cms: disallow AEAD ciphers and AES XTS - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2025-05-10 05:25:43 +0000
committer	tb <>	2025-05-10 05:25:43 +0000
commit	7d5e6890156b686b6b3e771d9efd343ce8df5fa9 (patch)
tree	aeddf5a93b53d14de7aeeafa975ed10d4b70175d /src/lib/libcrypto/dsa/dsa_asn1.c
parent	9f95806ad8d64922d493cf10e05a982c71c788c5 (diff)
download	openbsd-7d5e6890156b686b6b3e771d9efd343ce8df5fa9.tar.gz openbsd-7d5e6890156b686b6b3e771d9efd343ce8df5fa9.tar.bz2 openbsd-7d5e6890156b686b6b3e771d9efd343ce8df5fa9.zip

cms: disallow AEAD ciphers and AES XTS

The CMS code doesn't support RFC 5083/5084 authenticated enveloped data and outputs garbage that even itself can't decrypt for a reason that I have not tried to pinpoint. So refuse using AEAD ciphers and AES XTS for enveloped data from the cms "app" and throw an error pointing out that this isn't supported. OpenSSL have since added incorrect support for AuthEnvelopedData (ASN.1 and code review are hard), so doing this right will need both correct and interoperable code, which I doubt anyone will bother to write anytime soon. Reported by Ben Cooper in https://github.com/libressl/portable/issues/1157 ok beck jsing

Diffstat (limited to 'src/lib/libcrypto/dsa/dsa_asn1.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: