[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Dr. Stephen Henson
steve at openssl.org
Tue Aug 8 19:49:41 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via d93022c5ad05fd87c5732881b79dec7d797d2e24 (commit)
via a904692f4b0bb610c2d36ad2c24ba0eb4ed5e88c (commit)
from 1a7d768dc33ad6073f60934fa5b64fa01d9a0a71 (commit)
- Log -----------------------------------------------------------------
commit d93022c5ad05fd87c5732881b79dec7d797d2e24
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Aug 8 15:20:07 2017 +0100
Support CMS decrypt without a certificate for all key types
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4115)
(cherry picked from commit 3f1d1704f215dc11e1fefbb6ecdcb2a08c3a65db)
commit a904692f4b0bb610c2d36ad2c24ba0eb4ed5e88c
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Aug 8 15:25:14 2017 +0100
Add test for ECDH CMS key only
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4115)
(cherry picked from commit 5d09b003c080d81ff6adfb6c54be5c018a2ba294)
-----------------------------------------------------------------------
Summary of changes:
crypto/cms/cms_smime.c | 10 ++++------
test/recipes/80-test_cms.t | 9 +++++++++
2 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index dbf7dd3..7e7b6e5 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -583,19 +583,17 @@ static int cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
STACK_OF(CMS_RecipientEncryptedKey) *reks;
CMS_RecipientEncryptedKey *rek;
reks = CMS_RecipientInfo_kari_get0_reks(ri);
- if (!cert)
- return 0;
for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
int rv;
rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
- if (CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
+ if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
continue;
CMS_RecipientInfo_kari_set0_pkey(ri, pk);
rv = CMS_RecipientInfo_kari_decrypt(cms, ri, rek);
CMS_RecipientInfo_kari_set0_pkey(ri, NULL);
if (rv > 0)
return 1;
- return -1;
+ return cert == NULL ? 0 : -1;
}
return 0;
}
@@ -659,8 +657,8 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
return 1;
}
}
- /* If no cert and not debugging always return success */
- if (match_ri && !cert && !debug) {
+ /* If no cert, key transport and not debugging always return success */
+ if (cert == NULL && ri_type == CMS_RECIPINFO_TRANS && match_ri && !debug) {
ERR_clear_error();
return 1;
}
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 264c7d6..b626449 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -349,6 +349,15 @@ my @smime_cms_param_tests = (
"-in", "test.cms", "-out", "smtst.txt" ]
],
+ [ "enveloped content test streaming S/MIME format, DES, ECDH, 2 recipients, key only used",
+ [ "-encrypt", "-in", $smcont,
+ "-stream", "-out", "test.cms",
+ catfile($smdir, "smec1.pem"),
+ catfile($smdir, "smec2.pem") ],
+ [ "-decrypt", "-inkey", catfile($smdir, "smec2.pem"),
+ "-in", "test.cms", "-out", "smtst.txt" ]
+ ],
+
[ "enveloped content test streaming S/MIME format, ECDH, DES, key identifier",
[ "-encrypt", "-keyid", "-in", $smcont,
"-stream", "-out", "test.cms",
More information about the openssl-commits
mailing list