Commit 49c9c1b3 authored by David von Oheimb's avatar David von Oheimb Committed by Matt Caswell
Browse files

add 'unsupported cipher mode' diagnostics to evp_lib.c and genpkey.c 



Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6217)
parent f2950a46

apps/genpkey.c

+7 −0
Original line number Diff line number Diff line
@@ -120,6 +120,13 @@ int genpkey_main(int argc, char **argv) 
            if (!opt_cipher(opt_unknown(), &cipher)

                || do_param == 1)

                goto opthelp;

            if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE ||

                EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE ||

                EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE ||

                EVP_CIPHER_mode(cipher) == EVP_CIPH_OCB_MODE) {

                BIO_printf(bio_err, "%s: cipher mode not supported\n", prog);

                goto end;

            }

        }

    }

    argc = opt_num_rest();

crypto/asn1/asn1_err.c

+2 −0
Original line number Diff line number Diff line
@@ -322,6 +322,8 @@ static const ERR_STRING_DATA ASN1_str_reasons[] = { 
    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_TAG), "unknown tag"},

    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),

    "unsupported any defined by type"},

    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_CIPHER),

    "unsupported cipher"},

    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),

    "unsupported public key type"},

    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_TYPE), "unsupported type"},

crypto/asn1/p5_pbev2.c

+1 −1
Original line number Diff line number Diff line
@@ -78,7 +78,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, 
    /* Dummy cipherinit to just setup the IV, and PRF */

    if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0))

        goto err;

    if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) {

    if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) {

        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS);

        goto err;

    }

crypto/asn1/p5_scrypt.c

+1 −1
Original line number Diff line number Diff line
@@ -93,7 +93,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, 
    /* Dummy cipherinit to just setup the IV */

    if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0) == 0)

        goto err;

    if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) {

    if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) {

        ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,

                ASN1_R_ERROR_SETTING_CIPHER_PARAMS);

        goto err;

crypto/cms/cms_pwri.c

+1 −1
Original line number Diff line number Diff line
@@ -326,7 +326,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, 
    if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))

        goto err;

    EVP_CIPHER_CTX_set_padding(kekctx, 0);

    if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) < 0) {

    if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) {

        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,

               CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);

        goto err;