[openssl/openssl] f6fdbe: OSSL_CMP_validate_msg(): make sure to reject prote...

David von Oheimb noreply at github.com
Thu Dec 8 07:28:24 UTC 2022


  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: f6fdbe63c7c51bd7c2c37567781d166e475ab5b1
      https://github.com/openssl/openssl/commit/f6fdbe63c7c51bd7c2c37567781d166e475ab5b1
  Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
  Date:   2022-12-08 (Thu, 08 Dec 2022)

  Changed paths:
    M crypto/cmp/cmp_err.c
    M crypto/cmp/cmp_vfy.c
    M crypto/err/openssl.txt
    M doc/man3/OSSL_CMP_validate_msg.pod
    M include/openssl/cmperr.h
    M test/cmp_vfy_test.c

  Log Message:
  -----------
  OSSL_CMP_validate_msg(): make sure to reject protection type mismatch

Do not accept password-based if expected signature-based and no secret is available and
do not accept signature-based if expected password-based and no trust anchors available.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19729)

(cherry picked from commit fc93335760686ad7cf3633d457caf18b0ac83ea2)




More information about the openssl-commits mailing list