From: Richard Levitte Date: Fri, 1 Nov 2019 15:56:31 +0000 (+0100) Subject: Change EVP_PKEY_CTX_new_provided() to take a library context too. X-Git-Tag: openssl-3.0.0-alpha1~1039 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=3ee348b0dc5cd904fc2c022e6543f478c3d78732;p=oweals%2Fopenssl.git Change EVP_PKEY_CTX_new_provided() to take a library context too. With provided algorithms, the library context is ever present, so of course it should be specified alongside the algorithm name and property query string. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/10308) --- diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 5ba844f53e..d547e5a69d 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -111,7 +111,8 @@ const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type) return (**ret)(); } -static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, +static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx, + EVP_PKEY *pkey, ENGINE *e, const char *name, const char *propquery, int id) { @@ -149,6 +150,16 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, if (e == NULL) name = OBJ_nid2sn(id); propquery = NULL; + /* + * We were called using legacy data, or an EVP_PKEY, but an EVP_PKEY + * isn't tied to a specific library context, so we fall back to the + * default library context. + * TODO(v3.0): an EVP_PKEY that doesn't originate from a leagacy key + * structure only has the pkeys[] cache, where the first element is + * considered the "origin". Investigate if that could be a suitable + * way to find a library context. + */ + libctx = NULL; #ifndef OPENSSL_NO_ENGINE if (e == NULL && pkey != NULL) @@ -191,6 +202,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, EVPerr(EVP_F_INT_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; } + ret->libctx = libctx; ret->algorithm = name; ret->propquery = propquery; ret->engine = e; @@ -303,18 +315,19 @@ void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth) EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e) { - return int_ctx_new(pkey, e, NULL, NULL, -1); + return int_ctx_new(NULL, pkey, e, NULL, NULL, -1); } EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e) { - return int_ctx_new(NULL, e, NULL, NULL, id); + return int_ctx_new(NULL, NULL, e, NULL, NULL, id); } -EVP_PKEY_CTX *EVP_PKEY_CTX_new_provided(const char *name, +EVP_PKEY_CTX *EVP_PKEY_CTX_new_provided(OPENSSL_CTX *libctx, + const char *name, const char *propquery) { - return int_ctx_new(NULL, NULL, name, propquery, -1); + return int_ctx_new(libctx, NULL, NULL, name, propquery, -1); } EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) @@ -344,6 +357,7 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) EVP_PKEY_up_ref(pctx->pkey); rctx->pkey = pctx->pkey; rctx->operation = pctx->operation; + rctx->libctx = pctx->libctx; rctx->algorithm = pctx->algorithm; rctx->propquery = pctx->propquery; diff --git a/doc/man3/EVP_PKEY_CTX_new.pod b/doc/man3/EVP_PKEY_CTX_new.pod index de7f439da5..5d18a04344 100644 --- a/doc/man3/EVP_PKEY_CTX_new.pod +++ b/doc/man3/EVP_PKEY_CTX_new.pod @@ -12,7 +12,8 @@ EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); - EVP_PKEY_CTX *EVP_PKEY_CTX_new_provided(const char *name, + EVP_PKEY_CTX *EVP_PKEY_CTX_new_provided(OPENSSL_CTX *libctx, + const char *name, const char *propquery); EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); @@ -25,11 +26,11 @@ the algorithm specified in I and ENGINE I. The EVP_PKEY_CTX_new_id() function allocates public key algorithm context using the algorithm specified by I and ENGINE I. -The EVP_PKEY_CTX_new_provided() function allocates a public key -algorithm context using the algorithm specified by I and the -property query I. The strings aren't duplicated, so they -must remain unchanged for the lifetime of the returned B -or of any of its duplicates. +The EVP_PKEY_CTX_new_provided() function allocates a public key algorithm +context using the library context I (see L), the +algorithm specified by I and the property query I. None +of the arguments are duplicated, so they must remain unchanged for the +lifetime of the returned B or of any of its duplicates. EVP_PKEY_CTX_new_id() and EVP_PKEY_CTX_new_provided() are normally used when no B structure is associated with the operations, diff --git a/include/crypto/evp.h b/include/crypto/evp.h index dad7174bc5..32ae121eea 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -21,7 +21,11 @@ struct evp_pkey_ctx_st { /* Actual operation */ int operation; - /* Algorithm name and properties associated with this context */ + /* + * Library context, Algorithm name and properties associated + * with this context + */ + OPENSSL_CTX *libctx; const char *algorithm; const char *propquery; diff --git a/include/openssl/evp.h b/include/openssl/evp.h index a0190c8b08..baa1ce8c6c 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1461,7 +1461,8 @@ void EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt, EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); -EVP_PKEY_CTX *EVP_PKEY_CTX_new_provided(const char *name, +EVP_PKEY_CTX *EVP_PKEY_CTX_new_provided(OPENSSL_CTX *libctx, + const char *name, const char *propquery); EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);