From: Richard Levitte Date: Thu, 31 Oct 2019 10:43:31 +0000 (+0100) Subject: Make EVP_PKEY_CTX initialization more precise X-Git-Tag: openssl-3.0.0-alpha1~1040 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=60653e5b25242555446f8acf0abd5ab9ff83010c;p=oweals%2Fopenssl.git Make EVP_PKEY_CTX initialization more precise There is a vagueness around how the provider data (algorithm name and property query string) is initialized in the presence of an engine. This change modifies this slightly so that the algorithm name for use with providers is never set if the initilization was given an engine. This makes it easier for other functions to simply check ctx->algorithm to see if the context is meant to be used for strictly legacy stuff or not. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/10308) --- diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 350d963086..5ba844f53e 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -132,8 +132,24 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, return 0; id = pkey->type; } - name = OBJ_nid2sn(id); + + /* + * Here, we extract what information we can for the purpose of + * supporting usage with implementations from providers, to make + * for a smooth transition from legacy stuff to provider based stuff. + * + * If an engine is given, this is entirely legacy, and we should not + * pretend anything else, so we only set the name when no engine is + * given. If both are already given, someone made a mistake, and + * since that can only happen internally, it's safe to make an + * assertion. + */ + if (!ossl_assert(e == NULL || name == NULL)) + return NULL; + if (e == NULL) + name = OBJ_nid2sn(id); propquery = NULL; + #ifndef OPENSSL_NO_ENGINE if (e == NULL && pkey != NULL) e = pkey->pmeth_engine != NULL ? pkey->pmeth_engine : pkey->engine;