git.librecmc.org Git - oweals/openssl.git/commit

author	Richard Levitte <levitte@openssl.org>
	Thu, 20 Feb 2020 19:26:16 +0000 (20:26 +0100)
committer	Richard Levitte <levitte@openssl.org>
	Sat, 29 Feb 2020 04:39:43 +0000 (05:39 +0100)
commit	3c6ed9555c7735c24d5f59c8b4ab7b9c4d807c77
tree	663b632b0655551629e64f860c64d8b892513449	tree \| snapshot
parent	49119647639b0b3ecd4db3d99b653653b41d1d20	commit \| diff

Rethink the EVP_PKEY cache of provider side keys

The role of this cache was two-fold:

1.  It was a cache of key copies exported to providers with which an
    operation was initiated.
2.  If the EVP_PKEY didn't have a legacy key, item 0 of the cache was
    the corresponding provider side origin, while the rest was the
    actual cache.

This dual role for item 0 made the code a bit confusing, so we now
make a separate keymgmt / keydata pair outside of that cache, which is
the provider side "origin" key.

A hard rule is that an EVP_PKEY cannot hold a legacy "origin" and a
provider side "origin" at the same time.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11148)

crypto/asn1/i2d_pr.c		diff \| blob \| history
crypto/evp/exchange.c		diff \| blob \| history
crypto/evp/keymgmt_lib.c		diff \| blob \| history
crypto/evp/m_sigver.c		diff \| blob \| history
crypto/evp/p_lib.c		diff \| blob \| history
crypto/evp/pmeth_check.c		diff \| blob \| history
crypto/evp/pmeth_fn.c		diff \| blob \| history
crypto/evp/pmeth_lib.c		diff \| blob \| history
crypto/evp/signature.c		diff \| blob \| history
crypto/serializer/serializer_pkey.c		diff \| blob \| history
crypto/x509/x_pubkey.c		diff \| blob \| history
include/crypto/evp.h		diff \| blob \| history