Merge pull request #6 from zmartzone/fix-double-free-on-decrypt_ek_rs…

…a_padding-failure Fix double free on decrypt ek rsa padding failure
OpenIDC · Apr 5, 2022 · 140d108 · 140d108
2 parents 6a2611c + dc14728
commit 140d108
Showing 1 changed file with 13 additions and 2 deletions.
diff --git a/src/jwe.c b/src/jwe.c
@@ -669,6 +669,15 @@ static bool _cjose_jwe_decrypt_ek_rsa_padding(
         return false;
     }
 
+    // jwk must have the necessary private parts set
+	BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL;
+	_cjose_jwk_rsa_get((RSA *)jwk->keydata, &rsa_n, &rsa_e, &rsa_d);
+	if (NULL == rsa_e || NULL == rsa_n || NULL == rsa_d)
+	{
+		CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG);
+		return false;
+	}
+
     // we don't know the size of the key to expect, but must be < RSA_size
     _cjose_release_cek(&jwe->cek, jwe->cek_len);
     size_t buflen = RSA_size((RSA *)jwk->keydata);
@@ -678,13 +687,15 @@ static bool _cjose_jwe_decrypt_ek_rsa_padding(
     }
 
     // decrypt the CEK using RSA v1.5 or OAEP padding
-    jwe->cek_len = RSA_private_decrypt(recipient->enc_key.raw_len, recipient->enc_key.raw, jwe->cek, (RSA *)jwk->keydata, padding);
-    if (-1 == jwe->cek_len)
+    int len = RSA_private_decrypt(recipient->enc_key.raw_len, recipient->enc_key.raw, jwe->cek, (RSA *)jwk->keydata, padding);
+    if (-1 == len)
     {
         CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
         return false;
     }
 
+    jwe->cek_len = len;
+
     return true;
 }