summaryrefslogtreecommitdiffstats
path: root/crypto/crmf
diff options
context:
space:
mode:
authorTomas Mraz <tomas@openssl.org>2021-04-26 12:08:27 +0200
committerTomas Mraz <tomas@openssl.org>2021-04-28 09:38:31 +0200
commiteaf8a40d97d642ccd2c55fbf8bb8ee3242aec04a (patch)
tree23ef2d3756c42a91841270eb74330a8840dbf5d0 /crypto/crmf
parentc0a79e9836a9aa30912978f69fab3b3bb3a8ddc5 (diff)
Prefer fetch over legacy get_digestby/get_cipherby
Fixes #14198 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15028)
Diffstat (limited to 'crypto/crmf')
-rw-r--r--crypto/crmf/crmf_lib.c19
1 files changed, 17 insertions, 2 deletions
diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c
index 6cea644cfc..e26637d0a4 100644
--- a/crypto/crmf/crmf_lib.c
+++ b/crypto/crmf/crmf_lib.c
@@ -30,6 +30,7 @@
#include "crmf_local.h"
#include "internal/constant_time.h"
+#include "internal/sizes.h"
/* explicit #includes not strictly needed since implied by the above: */
#include <openssl/crmf.h>
@@ -589,24 +590,37 @@ X509
EVP_CIPHER_CTX *evp_ctx = NULL; /* context for symmetric encryption */
unsigned char *ek = NULL; /* decrypted symmetric encryption key */
size_t eksize = 0; /* size of decrypted symmetric encryption key */
- const EVP_CIPHER *cipher = NULL; /* used cipher */
+ EVP_CIPHER *cipher = NULL; /* used cipher */
int cikeysize = 0; /* key size from cipher */
unsigned char *iv = NULL; /* initial vector for symmetric encryption */
unsigned char *outbuf = NULL; /* decryption output buffer */
const unsigned char *p = NULL; /* needed for decoding ASN1 */
int n, outlen = 0;
EVP_PKEY_CTX *pkctx = NULL; /* private key context */
+ char name[OSSL_MAX_NAME_SIZE];
if (ecert == NULL || ecert->symmAlg == NULL || ecert->encSymmKey == NULL
|| ecert->encValue == NULL || pkey == NULL) {
ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
return NULL;
}
+
/* select symmetric cipher based on algorithm given in message */
- if ((cipher = EVP_get_cipherbyobj(ecert->symmAlg->algorithm)) == NULL) {
+ OBJ_obj2txt(name, sizeof(name), ecert->symmAlg->algorithm, 0);
+
+ (void)ERR_set_mark();
+ cipher = EVP_CIPHER_fetch(NULL, name, NULL);
+
+ if (cipher == NULL)
+ cipher = (EVP_CIPHER *)EVP_get_cipherbyname(name);
+
+ if (cipher == NULL) {
+ (void)ERR_clear_last_mark();
ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_CIPHER);
goto end;
}
+ (void)ERR_pop_to_mark();
+
cikeysize = EVP_CIPHER_key_length(cipher);
/* first the symmetric key needs to be decrypted */
pkctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
@@ -670,6 +684,7 @@ X509
EVP_PKEY_CTX_free(pkctx);
OPENSSL_free(outbuf);
EVP_CIPHER_CTX_free(evp_ctx);
+ EVP_CIPHER_free(cipher);
OPENSSL_clear_free(ek, eksize);
OPENSSL_free(iv);
return cert;