From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Fri, 15 Jan 2021 17:33:40 +0000 (+0100)
Subject: dh_cms_set_shared_info: Use explicit fetch to be able to provide libctx
X-Git-Tag: openssl-3.0.0-alpha11~38
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=616581aaac2dda1557586f7b43fc3a3d926899c4;p=thirdparty%2Fopenssl.git

dh_cms_set_shared_info: Use explicit fetch to be able to provide libctx

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13869)
---

diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c
index c897dc765a0..538ef451741 100644
--- a/crypto/cms/cms_dh.c
+++ b/crypto/cms/cms_dh.c
@@ -13,6 +13,7 @@
 #include <openssl/err.h>
 #include <openssl/core_names.h>
 #include "cms_local.h"
+#include "crypto/evp.h"
 
 static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
                               X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)
@@ -80,8 +81,9 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
     unsigned char *dukm = NULL;
     size_t dukmlen = 0;
     int keylen, plen;
-    const EVP_CIPHER *kekcipher;
+    EVP_CIPHER *kekcipher = NULL;
     EVP_CIPHER_CTX *kekctx;
+    const char *name;
 
     if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
         goto err;
@@ -110,7 +112,12 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
     kekctx = CMS_RecipientInfo_kari_get0_ctx(ri);
     if (kekctx == NULL)
         goto err;
-    kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
+
+    name = OBJ_nid2sn(OBJ_obj2nid(kekalg->algorithm));
+    if (name == NULL)
+        goto err;
+
+    kekcipher = EVP_CIPHER_fetch(pctx->libctx, name, pctx->propquery);
     if (kekcipher == NULL || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
         goto err;
     if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL))
@@ -141,6 +148,7 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
     rv = 1;
  err:
     X509_ALGOR_free(kekalg);
+    EVP_CIPHER_free(kekcipher);
     OPENSSL_free(dukm);
     return rv;
 }
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 005e9879aef..1acc6980e05 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -616,7 +616,7 @@ my @smime_cms_param_tests = (
       [ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
         "-stream", "-out", "{output}.cms",
         "-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
-      [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
+      [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
         "-in", "{output}.cms", "-out", "{output}.txt" ],
       \&final_compare
     ]