Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OID

If the cipher being used in ossl_cms_EncryptedContent_init_bio() has no associated OID then we should report an error rather than continuing on regardless. Continuing on still ends up failing - but later on and with a more cryptic error message. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19918)
author: Matt Caswell <matt@openssl.org> 2022-12-06 14:51:54 +0000
committer: Tomas Mraz <tomas@openssl.org> 2022-12-22 11:01:06 +0100
commit: bf3f8f2c0ea7bdfb007079aade8e01a06e79874f (patch)
tree: e1b956969e065525e371c68db06472b9e505873d /crypto/cms/cms_enc.c
parent: 0f48050b5a8881870b8e25382f817b3a3dc14f16 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index 1bca2f7c62..c9a5cfc69b 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -81,6 +81,10 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec,
 
     if (enc) {
         calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx));
+        if (calg->algorithm == NULL) {
+            ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM);
+            goto err;
+        }
         /* Generate a random IV if we need one */
         ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
         if (ivlen < 0) {
author	Matt Caswell <matt@openssl.org>	2022-12-06 14:51:54 +0000
committer	Tomas Mraz <tomas@openssl.org>	2022-12-22 11:01:06 +0100
commit	bf3f8f2c0ea7bdfb007079aade8e01a06e79874f (patch)
tree	e1b956969e065525e371c68db06472b9e505873d /crypto/cms/cms_enc.c
parent	0f48050b5a8881870b8e25382f817b3a3dc14f16 (diff)