 0) break;
+                       if(i <= 0)
+                               {
+                               ret = 1;
+                               if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
+                                       {
+                                       if (!BIO_get_cipher_status(tmpmem))
+                                               ret = 0;
+                                       }
+                                       
+                               break;
+                               }
                        BIO_write(data, buf, i);
                }
                BIO_free_all(tmpmem);
-               return 1;
+               return ret;
        }
 }