diff options
author | Matt Caswell <matt@openssl.org> | 2022-12-06 14:51:54 +0000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-12-22 11:03:50 +0100 |
commit | cc122995d1fa12fb8f93562e0aca4a62cd83fc5b (patch) | |
tree | d60705e2c7e7941c262a52ca0bf3878e9e2b3449 /crypto | |
parent | 903e96599b53639d6a72f9b05514f93136eaf03b (diff) |
Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OID
If the cipher being used in ossl_cms_EncryptedContent_init_bio() has no
associated OID then we should report an error rather than continuing on
regardless. Continuing on still ends up failing - but later on and with a
more cryptic error message.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19919)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/cms/cms_enc.c | 4 | ||||
-rw-r--r-- | crypto/cms/cms_err.c | 2 | ||||
-rw-r--r-- | crypto/err/openssl.txt | 2 |
3 files changed, 8 insertions, 0 deletions
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index a3909ba70c..f7007c1231 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -81,6 +81,10 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, if (enc) { calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx)); + if (calg->algorithm == NULL) { + ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM); + goto err; + } /* Generate a random IV if we need one */ ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); if (ivlen < 0) { diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c index 1fba9d8502..dcbea201c8 100644 --- a/crypto/cms/cms_err.c +++ b/crypto/cms/cms_err.c @@ -138,6 +138,8 @@ static const ERR_STRING_DATA CMS_str_reasons[] = { {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_ID), "unknown id"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM), "unsupported compression algorithm"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM), + "unsupported content encryption algorithm"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_TYPE), "unsupported content type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_ENCRYPTION_TYPE), diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 643cddf8b1..bc47b68887 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -363,6 +363,8 @@ CMS_R_UNKNOWN_CIPHER:148:unknown cipher CMS_R_UNKNOWN_DIGEST_ALGORITHM:149:unknown digest algorithm CMS_R_UNKNOWN_ID:150:unknown id CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM:151:unsupported compression algorithm +CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM:194:\ + unsupported content encryption algorithm CMS_R_UNSUPPORTED_CONTENT_TYPE:152:unsupported content type CMS_R_UNSUPPORTED_ENCRYPTION_TYPE:192:unsupported encryption type CMS_R_UNSUPPORTED_KEK_ALGORITHM:153:unsupported kek algorithm |