diff options
author | Tomas Mraz <tmraz@fedoraproject.org> | 2021-01-14 14:43:11 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-01-21 18:08:02 +0100 |
commit | f23e4a17a2309793a0ac787725736f1c4474c804 (patch) | |
tree | e449cb58462d714eddd2ea51ece55a8f43d8223d /crypto/cms | |
parent | 6d9a54c6e661094c0668f0307213789c2d9be3ec (diff) |
Fixes related to broken DH support in CMS
- DH support should work with both DH and DHX keys
- UKM parameter is optional so it can have length 0
Fixes #13810
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13869)
Diffstat (limited to 'crypto/cms')
-rw-r--r-- | crypto/cms/cms_env.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index d2f630146e..6f3ca020d8 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -115,7 +115,7 @@ int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd) } else return 0; - if (EVP_PKEY_is_a(pkey, "DHX")) + if (EVP_PKEY_is_a(pkey, "DHX") || EVP_PKEY_is_a(pkey, "DH")) return cms_dh_envelope(ri, cmd); else if (EVP_PKEY_is_a(pkey, "EC")) return cms_ecdh_envelope(ri, cmd); @@ -1294,6 +1294,8 @@ int cms_pkey_get_ri_type(EVP_PKEY *pk) /* Check types that we know about */ if (EVP_PKEY_is_a(pk, "DH")) return CMS_RECIPINFO_AGREE; + else if (EVP_PKEY_is_a(pk, "DHX")) + return CMS_RECIPINFO_AGREE; else if (EVP_PKEY_is_a(pk, "DSA")) return CMS_RECIPINFO_NONE; else if (EVP_PKEY_is_a(pk, "EC")) |