1 files changed, 14 insertions, 6 deletions
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
index 883832ff7d..313d21823d 100644
--- a/src/lib/libcrypto/ec/ec_ameth.c
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.65 2024/04/18 11:51:53 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.66 2024/04/18 11:53:40 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -820,6 +820,10 @@ static int
 ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
 {
        X509_ALGOR *alg, *kekalg = NULL;
+        const ASN1_OBJECT *obj;
+        int nid;
+        const void *parameter;
+        int parameter_type;
        ASN1_OCTET_STRING *ukm;
        const unsigned char *p;
        unsigned char *der = NULL;
@@ -831,16 +835,20 @@ ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
        if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
                goto err;
-        if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) {
+        X509_ALGOR_get0(&obj, &parameter_type, &parameter, alg);
+        if ((nid = OBJ_obj2nid(obj)) == NID_undef)
+                goto err;
+        if (!ecdh_cms_set_kdf_param(pctx, nid)) {
                ECerror(EC_R_KDF_PARAMETER_ERROR);
                goto err;
        }
-        if (alg->parameter->type != V_ASN1_SEQUENCE)
+        if (parameter_type != V_ASN1_SEQUENCE)
                goto err;
+        if ((p = ASN1_STRING_get0_data(parameter)) == NULL)
-        p = alg->parameter->value.sequence->data;
+                goto err;
-        plen = alg->parameter->value.sequence->length;
+        plen = ASN1_STRING_length(parameter);
        if ((kekalg = d2i_X509_ALGOR(NULL, &p, plen)) == NULL)
                goto err;
        if ((kekctx = CMS_RecipientInfo_kari_get0_ctx(ri)) == NULL)

diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c index 883832ff7d..313d21823d 100644 --- a/src/lib/libcrypto/ec/ec_ameth.c +++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ec_ameth.c,v 1.65 2024/04/18 11:51:53 tb Exp $ */	1	/* $OpenBSD: ec_ameth.c,v 1.66 2024/04/18 11:53:40 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -820,6 +820,10 @@ static int
820	ecdh_cms_set_shared_info(EVP_PKEY_CTX pctx, CMS_RecipientInfo ri)	820	ecdh_cms_set_shared_info(EVP_PKEY_CTX pctx, CMS_RecipientInfo ri)
821	{	821	{
822	X509_ALGOR alg, kekalg = NULL;	822	X509_ALGOR alg, kekalg = NULL;
		823	const ASN1_OBJECT *obj;
		824	int nid;
		825	const void *parameter;
		826	int parameter_type;
823	ASN1_OCTET_STRING *ukm;	827	ASN1_OCTET_STRING *ukm;
824	const unsigned char *p;	828	const unsigned char *p;
825	unsigned char *der = NULL;	829	unsigned char *der = NULL;
@@ -831,16 +835,20 @@ ecdh_cms_set_shared_info(EVP_PKEY_CTX pctx, CMS_RecipientInfo ri)
831	if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))	835	if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
832	goto err;	836	goto err;
833		837
834	if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) {	838	X509_ALGOR_get0(&obj, &parameter_type, &parameter, alg);
		839
		840	if ((nid = OBJ_obj2nid(obj)) == NID_undef)
		841	goto err;
		842	if (!ecdh_cms_set_kdf_param(pctx, nid)) {
835	ECerror(EC_R_KDF_PARAMETER_ERROR);	843	ECerror(EC_R_KDF_PARAMETER_ERROR);
836	goto err;	844	goto err;
837	}	845	}
838		846
839	if (alg->parameter->type != V_ASN1_SEQUENCE)	847	if (parameter_type != V_ASN1_SEQUENCE)
840	goto err;	848	goto err;
841		849	if ((p = ASN1_STRING_get0_data(parameter)) == NULL)
842	p = alg->parameter->value.sequence->data;	850	goto err;
843	plen = alg->parameter->value.sequence->length;	851	plen = ASN1_STRING_length(parameter);
844	if ((kekalg = d2i_X509_ALGOR(NULL, &p, plen)) == NULL)	852	if ((kekalg = d2i_X509_ALGOR(NULL, &p, plen)) == NULL)
845	goto err;	853	goto err;
846	if ((kekctx = CMS_RecipientInfo_kari_get0_ctx(ri)) == NULL)	854	if ((kekctx = CMS_RecipientInfo_kari_get0_ctx(ri)) == NULL)