-
-
Notifications
You must be signed in to change notification settings - Fork 9.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
cms encrypt, better OBJ_nid2obj() return check
Fixes #22225 In OBJ_nid2obj(), if the NID does not have an OID, then a pointer to the special "undefined" ASN1_OBJECT is returned. Check for the undefined-ASN1_OBJECT and return an error. Also, add a test for this in 80-test_cms.t. Testing: #!/bin/bash -x shopt -s expand_aliases alias openssl="LD_LIBRARY_PATH=~/git/openssl ~/git/openssl/apps/openssl" echo "This is a confidential message. It should be encrypted." > msg.txt ## this should fail b/c there is no OID for aes-256-ctr openssl cms -encrypt -in msg.txt -aes-256-ctr -out msg.txt.cms -recip demos/cms/signer.pem echo $? Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #22392)
- Loading branch information
Showing
2 changed files
with
13 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -81,7 +81,7 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, | |
|
||
if (enc) { | ||
calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx)); | ||
if (calg->algorithm == NULL) { | ||
if (calg->algorithm == NULL || calg->algorithm->nid == NID_undef) { | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
t8m
Member
|
||
ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM); | ||
goto err; | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@t8m @jamuir Am I right thinking that this line crashes CI --both in openssl master as well as in oqs-provider? What about changing to
...|| EVP_CIPHER_CTX_get_type(ctx) == NID_undef
? Should I put in a PR for this or is this already underway?