git.librecmc.org Git - oweals/openssl.git/commit

author	Richard Levitte <levitte@openssl.org>
	Sat, 21 Mar 2020 05:03:39 +0000 (06:03 +0100)
committer	Richard Levitte <levitte@openssl.org>
	Wed, 25 Mar 2020 16:00:39 +0000 (17:00 +0100)
commit	adc9f7312665f14ec5c73b60090a4df933e6556d
tree	76b323c6e2214561e7ba4430ae296ff5d24cfffd	tree \| snapshot
parent	5036dc67d0f61a5c62ed3c45405648e7dc0d4d0a	commit \| diff

EVP: Clarify the states of an EVP_PKEY

EVP_PKEY is rather complex, even before provider side keys entered the
stage.
You could have untyped / unassigned keys (pk->type == EVP_PKEY_NONE),
keys that had been assigned a type but no data (pk->pkey.ptr == NULL),
and fully assigned keys (pk->type != EVP_PKEY_NONE && pk->pkey.ptr != NULL).

For provider side keys, the corresponding states weren't well defined,
and the code didn't quite account for all the possibilities.

We also guard most of the legacy fields in EVP_PKEY with FIPS_MODE, so
they don't exist at all in the FIPS module.

Most of all, code needs to adapt to the case where an EVP_PKEY's
|keymgmt| is non-NULL, but its |keydata| is NULL.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11375)

crypto/evp/keymgmt_lib.c		diff \| blob \| history
crypto/evp/p_lib.c		diff \| blob \| history
crypto/evp/pmeth_check.c		diff \| blob \| history
crypto/evp/pmeth_lib.c		diff \| blob \| history
include/crypto/evp.h		diff \| blob \| history
providers/implementations/keymgmt/dh_kmgmt.c		diff \| blob \| history
providers/implementations/keymgmt/dsa_kmgmt.c		diff \| blob \| history
providers/implementations/keymgmt/ec_kmgmt.c		diff \| blob \| history
providers/implementations/keymgmt/ecx_kmgmt.c		diff \| blob \| history
providers/implementations/keymgmt/rsa_kmgmt.c		diff \| blob \| history