diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-08-20 13:28:11 +1000 |
|---|---|---|
| committer | Dmitry Belyavskiy <beldmit@gmail.com> | 2020-08-22 11:07:14 +0300 |
| commit | 1acb2e6f3540727c4cc9f8388cc0da265e6fe8ab (patch) | |
| tree | 7974da2e8a28b6e74243376d5222aed70abf7f21 /crypto/cms/cms_enc.c | |
| parent | eed12622faf01369141caa558439ac5f6fd5dcd1 (diff) | |
Fix CMS so that it still works with non fetchable algorithms.
Fixes #12633
For CMS the Gost engine still requires calls to EVP_get_digestbyname() and EVP_get_cipherbyname() when
EVP_MD_fetch() and EVP_CIPHER_fetch() return NULL.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12689)
Diffstat (limited to 'crypto/cms/cms_enc.c')
| -rw-r--r-- | crypto/cms/cms_enc.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index e25453ec9c..48934ef2a1 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -45,6 +45,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, BIO_get_cipher_ctx(b, &ctx); + (void)ERR_set_mark(); if (enc) { cipher = ec->cipher; /* @@ -58,17 +59,21 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, if (cipher != NULL) { fetched_ciph = EVP_CIPHER_fetch(cms_ctx->libctx, EVP_CIPHER_name(cipher), cms_ctx->propq); - if (fetched_ciph == NULL) { - CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, CMS_R_UNKNOWN_CIPHER); - goto err; - } + if (fetched_ciph != NULL) + cipher = fetched_ciph; + } + if (cipher == NULL) { + (void)ERR_clear_last_mark(); + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, CMS_R_UNKNOWN_CIPHER); + goto err; } - if (EVP_CipherInit_ex(ctx, fetched_ciph, NULL, NULL, NULL, enc) <= 0) { + (void)ERR_pop_to_mark(); + + if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc) <= 0) { CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, CMS_R_CIPHER_INITIALISATION_ERROR); goto err; } - EVP_CIPHER_free(fetched_ciph); if (enc) { int ivlen; @@ -159,6 +164,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, ok = 1; err: + EVP_CIPHER_free(fetched_ciph); if (!keep_key || !ok) { OPENSSL_clear_free(ec->key, ec->keylen); ec->key = NULL; |