diff options
author | Matt Caswell <matt@openssl.org> | 2020-03-12 14:49:19 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-04-01 17:29:12 +0100 |
commit | d882e4ce56eff950ae27cecaafe164751779c12a (patch) | |
tree | c3f1e87032329da0f540dc64fb7deea0d14fe761 /ssl | |
parent | fc69f32cd6852e60627969138be80cc665a573dd (diff) | |
download | openssl-new-d882e4ce56eff950ae27cecaafe164751779c12a.tar.gz |
Make sure we use the libctx when creating an EVP_PKEY_CTX in libssl
We should use EVP_PKEY_CTX_new_from_pkey() to ensure we use the correct
libctx.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11401)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_lib.c | 31 |
1 files changed, 28 insertions, 3 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 9060ee38f0..5373fafc36 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4728,19 +4728,33 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id) */ # ifndef OPENSSL_NO_DH if (gtype == TLS_GROUP_FFDHE) +# if 0 + pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, "DH", s->ctx->propq); +# else pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL); +# endif # ifndef OPENSSL_NO_EC else -# endif -# endif +# endif /* OPENSSL_NO_EC */ +# endif /* OPENSSL_NO_DH */ # ifndef OPENSSL_NO_EC { + /* + * TODO(3.0): When provider based EC key gen is present we can enable + * this code. + */ if (gtype == TLS_GROUP_CURVE_CUSTOM) pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL); else +# if 0 + pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, "EC", + s->ctx->propq); +# else pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); +# endif + } -# endif +# endif /* OPENSSL_NO_EC */ if (pctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, ERR_R_MALLOC_FAILURE); @@ -4806,7 +4820,11 @@ EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id) EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *pkey = NULL; const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id); +#if 0 + const char *pkey_ctx_name; +#else int pkey_ctx_id; +#endif if (ginf == NULL) goto err; @@ -4824,9 +4842,16 @@ EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id) * s->ctx->libctx and s->ctx->propq when paramgen has been updated to be * provider aware. */ +#if 0 + pkey_ctx_name = (ginf->flags & TLS_GROUP_FFDHE) != 0 ? "DH" : "EC"; + pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, pkey_ctx_name, + s->ctx->propq); +#else pkey_ctx_id = (ginf->flags & TLS_GROUP_FFDHE) ? EVP_PKEY_DH : EVP_PKEY_EC; pctx = EVP_PKEY_CTX_new_id(pkey_ctx_id, NULL); +#endif + if (pctx == NULL) goto err; if (EVP_PKEY_paramgen_init(pctx) <= 0) |