diff options
Diffstat (limited to 'thirdparty/openssl/crypto/cms')
| -rw-r--r-- | thirdparty/openssl/crypto/cms/cms_enc.c | 12 | ||||
| -rw-r--r-- | thirdparty/openssl/crypto/cms/cms_ess.c | 3 | ||||
| -rw-r--r-- | thirdparty/openssl/crypto/cms/cms_kari.c | 5 | ||||
| -rw-r--r-- | thirdparty/openssl/crypto/cms/cms_lib.c | 4 | ||||
| -rw-r--r-- | thirdparty/openssl/crypto/cms/cms_pwri.c | 4 |
5 files changed, 19 insertions, 9 deletions
diff --git a/thirdparty/openssl/crypto/cms/cms_enc.c b/thirdparty/openssl/crypto/cms/cms_enc.c index b14b4b68b5..90b1fcc750 100644 --- a/thirdparty/openssl/crypto/cms/cms_enc.c +++ b/thirdparty/openssl/crypto/cms/cms_enc.c @@ -119,7 +119,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) /* Generate a random IV if we need one */ ivlen = EVP_CIPHER_CTX_iv_length(ctx); if (ivlen > 0) { - if (RAND_pseudo_bytes(iv, ivlen) <= 0) + if (RAND_bytes(iv, ivlen) <= 0) goto err; piv = iv; } @@ -179,10 +179,9 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) CMS_R_CIPHER_INITIALISATION_ERROR); goto err; } - - if (piv) { + if (enc) { calg->parameter = ASN1_TYPE_new(); - if (!calg->parameter) { + if (calg->parameter == NULL) { CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE); goto err; } @@ -191,6 +190,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); goto err; } + /* If parameter type not set omit parameter */ + if (calg->parameter->type == V_ASN1_UNDEF) { + ASN1_TYPE_free(calg->parameter); + calg->parameter = NULL; + } } ok = 1; diff --git a/thirdparty/openssl/crypto/cms/cms_ess.c b/thirdparty/openssl/crypto/cms/cms_ess.c index 8631a2eb2b..8212560628 100644 --- a/thirdparty/openssl/crypto/cms/cms_ess.c +++ b/thirdparty/openssl/crypto/cms/cms_ess.c @@ -107,8 +107,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, else { if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32)) goto merr; - if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32) - <= 0) + if (RAND_bytes(rr->signedContentIdentifier->data, 32) <= 0) goto err; } diff --git a/thirdparty/openssl/crypto/cms/cms_kari.c b/thirdparty/openssl/crypto/cms/cms_kari.c index 2cfcdb29cd..ee283172d3 100644 --- a/thirdparty/openssl/crypto/cms/cms_kari.c +++ b/thirdparty/openssl/crypto/cms/cms_kari.c @@ -401,9 +401,12 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, * Pick a cipher based on content encryption cipher. If it is DES3 use * DES3 wrap otherwise use AES wrap similar to key size. */ +#ifndef OPENSSL_NO_DES if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc) kekcipher = EVP_des_ede3_wrap(); - else if (keylen <= 16) + else +#endif + if (keylen <= 16) kekcipher = EVP_aes_128_wrap(); else if (keylen <= 24) kekcipher = EVP_aes_192_wrap(); diff --git a/thirdparty/openssl/crypto/cms/cms_lib.c b/thirdparty/openssl/crypto/cms/cms_lib.c index d6cb60d02d..6d27c4969b 100644 --- a/thirdparty/openssl/crypto/cms/cms_lib.c +++ b/thirdparty/openssl/crypto/cms/cms_lib.c @@ -413,6 +413,8 @@ static STACK_OF(CMS_CertificateChoices) return &cms->d.signedData->certificates; case NID_pkcs7_enveloped: + if (cms->d.envelopedData->originatorInfo == NULL) + return NULL; return &cms->d.envelopedData->originatorInfo->certificates; default: @@ -488,6 +490,8 @@ static STACK_OF(CMS_RevocationInfoChoice) return &cms->d.signedData->crls; case NID_pkcs7_enveloped: + if (cms->d.envelopedData->originatorInfo == NULL) + return NULL; return &cms->d.envelopedData->originatorInfo->crls; default: diff --git a/thirdparty/openssl/crypto/cms/cms_pwri.c b/thirdparty/openssl/crypto/cms/cms_pwri.c index b91c01691f..5c817caf2f 100644 --- a/thirdparty/openssl/crypto/cms/cms_pwri.c +++ b/thirdparty/openssl/crypto/cms/cms_pwri.c @@ -134,7 +134,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, ivlen = EVP_CIPHER_CTX_iv_length(&ctx); if (ivlen > 0) { - if (RAND_pseudo_bytes(iv, ivlen) <= 0) + if (RAND_bytes(iv, ivlen) <= 0) goto err; if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) { CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB); @@ -301,7 +301,7 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen, memcpy(out + 4, in, inlen); /* Add random padding to end */ if (olen > inlen + 4 - && RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen) < 0) + && RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0) return 0; /* Encrypt twice */ EVP_EncryptUpdate(ctx, out, &dummy, out, olen); |