Return an error if no recipient type matches. If the key type does not match any CMS recipient type return an error instead of using a random key (MMA mitigation). This does not leak any useful information to an attacker. PR#3348
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index e907b27..7ad8276 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c
@@ -697,7 +697,7 @@ STACK_OF(CMS_RecipientInfo) *ris; CMS_RecipientInfo *ri; int i, r, ri_type; - int debug = 0; + int debug = 0, match_ri = 0; ris = CMS_get0_RecipientInfos(cms); if (ris) debug = cms->d.envelopedData->encryptedContentInfo->debug; @@ -714,6 +714,7 @@ ri = sk_CMS_RecipientInfo_value(ris, i); if (CMS_RecipientInfo_type(ri) != ri_type) continue; + match_ri = 1; if (ri_type == CMS_RECIPINFO_AGREE) { r = cms_kari_set1_pkey(cms, ri, pk, cert); @@ -757,7 +758,7 @@ } } /* If no cert and not debugging always return success */ - if (!cert && !debug) + if (match_ri && !cert && !debug) { ERR_clear_error(); return 1;