Affected version: 1.0.2f crypto/cms/cms_kari.c calls EVP_des_ede3_wrap without checking whether OPENSSL_NO_DES is defined, and EVP_aes_XXX_wrap without checking if OPENSSL_NO_AES is defined. See the attached patch for the fix
-- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4316 Please log in as guest with password guest if prompted
--- crypto/cms/cms_kari.c +++ crypto/cms/cms_kari.c @@ -402,13 +402,22 @@ * DES3 wrap otherwise use AES wrap similar to key size. */ if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc) +#ifdef OPENSSL_NO_DES + return 0; +#else kekcipher = EVP_des_ede3_wrap(); - else if (keylen <= 16) +#endif + else +#ifdef OPENSSL_NO_AES + return 0; +#else + if (keylen <= 16) kekcipher = EVP_aes_128_wrap(); else if (keylen <= 24) kekcipher = EVP_aes_192_wrap(); else kekcipher = EVP_aes_256_wrap(); +#endif return EVP_EncryptInit_ex(ctx, kekcipher, NULL, NULL, NULL); }
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev