diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-12-01 21:53:58 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2017-01-08 01:42:48 +0000 |
commit | 53d2260c4078fed562cd7ce30e62817070fa39d6 (patch) | |
tree | 763ff6e543ee83a4e7db70ce29f8edf2025499fd /crypto/rsa | |
parent | 87ee7b22b6c658a7223098084709bf841cc67cc9 (diff) |
Don't allow PKCS#7/CMS encrypt with PSS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
Diffstat (limited to 'crypto/rsa')
-rw-r--r-- | crypto/rsa/rsa_ameth.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index b091746b1c..c030c27560 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -413,6 +413,8 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) break; case ASN1_PKEY_CTRL_PKCS7_ENCRYPT: + if (pkey_is_pss(pkey)) + return -2; if (arg1 == 0) PKCS7_RECIP_INFO_get0_alg(arg2, &alg); break; @@ -425,6 +427,8 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) break; case ASN1_PKEY_CTRL_CMS_ENVELOPE: + if (pkey_is_pss(pkey)) + return -2; if (arg1 == 0) return rsa_cms_encrypt(arg2); else if (arg1 == 1) @@ -432,6 +436,8 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) break; case ASN1_PKEY_CTRL_CMS_RI_TYPE: + if (pkey_is_pss(pkey)) + return -2; *(int *)arg2 = CMS_RECIPINFO_TRANS; return 1; #endif |