Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OID

If the cipher being used in ossl_cms_EncryptedContent_init_bio() has no associated OID then we should report an error rather than continuing on regardless. Continuing on still ends up failing - but later on and with a more cryptic error message. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19918)
2025-01-30 14:01:55 +08:00 · 2022-12-06 14:51:54 +00:00 · 2022-12-06 14:51:54 +00:00 · bf3f8f2c0e
commit bf3f8f2c0e
parent 0f48050b5a
4 changed files with 9 additions and 0 deletions
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@ -81,6 +81,10 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec,

    if (enc) {
        calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx));
+        if (calg->algorithm == NULL) {
+            ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM);
+            goto err;
+        }
        /* Generate a random IV if we need one */
        ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
        if (ivlen < 0) {
--- a/crypto/cms/cms_err.c
+++ b/crypto/cms/cms_err.c
@ -140,6 +140,8 @@ static const ERR_STRING_DATA CMS_str_reasons[] = {
    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_ID), "unknown id"},
    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
    "unsupported compression algorithm"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM),
+    "unsupported content encryption algorithm"},
    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_TYPE),
    "unsupported content type"},
    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_ENCRYPTION_TYPE),
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@ -371,6 +371,8 @@ CMS_R_UNKNOWN_CIPHER:148:unknown cipher
 CMS_R_UNKNOWN_DIGEST_ALGORITHM:149:unknown digest algorithm
 CMS_R_UNKNOWN_ID:150:unknown id
 CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM:151:unsupported compression algorithm
+CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM:194:\
+	unsupported content encryption algorithm
 CMS_R_UNSUPPORTED_CONTENT_TYPE:152:unsupported content type
 CMS_R_UNSUPPORTED_ENCRYPTION_TYPE:192:unsupported encryption type
 CMS_R_UNSUPPORTED_KEK_ALGORITHM:153:unsupported kek algorithm
--- a/include/openssl/cmserr.h
+++ b/include/openssl/cmserr.h
@ -106,6 +106,7 @@
 #  define CMS_R_UNKNOWN_DIGEST_ALGORITHM                   149
 #  define CMS_R_UNKNOWN_ID                                 150
 #  define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM          151
+#  define CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM   194
 #  define CMS_R_UNSUPPORTED_CONTENT_TYPE                   152
 #  define CMS_R_UNSUPPORTED_ENCRYPTION_TYPE                192
 #  define CMS_R_UNSUPPORTED_KEK_ALGORITHM                  153