Fixes #22225
In OBJ_nid2obj(), if the NID does not have an OID, then a pointer to
the special "undefined" ASN1_OBJECT is returned. Check for the
undefined-ASN1_OBJECT and return an error. Also, add a test for this
in 80-test_cms.t.
Testing:
#!/bin/bash -x
shopt -s expand_aliases
alias openssl="LD_LIBRARY_PATH=~/git/openssl ~/git/openssl/apps/openssl"
echo "This is a confidential message. It should be encrypted." > msg.txt
## this should fail b/c there is no OID for aes-256-ctr
openssl cms -encrypt -in msg.txt -aes-256-ctr -out msg.txt.cms -recip demos/cms/signer.pem
echo $?
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22392)
(cherry picked from commit
bd160912dcc5e39bcdc925d9aa6538f20e37ad16)
if (enc) {
calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx));
- if (calg->algorithm == NULL) {
+ if (calg->algorithm == NULL || calg->algorithm->nid == NID_undef) {
ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM);
goto err;
}
$no_rc2 = 1 if disabled("legacy");
-plan tests => 17;
+plan tests => 18;
ok(run(test(["pkcs7_test"])), "test pkcs7");
"issue#21986");
}
});
+
+# Test for problem reported in #22225
+with({ exit_checker => sub { return shift == 3; } },
+ sub {
+ ok(run(app(['openssl', 'cms', '-encrypt',
+ '-in', srctop_file("test", "smcont.txt"),
+ '-aes-256-ctr', '-recip',
+ catfile($smdir, "smec1.pem"),
+ ])),
+ "Check for failure when cipher does not have an assigned OID (issue#22225)");
+ });