[openssl] master update

[Matt Caswell]

The branch master has been updated
       via  ca1bbc1a20837f76a2b637072d63da2d03985fff (commit)
       via  3aceb9ec51beb2ec266c2aba75ee14721c693659 (commit)
      from  cab33afb711e467f459e5b5e669bf7a5c4fe797a (commit)


- Log -----------------------------------------------------------------
commit ca1bbc1a20837f76a2b637072d63da2d03985fff
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Mar 12 14:50:37 2020 +0000

    Use correct libctx when fetching the TLS1 PRF in libssl
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/11357)

commit 3aceb9ec51beb2ec266c2aba75ee14721c693659
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Mar 18 12:57:48 2020 +0000

    Use the libctx and properties when constructing an EVP_PKEY_CTX
    
    When constructing an RSA ClientKeyExchange make sure we construct our
    EVP_PKEY_CTX using the correct libctx and properties
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/11357)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem_clnt.c | 3 ++-
 ssl/t1_enc.c             | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 99459a8c6a..dfc6f5a721 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2990,7 +2990,8 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt)
                  ERR_R_INTERNAL_ERROR);
         goto err;
     }
-    pctx = EVP_PKEY_CTX_new(pkey, NULL);
+
+    pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pkey, s->ctx->propq);
     if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0
         || EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 6ce5235882..1a0d5eba87 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -46,7 +46,7 @@ static int tls1_PRF(SSL *s,
             SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
         return 0;
     }
-    kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_TLS1_PRF, NULL);
+    kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_PRF, s->ctx->propq);
     if (kdf == NULL)
         goto err;
     kctx = EVP_KDF_CTX_new(kdf);