From 36b91a198ae027c054ef128a35a268bc3c307f00 Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Sat, 25 Dec 2021 13:38:23 +0100
Subject: CMS, PKCS7, and CRMF: simplify use of EVP_PKEY_decrypt() by helper
 function

Also remove needless constant_time_* and ERR_clear_error() calls
from OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17354)
---
 crypto/evp/asymcipher.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'crypto/evp')

diff --git a/crypto/evp/asymcipher.c b/crypto/evp/asymcipher.c
index 3acf4d1dfd..ca2a8ebdf2 100644
--- a/crypto/evp/asymcipher.c
+++ b/crypto/evp/asymcipher.c
@@ -298,6 +298,24 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
         return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
 }
 
+/* decrypt to new buffer of dynamic size, checking any pre-determined size */
+int evp_pkey_decrypt_alloc(EVP_PKEY_CTX *ctx, unsigned char **outp,
+                           size_t *outlenp, size_t expected_outlen,
+                           const unsigned char *in, size_t inlen)
+{
+    if (EVP_PKEY_decrypt(ctx, NULL, outlenp, in, inlen) <= 0
+            || (*outp = OPENSSL_malloc(*outlenp)) == NULL)
+        return -1;
+    if (EVP_PKEY_decrypt(ctx, *outp, outlenp, in, inlen) <= 0
+            || *outlenp == 0
+            || (expected_outlen != 0 && *outlenp != expected_outlen)) {
+        ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
+        OPENSSL_clear_free(*outp, *outlenp);
+        *outp = NULL;
+        return 0;
+    }
+    return 1;
+}
 
 static EVP_ASYM_CIPHER *evp_asym_cipher_new(OSSL_PROVIDER *prov)
 {
-- 
cgit v1.2.3