Fixes related to broken DH support in CMS

- DH support should work with both DH and DHX keys - UKM parameter is optional so it can have length 0 Fixes #13810 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13869)
author: Tomas Mraz <tmraz@fedoraproject.org> 2021-01-14 14:43:11 +0100
committer: Tomas Mraz <tomas@openssl.org> 2021-01-21 18:08:02 +0100
commit: f23e4a17a2309793a0ac787725736f1c4474c804 (patch)
tree: e449cb58462d714eddd2ea51ece55a8f43d8223d /crypto/cms
parent: 6d9a54c6e661094c0668f0307213789c2d9be3ec (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index d2f630146e..6f3ca020d8 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -115,7 +115,7 @@ int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
     } else
         return 0;
 
-    if (EVP_PKEY_is_a(pkey, "DHX"))
+    if (EVP_PKEY_is_a(pkey, "DHX") || EVP_PKEY_is_a(pkey, "DH"))
         return cms_dh_envelope(ri, cmd);
     else if (EVP_PKEY_is_a(pkey, "EC"))
         return cms_ecdh_envelope(ri, cmd);
@@ -1294,6 +1294,8 @@ int cms_pkey_get_ri_type(EVP_PKEY *pk)
     /* Check types that we know about */
     if (EVP_PKEY_is_a(pk, "DH"))
         return CMS_RECIPINFO_AGREE;
+    else if (EVP_PKEY_is_a(pk, "DHX"))
+        return CMS_RECIPINFO_AGREE;
     else if (EVP_PKEY_is_a(pk, "DSA"))
         return CMS_RECIPINFO_NONE;
     else if (EVP_PKEY_is_a(pk, "EC"))
author	Tomas Mraz <tmraz@fedoraproject.org>	2021-01-14 14:43:11 +0100
committer	Tomas Mraz <tomas@openssl.org>	2021-01-21 18:08:02 +0100
commit	f23e4a17a2309793a0ac787725736f1c4474c804 (patch)
tree	e449cb58462d714eddd2ea51ece55a8f43d8223d /crypto/cms
parent	6d9a54c6e661094c0668f0307213789c2d9be3ec (diff)