[openssl/openssl] 26521f: CMS_decrypt*(): fix misconceptions and mem leak
David von Oheimb
noreply at github.com
Fri Feb 24 11:43:27 UTC 2023
Branch: refs/heads/openssl-3.0
Home: https://github.com/openssl/openssl
Commit: 26521faae48c14597877e330911171105ab6c30f
https://github.com/openssl/openssl/commit/26521faae48c14597877e330911171105ab6c30f
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: 2023-02-24 (Fri, 24 Feb 2023)
Changed paths:
M crypto/cms/cms_env.c
M crypto/cms/cms_smime.c
M doc/man3/CMS_EncryptedData_decrypt.pod
M doc/man3/CMS_decrypt.pod
Log Message:
-----------
CMS_decrypt*(): fix misconceptions and mem leak
Also document CMS_decrypt_set1_password() and fix CMS_EnvelopedData_create.pod.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20209)
Commit: c5febe9923cd5465fae5209a4f8e8be4aab43cac
https://github.com/openssl/openssl/commit/c5febe9923cd5465fae5209a4f8e8be4aab43cac
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: 2023-02-24 (Fri, 24 Feb 2023)
Changed paths:
M crypto/cms/cms_smime.c
Log Message:
-----------
CMS_decrypt_set1_password(): prevent mem leak on any previously set decryption key
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20209)
Commit: 27d87391e63dcbbc576fe3b5f1e1c9615a1ac5ff
https://github.com/openssl/openssl/commit/27d87391e63dcbbc576fe3b5f1e1c9615a1ac5ff
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: 2023-02-24 (Fri, 24 Feb 2023)
Changed paths:
M crypto/cms/cms_smime.c
Log Message:
-----------
CMS_decrypt_set1_*(): remove misleading error queue entry when recipient mismatch was not the issue
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20209)
Commit: ceb767bea442a3f9d8a40a26df1f760b7142e616
https://github.com/openssl/openssl/commit/ceb767bea442a3f9d8a40a26df1f760b7142e616
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: 2023-02-24 (Fri, 24 Feb 2023)
Changed paths:
M crypto/cms/cms_smime.c
Log Message:
-----------
CMS_decrypt_set1_*(): fix NULL deref on unsuitable content type
Fixes #19975
for CMS_decrypt_set1_pkey_and_peer() in the obvious way,
and a related potential crash in CMS_decrypt_set1_password().
The point is that the input might have an unexpected content type,
so a guard is needed at both places after `ec` is obtained.
Note that in CMS_decrypt_set1_pkey_and_peer() there was
no such ec != NULL guard for
```
if (ris != NULL)
debug = ec->debug;
```
maybe because it is implied here by ris != NULL.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20209)
Compare: https://github.com/openssl/openssl/compare/9fae775acf56...ceb767bea442
More information about the openssl-commits
mailing list