diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-12-25 13:38:23 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2023-05-30 22:02:10 +0200 |
| commit | 36b91a198ae027c054ef128a35a268bc3c307f00 (patch) | |
| tree | a47bf3a4c012fb34c51c8c34f973e15dc912f9b4 /crypto/crmf/crmf_lib.c | |
| parent | fdef95716dbcc6127d05f8cfc90f389a84acaf9b (diff) | |
CMS, PKCS7, and CRMF: simplify use of EVP_PKEY_decrypt() by helper function
Also remove needless constant_time_* and ERR_clear_error() calls
from OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17354)
Diffstat (limited to 'crypto/crmf/crmf_lib.c')
| -rw-r--r-- | crypto/crmf/crmf_lib.c | 28 |
1 files changed, 6 insertions, 22 deletions
diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index 6fc7c91095..12939b9920 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -29,8 +29,8 @@ #include <openssl/asn1t.h> #include "crmf_local.h" -#include "internal/constant_time.h" #include "internal/sizes.h" +#include "crypto/evp.h" #include "crypto/x509.h" /* explicit #includes not strictly needed since implied by the above: */ @@ -661,28 +661,12 @@ X509 cikeysize = EVP_CIPHER_get_key_length(cipher); /* first the symmetric key needs to be decrypted */ pkctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); - if (pkctx != NULL && EVP_PKEY_decrypt_init(pkctx) > 0) { - ASN1_BIT_STRING *encKey = ecert->encSymmKey; - size_t failure; - int retval; - - if (EVP_PKEY_decrypt(pkctx, NULL, &eksize, - encKey->data, encKey->length) <= 0 - || (ek = OPENSSL_malloc(eksize)) == NULL) - goto end; - retval = EVP_PKEY_decrypt(pkctx, ek, &eksize, - encKey->data, encKey->length); - ERR_clear_error(); /* error state may have sensitive information */ - failure = ~constant_time_is_zero_s(constant_time_msb(retval) - | constant_time_is_zero(retval)); - failure |= ~constant_time_eq_s(eksize, (size_t)cikeysize); - if (failure) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY); - goto end; - } - } else { + if (pkctx == NULL || EVP_PKEY_decrypt_init(pkctx) <= 0 + || evp_pkey_decrypt_alloc(pkctx, &ek, &eksize, (size_t)cikeysize, + ecert->encSymmKey->data, + ecert->encSymmKey->length) <= 0) goto end; - } + if ((iv = OPENSSL_malloc(EVP_CIPHER_get_iv_length(cipher))) == NULL) goto end; if (ASN1_TYPE_get_octetstring(ecert->symmAlg->parameter, iv, |