diff options
| author | Tomas Mraz <tmraz@fedoraproject.org> | 2021-01-15 17:13:00 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-01-21 18:08:02 +0100 |
| commit | 6c4ecc655a1def370b4f5b43c455b0c6617938c8 (patch) | |
| tree | 9007f7a40f3926555f80ebed5db2d4fd91f9c4fc /crypto/cms | |
| parent | 24d5be7a2a9a6b992510f055a65462e372bd1085 (diff) | |
dh_cms_set_peerkey: The peer key is encoded as an ASN.1 integer
It must be decoded from the ASN.1 integer before setting
to the EVP_PKEY.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13869)
Diffstat (limited to 'crypto/cms')
| -rw-r--r-- | crypto/cms/cms_dh.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c index 9cba6364d1..c897dc765a 100644 --- a/crypto/cms/cms_dh.c +++ b/crypto/cms/cms_dh.c @@ -23,7 +23,9 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, ASN1_INTEGER *public_key = NULL; int rv = 0; EVP_PKEY *pkpeer = NULL, *pk = NULL; + BIGNUM *bnpub = NULL; const unsigned char *p; + unsigned char *buf = NULL; int plen; X509_ALGOR_get0(&aoid, &atype, &aval, alg); @@ -43,16 +45,28 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, if (p == NULL || plen == 0) goto err; + if ((public_key = d2i_ASN1_INTEGER(NULL, &p, plen)) == NULL) + goto err; + plen = ASN1_STRING_length((ASN1_STRING *)public_key); + if ((bnpub = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) + goto err; + if ((buf = OPENSSL_malloc(plen)) == NULL) + goto err; + if (BN_bn2binpad(bnpub, buf, plen) < 0) + goto err; + pkpeer = EVP_PKEY_new(); if (pkpeer == NULL || !EVP_PKEY_copy_parameters(pkpeer, pk) - || !EVP_PKEY_set1_encoded_public_key(pkpeer, p, plen)) + || !EVP_PKEY_set1_encoded_public_key(pkpeer, buf, plen)) goto err; if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0) rv = 1; err: ASN1_INTEGER_free(public_key); + BN_free(bnpub); + OPENSSL_free(buf); EVP_PKEY_free(pkpeer); return rv; } |