diff options
| author | tb <> | 2025-05-10 05:25:43 +0000 |
|---|---|---|
| committer | tb <> | 2025-05-10 05:25:43 +0000 |
| commit | 7d5e6890156b686b6b3e771d9efd343ce8df5fa9 (patch) | |
| tree | aeddf5a93b53d14de7aeeafa975ed10d4b70175d /src/usr.bin/openssl/cms.c | |
| parent | 9f95806ad8d64922d493cf10e05a982c71c788c5 (diff) | |
| download | openbsd-7d5e6890156b686b6b3e771d9efd343ce8df5fa9.tar.gz openbsd-7d5e6890156b686b6b3e771d9efd343ce8df5fa9.tar.bz2 openbsd-7d5e6890156b686b6b3e771d9efd343ce8df5fa9.zip | |
cms: disallow AEAD ciphers and AES XTS
The CMS code doesn't support RFC 5083/5084 authenticated enveloped data
and outputs garbage that even itself can't decrypt for a reason that I
have not tried to pinpoint. So refuse using AEAD ciphers and AES XTS for
enveloped data from the cms "app" and throw an error pointing out that
this isn't supported.
OpenSSL have since added incorrect support for AuthEnvelopedData (ASN.1
and code review are hard), so doing this right will need both correct and
interoperable code, which I doubt anyone will bother to write anytime soon.
Reported by Ben Cooper in https://github.com/libressl/portable/issues/1157
ok beck jsing
Diffstat (limited to 'src/usr.bin/openssl/cms.c')
| -rw-r--r-- | src/usr.bin/openssl/cms.c | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/src/usr.bin/openssl/cms.c b/src/usr.bin/openssl/cms.c index 7420d0ab8c..8e5015feba 100644 --- a/src/usr.bin/openssl/cms.c +++ b/src/usr.bin/openssl/cms.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: cms.c,v 1.36 2024/08/12 15:34:58 job Exp $ */ | 1 | /* $OpenBSD: cms.c,v 1.37 2025/05/10 05:25:43 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project. | 3 | * project. |
| 4 | */ | 4 | */ |
| @@ -193,15 +193,33 @@ get_cipher_by_name(char *name) | |||
| 193 | static int | 193 | static int |
| 194 | cms_opt_cipher(int argc, char **argv, int *argsused) | 194 | cms_opt_cipher(int argc, char **argv, int *argsused) |
| 195 | { | 195 | { |
| 196 | const EVP_CIPHER *cipher; | ||
| 196 | char *name = argv[0]; | 197 | char *name = argv[0]; |
| 197 | 198 | ||
| 198 | if (*name++ != '-') | 199 | if (*name++ != '-') |
| 199 | return (1); | 200 | return (1); |
| 200 | 201 | ||
| 201 | if ((cfg.cipher = get_cipher_by_name(name)) == NULL) | 202 | if ((cipher = get_cipher_by_name(name)) == NULL) |
| 202 | if ((cfg.cipher = EVP_get_cipherbyname(name)) == NULL) | 203 | if ((cipher = EVP_get_cipherbyname(name)) == NULL) |
| 203 | return (1); | 204 | return (1); |
| 204 | 205 | ||
| 206 | /* | ||
| 207 | * XXX - this should really be done in CMS_{encrypt,decrypt}() until | ||
| 208 | * we have proper support for AuthEnvelopedData (RFC 5084), but this | ||
| 209 | * is good enough for now to avoid outputting garbage with this rusty | ||
| 210 | * swiss army knife. | ||
| 211 | */ | ||
| 212 | if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { | ||
| 213 | BIO_printf(bio_err, "AuthEnvelopedData is not supported\n"); | ||
| 214 | return (1); | ||
| 215 | } | ||
| 216 | if (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE) { | ||
| 217 | BIO_printf(bio_err, "XTS mode not supported\n"); | ||
| 218 | return (1); | ||
| 219 | } | ||
| 220 | |||
| 221 | cfg.cipher = cipher; | ||
| 222 | |||
| 205 | *argsused = 1; | 223 | *argsused = 1; |
| 206 | return (0); | 224 | return (0); |
| 207 | } | 225 | } |