diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-04-26 12:08:27 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-04-28 09:38:31 +0200 |
commit | eaf8a40d97d642ccd2c55fbf8bb8ee3242aec04a (patch) | |
tree | 23ef2d3756c42a91841270eb74330a8840dbf5d0 /crypto/crmf | |
parent | c0a79e9836a9aa30912978f69fab3b3bb3a8ddc5 (diff) |
Prefer fetch over legacy get_digestby/get_cipherby
Fixes #14198
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15028)
Diffstat (limited to 'crypto/crmf')
-rw-r--r-- | crypto/crmf/crmf_lib.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index 6cea644cfc..e26637d0a4 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -30,6 +30,7 @@ #include "crmf_local.h" #include "internal/constant_time.h" +#include "internal/sizes.h" /* explicit #includes not strictly needed since implied by the above: */ #include <openssl/crmf.h> @@ -589,24 +590,37 @@ X509 EVP_CIPHER_CTX *evp_ctx = NULL; /* context for symmetric encryption */ unsigned char *ek = NULL; /* decrypted symmetric encryption key */ size_t eksize = 0; /* size of decrypted symmetric encryption key */ - const EVP_CIPHER *cipher = NULL; /* used cipher */ + EVP_CIPHER *cipher = NULL; /* used cipher */ int cikeysize = 0; /* key size from cipher */ unsigned char *iv = NULL; /* initial vector for symmetric encryption */ unsigned char *outbuf = NULL; /* decryption output buffer */ const unsigned char *p = NULL; /* needed for decoding ASN1 */ int n, outlen = 0; EVP_PKEY_CTX *pkctx = NULL; /* private key context */ + char name[OSSL_MAX_NAME_SIZE]; if (ecert == NULL || ecert->symmAlg == NULL || ecert->encSymmKey == NULL || ecert->encValue == NULL || pkey == NULL) { ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return NULL; } + /* select symmetric cipher based on algorithm given in message */ - if ((cipher = EVP_get_cipherbyobj(ecert->symmAlg->algorithm)) == NULL) { + OBJ_obj2txt(name, sizeof(name), ecert->symmAlg->algorithm, 0); + + (void)ERR_set_mark(); + cipher = EVP_CIPHER_fetch(NULL, name, NULL); + + if (cipher == NULL) + cipher = (EVP_CIPHER *)EVP_get_cipherbyname(name); + + if (cipher == NULL) { + (void)ERR_clear_last_mark(); ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_CIPHER); goto end; } + (void)ERR_pop_to_mark(); + cikeysize = EVP_CIPHER_key_length(cipher); /* first the symmetric key needs to be decrypted */ pkctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); @@ -670,6 +684,7 @@ X509 EVP_PKEY_CTX_free(pkctx); OPENSSL_free(outbuf); EVP_CIPHER_CTX_free(evp_ctx); + EVP_CIPHER_free(cipher); OPENSSL_clear_free(ek, eksize); OPENSSL_free(iv); return cert; |