Fix the return check of OBJ_obj2txt

[thirdparty/openssl.git] / crypto / cms / cms_dh.c

diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c
index 538ef451741bad55a3f0b8380583a0ece0c3a11a..f14546c703782f2842918dcd4d3ae669b73ae801 100644 (file)
--- a/crypto/cms/cms_dh.c
+++ b/crypto/cms/cms_dh.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -12,8 +12,9 @@
 #include <openssl/dh.h>
 #include <openssl/err.h>
 #include <openssl/core_names.h>
-#include "cms_local.h"
+#include "internal/sizes.h"
 #include "crypto/evp.h"
+#include "cms_local.h"
 
 static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
                               X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)
@@ -48,7 +49,11 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
 
     if ((public_key = d2i_ASN1_INTEGER(NULL, &p, plen)) == NULL)
         goto err;
-    plen = ASN1_STRING_length((ASN1_STRING *)public_key);
+    /*
+     * Pad to full p parameter size as that is checked by
+     * EVP_PKEY_set1_encoded_public_key()
+     */
+    plen = EVP_PKEY_get_size(pk);
     if ((bnpub = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL)
         goto err;
     if ((buf = OPENSSL_malloc(plen)) == NULL)
@@ -83,7 +88,7 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
     int keylen, plen;
     EVP_CIPHER *kekcipher = NULL;
     EVP_CIPHER_CTX *kekctx;
-    const char *name;
+    char name[OSSL_MAX_NAME_SIZE];
 
     if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
         goto err;
@@ -113,24 +118,24 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
     if (kekctx == NULL)
         goto err;
 
-    name = OBJ_nid2sn(OBJ_obj2nid(kekalg->algorithm));
-    if (name == NULL)
+    if (OBJ_obj2txt(name, sizeof(name), kekalg->algorithm, 0) <= 0)
         goto err;
 
     kekcipher = EVP_CIPHER_fetch(pctx->libctx, name, pctx->propquery);
-    if (kekcipher == NULL || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
+    if (kekcipher == NULL 
+        || EVP_CIPHER_get_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
         goto err;
     if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL))
         goto err;
     if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0)
         goto err;
 
-    keylen = EVP_CIPHER_CTX_key_length(kekctx);
+    keylen = EVP_CIPHER_CTX_get_key_length(kekctx);
     if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0)
         goto err;
     /* Use OBJ_nid2obj to ensure we use built in OID that isn't freed */
     if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx,
-                                     OBJ_nid2obj(EVP_CIPHER_type(kekcipher)))
+                                     OBJ_nid2obj(EVP_CIPHER_get_type(kekcipher)))
         <= 0)
         goto err;
 
@@ -254,7 +259,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
         kdf_md = EVP_sha1();
         if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, kdf_md) <= 0)
             goto err;
-    } else if (EVP_MD_type(kdf_md) != NID_sha1)
+    } else if (EVP_MD_get_type(kdf_md) != NID_sha1)
         /* Unsupported digest */
         goto err;
 
@@ -263,10 +268,10 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
 
     /* Get wrap NID */
     ctx = CMS_RecipientInfo_kari_get0_ctx(ri);
-    wrap_nid = EVP_CIPHER_CTX_type(ctx);
+    wrap_nid = EVP_CIPHER_CTX_get_type(ctx);
     if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, OBJ_nid2obj(wrap_nid)) <= 0)
         goto err;
-    keylen = EVP_CIPHER_CTX_key_length(ctx);
+    keylen = EVP_CIPHER_CTX_get_key_length(ctx);
 
     /* Package wrap algorithm in an AlgorithmIdentifier */
 
@@ -323,7 +328,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
     return rv;
 }
 
-int cms_dh_envelope(CMS_RecipientInfo *ri, int decrypt)
+int ossl_cms_dh_envelope(CMS_RecipientInfo *ri, int decrypt)
 {
     assert(decrypt == 0 || decrypt == 1);