summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa/rsa_chk.c
diff options
context:
space:
mode:
authortb <>2025-05-10 05:25:43 +0000
committertb <>2025-05-10 05:25:43 +0000
commita656363fbb9550a01cbf15c8cc74ef1a1064f9f6 (patch)
treeaeddf5a93b53d14de7aeeafa975ed10d4b70175d /src/lib/libcrypto/rsa/rsa_chk.c
parent3e9edd0b4fd31c7e46865118d09a568bb5d182ad (diff)
downloadopenbsd-a656363fbb9550a01cbf15c8cc74ef1a1064f9f6.tar.gz
openbsd-a656363fbb9550a01cbf15c8cc74ef1a1064f9f6.tar.bz2
openbsd-a656363fbb9550a01cbf15c8cc74ef1a1064f9f6.zip
cms: disallow AEAD ciphers and AES XTS
The CMS code doesn't support RFC 5083/5084 authenticated enveloped data and outputs garbage that even itself can't decrypt for a reason that I have not tried to pinpoint. So refuse using AEAD ciphers and AES XTS for enveloped data from the cms "app" and throw an error pointing out that this isn't supported. OpenSSL have since added incorrect support for AuthEnvelopedData (ASN.1 and code review are hard), so doing this right will need both correct and interoperable code, which I doubt anyone will bother to write anytime soon. Reported by Ben Cooper in https://github.com/libressl/portable/issues/1157 ok beck jsing
Diffstat (limited to 'src/lib/libcrypto/rsa/rsa_chk.c')
0 files changed, 0 insertions, 0 deletions