diff options
author | Matt Caswell <matt@openssl.org> | 2022-12-06 14:51:54 +0000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-12-22 11:05:49 +0100 |
commit | e979d9aaf5f06fd7aa0935ed9758a2048c3b287c (patch) | |
tree | 1428ec9177399c58ad2da23f265e55eb1482cff4 | |
parent | a923d9bbb523ed100d931a822644c42168176fa4 (diff) |
Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OID
If the cipher being used in ossl_cms_EncryptedContent_init_bio() has no
associated OID then we should report an error rather than continuing on
regardless. Continuing on still ends up failing - but later on and with a
more cryptic error message.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19919)
(cherry picked from commit cc122995d1fa12fb8f93562e0aca4a62cd83fc5b)
-rw-r--r-- | crypto/cms/cms_enc.c | 4 | ||||
-rw-r--r-- | crypto/cms/cms_err.c | 2 | ||||
-rw-r--r-- | crypto/err/openssl.txt | 2 | ||||
-rw-r--r-- | include/openssl/cmserr.h | 1 |
4 files changed, 9 insertions, 0 deletions
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index a3909ba70c..f7007c1231 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -81,6 +81,10 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, if (enc) { calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx)); + if (calg->algorithm == NULL) { + ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM); + goto err; + } /* Generate a random IV if we need one */ ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); if (ivlen < 0) { diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c index 1fba9d8502..dcbea201c8 100644 --- a/crypto/cms/cms_err.c +++ b/crypto/cms/cms_err.c @@ -138,6 +138,8 @@ static const ERR_STRING_DATA CMS_str_reasons[] = { {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_ID), "unknown id"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM), "unsupported compression algorithm"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM), + "unsupported content encryption algorithm"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_TYPE), "unsupported content type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_ENCRYPTION_TYPE), diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 6dd14769a2..49e42550db 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -363,6 +363,8 @@ CMS_R_UNKNOWN_CIPHER:148:unknown cipher CMS_R_UNKNOWN_DIGEST_ALGORITHM:149:unknown digest algorithm CMS_R_UNKNOWN_ID:150:unknown id CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM:151:unsupported compression algorithm +CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM:194:\ + unsupported content encryption algorithm CMS_R_UNSUPPORTED_CONTENT_TYPE:152:unsupported content type CMS_R_UNSUPPORTED_ENCRYPTION_TYPE:192:unsupported encryption type CMS_R_UNSUPPORTED_KEK_ALGORITHM:153:unsupported kek algorithm diff --git a/include/openssl/cmserr.h b/include/openssl/cmserr.h index 1c4f4c799d..d48c2a4ab8 100644 --- a/include/openssl/cmserr.h +++ b/include/openssl/cmserr.h @@ -105,6 +105,7 @@ # define CMS_R_UNKNOWN_DIGEST_ALGORITHM 149 # define CMS_R_UNKNOWN_ID 150 # define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 +# define CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM 194 # define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 # define CMS_R_UNSUPPORTED_ENCRYPTION_TYPE 192 # define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 |