[openssl] master update

Matt Caswell matt at openssl.org
Mon Jan 27 08:50:43 UTC 2020 

The branch master has been updated
       via  2ee4a50ab92020dc49383d5aa644397edac4a59a (commit)
      from  612539e8a678c6099131dfd0e5e4b85fa774eb1a (commit)


- Log -----------------------------------------------------------------
commit 2ee4a50ab92020dc49383d5aa644397edac4a59a
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Jan 15 11:10:43 2020 +0000

    Modify EVP_PKEY_CTX_new_from_pkey() to add a propquery parameter
    
    The function EVP_PKEY_CTX_new_from_pkey() infers the name of the
    algorithm to fetch from the EVP_PKEY that has been supplied as an
    argument. But there was no way to specify properties to be used during
    that fetch.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/10926)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/p_lib.c            |  2 +-
 crypto/evp/pmeth_lib.c        | 16 +++-------------
 doc/man3/EVP_PKEY_CTX_new.pod |  6 +++---
 include/openssl/evp.h         |  2 +-
 providers/fips/fipsprov.c     |  4 ++--
 5 files changed, 10 insertions(+), 20 deletions(-)

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 2aa2aa87af..07316a4522 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -915,7 +915,7 @@ void *evp_pkey_make_provided(EVP_PKEY *pk, OPENSSL_CTX *libctx,
     }
 
     if (tmp_keymgmt == NULL) {
-        EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pk);
+        EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pk, propquery);
 
         if (ctx != NULL && ctx->keytype != NULL)
             tmp_keymgmt = allocated_keymgmt =
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index e8bcb7e5a4..03d6ab4da4 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -186,17 +186,6 @@ static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx,
         return NULL;
     if (e == NULL)
         name = OBJ_nid2sn(id);
-    propquery = NULL;
-    /*
-     * We were called using legacy data, or an EVP_PKEY, but an EVP_PKEY
-     * isn't tied to a specific library context, so we fall back to the
-     * default library context.
-     * TODO(v3.0): an EVP_PKEY that doesn't originate from a leagacy key
-     * structure only has the pkeys[] cache, where the first element is
-     * considered the "origin".  Investigate if that could be a suitable
-     * way to find a library context.
-     */
-    libctx = NULL;
 
 # ifndef OPENSSL_NO_ENGINE
     if (e == NULL && pkey != NULL)
@@ -269,9 +258,10 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OPENSSL_CTX *libctx,
     return int_ctx_new(libctx, NULL, NULL, name, propquery, -1);
 }
 
-EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OPENSSL_CTX *libctx, EVP_PKEY *pkey)
+EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OPENSSL_CTX *libctx, EVP_PKEY *pkey,
+                                         const char *propquery)
 {
-    return int_ctx_new(libctx, pkey, NULL, NULL, NULL, -1);
+    return int_ctx_new(libctx, pkey, NULL, NULL, propquery, -1);
 }
 
 void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx)
diff --git a/doc/man3/EVP_PKEY_CTX_new.pod b/doc/man3/EVP_PKEY_CTX_new.pod
index b08f7e4d78..5f8a01242d 100644
--- a/doc/man3/EVP_PKEY_CTX_new.pod
+++ b/doc/man3/EVP_PKEY_CTX_new.pod
@@ -36,9 +36,9 @@ lifetime of the returned B<EVP_PKEY_CTX> or of any of its duplicates.
 
 The EVP_PKEY_CTX_new_from_pkey() function allocates a public key algorithm
 context using the library context I<libctx> (see L<OPENSSL_CTX(3)>) and the
-algorithm specified by I<pkey> . None of the arguments are duplicated, so they
-must remain unchanged for the lifetime of the returned B<EVP_PKEY_CTX> or of
-any of its duplicates.
+algorithm specified by I<pkey> and the property query I<propquery>. None of the
+arguments are duplicated, so they must remain unchanged for the lifetime of the
+returned B<EVP_PKEY_CTX> or any of its duplicates.
 
 EVP_PKEY_CTX_new_id() and EVP_PKEY_CTX_new_from_name() are normally
 used when no B<EVP_PKEY> structure is associated with the operations,
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 7fc16807b9..181c588f0f 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1473,7 +1473,7 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OPENSSL_CTX *libctx,
                                          const char *name,
                                          const char *propquery);
 EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OPENSSL_CTX *libctx,
-                                         EVP_PKEY *pkey);
+                                         EVP_PKEY *pkey, const char *propquery);
 EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx);
 void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
 
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 0ed425bc22..288168cb81 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -268,7 +268,7 @@ static int dsa_key_signature_test(OPENSSL_CTX *libctx)
         goto err;
 
     /* Create a EVP_PKEY_CTX to use for the signing operation */
-    sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey);
+    sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
     if (sctx == NULL
         || EVP_PKEY_sign_init(sctx) <= 0)
         goto err;
@@ -433,7 +433,7 @@ static int dh_key_exchange_test(OPENSSL_CTX *libctx)
         goto err;
 
     /* Create a EVP_PKEY_CTX to perform key derivation */
-    dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey);
+    dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
     if (dctx == NULL)
         goto err;

More information about the openssl-commits mailing list