[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Dr. Stephen Henson steve at openssl.org
Tue Aug 8 19:49:41 UTC 2017


The branch OpenSSL_1_1_0-stable has been updated
       via  d93022c5ad05fd87c5732881b79dec7d797d2e24 (commit)
       via  a904692f4b0bb610c2d36ad2c24ba0eb4ed5e88c (commit)
      from  1a7d768dc33ad6073f60934fa5b64fa01d9a0a71 (commit)


- Log -----------------------------------------------------------------
commit d93022c5ad05fd87c5732881b79dec7d797d2e24
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Tue Aug 8 15:20:07 2017 +0100

    Support CMS decrypt without a certificate for all key types
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4115)
    
    (cherry picked from commit 3f1d1704f215dc11e1fefbb6ecdcb2a08c3a65db)

commit a904692f4b0bb610c2d36ad2c24ba0eb4ed5e88c
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Tue Aug 8 15:25:14 2017 +0100

    Add test for ECDH CMS key only
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4115)
    
    (cherry picked from commit 5d09b003c080d81ff6adfb6c54be5c018a2ba294)

-----------------------------------------------------------------------

Summary of changes:
 crypto/cms/cms_smime.c     | 10 ++++------
 test/recipes/80-test_cms.t |  9 +++++++++
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index dbf7dd3..7e7b6e5 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -583,19 +583,17 @@ static int cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
     STACK_OF(CMS_RecipientEncryptedKey) *reks;
     CMS_RecipientEncryptedKey *rek;
     reks = CMS_RecipientInfo_kari_get0_reks(ri);
-    if (!cert)
-        return 0;
     for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
         int rv;
         rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
-        if (CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
+        if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
             continue;
         CMS_RecipientInfo_kari_set0_pkey(ri, pk);
         rv = CMS_RecipientInfo_kari_decrypt(cms, ri, rek);
         CMS_RecipientInfo_kari_set0_pkey(ri, NULL);
         if (rv > 0)
             return 1;
-        return -1;
+        return cert == NULL ? 0 : -1;
     }
     return 0;
 }
@@ -659,8 +657,8 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
                 return 1;
         }
     }
-    /* If no cert and not debugging always return success */
-    if (match_ri && !cert && !debug) {
+    /* If no cert, key transport and not debugging always return success */
+    if (cert == NULL && ri_type == CMS_RECIPINFO_TRANS && match_ri && !debug) {
         ERR_clear_error();
         return 1;
     }
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 264c7d6..b626449 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -349,6 +349,15 @@ my @smime_cms_param_tests = (
 	"-in", "test.cms", "-out", "smtst.txt" ]
     ],
 
+    [ "enveloped content test streaming S/MIME format, DES, ECDH, 2 recipients, key only used",
+      [ "-encrypt", "-in", $smcont,
+	"-stream", "-out", "test.cms",
+	catfile($smdir, "smec1.pem"),
+	catfile($smdir, "smec2.pem") ],
+      [ "-decrypt", "-inkey", catfile($smdir, "smec2.pem"),
+	"-in", "test.cms", "-out", "smtst.txt" ]
+    ],
+
     [ "enveloped content test streaming S/MIME format, ECDH, DES, key identifier",
       [ "-encrypt", "-keyid", "-in", $smcont,
 	"-stream", "-out", "test.cms",


More information about the openssl-commits mailing list