[openssl/openssl] 33e18b: cms encrypt, better OBJ_nid2obj() return check

James Muir noreply at github.com
Wed Oct 18 14:53:19 UTC 2023


  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: 33e18be32e626d938d1687410e77c3e2d8d2f9bf
      https://github.com/openssl/openssl/commit/33e18be32e626d938d1687410e77c3e2d8d2f9bf
  Author: James Muir <james at openssl.org>
  Date:   2023-10-18 (Wed, 18 Oct 2023)

  Changed paths:
    M crypto/cms/cms_enc.c
    M test/recipes/80-test_cms.t

  Log Message:
  -----------
  cms encrypt, better OBJ_nid2obj() return check

Fixes #22225

In OBJ_nid2obj(), if the NID does not have an OID, then a pointer to
the special "undefined" ASN1_OBJECT is returned.  Check for the
undefined-ASN1_OBJECT and return an error.  Also, add a test for this
in 80-test_cms.t.

Testing:

  #!/bin/bash -x

  shopt -s expand_aliases

  alias openssl="LD_LIBRARY_PATH=~/git/openssl ~/git/openssl/apps/openssl"

  echo "This is a confidential message.  It should be encrypted." > msg.txt

  ## this should fail b/c there is no OID for aes-256-ctr
  openssl cms -encrypt -in msg.txt -aes-256-ctr -out msg.txt.cms -recip demos/cms/signer.pem
  echo $?

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22392)

(cherry picked from commit bd160912dcc5e39bcdc925d9aa6538f20e37ad16)




More information about the openssl-commits mailing list