The branch OpenSSL_1_1_0-stable has been updated via d93022c5ad05fd87c5732881b79dec7d797d2e24 (commit) via a904692f4b0bb610c2d36ad2c24ba0eb4ed5e88c (commit) from 1a7d768dc33ad6073f60934fa5b64fa01d9a0a71 (commit)
- Log ----------------------------------------------------------------- commit d93022c5ad05fd87c5732881b79dec7d797d2e24 Author: Dr. Stephen Henson <st...@openssl.org> Date: Tue Aug 8 15:20:07 2017 +0100 Support CMS decrypt without a certificate for all key types Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4115) (cherry picked from commit 3f1d1704f215dc11e1fefbb6ecdcb2a08c3a65db) commit a904692f4b0bb610c2d36ad2c24ba0eb4ed5e88c Author: Dr. Stephen Henson <st...@openssl.org> Date: Tue Aug 8 15:25:14 2017 +0100 Add test for ECDH CMS key only Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4115) (cherry picked from commit 5d09b003c080d81ff6adfb6c54be5c018a2ba294) ----------------------------------------------------------------------- Summary of changes: crypto/cms/cms_smime.c | 10 ++++------ test/recipes/80-test_cms.t | 9 +++++++++ 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index dbf7dd3..7e7b6e5 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -583,19 +583,17 @@ static int cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, STACK_OF(CMS_RecipientEncryptedKey) *reks; CMS_RecipientEncryptedKey *rek; reks = CMS_RecipientInfo_kari_get0_reks(ri); - if (!cert) - return 0; for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) { int rv; rek = sk_CMS_RecipientEncryptedKey_value(reks, i); - if (CMS_RecipientEncryptedKey_cert_cmp(rek, cert)) + if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert)) continue; CMS_RecipientInfo_kari_set0_pkey(ri, pk); rv = CMS_RecipientInfo_kari_decrypt(cms, ri, rek); CMS_RecipientInfo_kari_set0_pkey(ri, NULL); if (rv > 0) return 1; - return -1; + return cert == NULL ? 0 : -1; } return 0; } @@ -659,8 +657,8 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) return 1; } } - /* If no cert and not debugging always return success */ - if (match_ri && !cert && !debug) { + /* If no cert, key transport and not debugging always return success */ + if (cert == NULL && ri_type == CMS_RECIPINFO_TRANS && match_ri && !debug) { ERR_clear_error(); return 1; } diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index 264c7d6..b626449 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -349,6 +349,15 @@ my @smime_cms_param_tests = ( "-in", "test.cms", "-out", "smtst.txt" ] ], + [ "enveloped content test streaming S/MIME format, DES, ECDH, 2 recipients, key only used", + [ "-encrypt", "-in", $smcont, + "-stream", "-out", "test.cms", + catfile($smdir, "smec1.pem"), + catfile($smdir, "smec2.pem") ], + [ "-decrypt", "-inkey", catfile($smdir, "smec2.pem"), + "-in", "test.cms", "-out", "smtst.txt" ] + ], + [ "enveloped content test streaming S/MIME format, ECDH, DES, key identifier", [ "-encrypt", "-keyid", "-in", $smcont, "-stream", "-out", "test.cms", _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits