summaryrefslogtreecommitdiff
path: root/ssl
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2020-03-12 14:49:19 +0000
committerMatt Caswell <matt@openssl.org>2020-04-01 17:29:12 +0100
commitd882e4ce56eff950ae27cecaafe164751779c12a (patch)
treec3f1e87032329da0f540dc64fb7deea0d14fe761 /ssl
parentfc69f32cd6852e60627969138be80cc665a573dd (diff)
downloadopenssl-new-d882e4ce56eff950ae27cecaafe164751779c12a.tar.gz
Make sure we use the libctx when creating an EVP_PKEY_CTX in libssl
We should use EVP_PKEY_CTX_new_from_pkey() to ensure we use the correct libctx. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11401)
Diffstat (limited to 'ssl')
-rw-r--r--ssl/s3_lib.c31
1 files changed, 28 insertions, 3 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 9060ee38f0..5373fafc36 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4728,19 +4728,33 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
*/
# ifndef OPENSSL_NO_DH
if (gtype == TLS_GROUP_FFDHE)
+# if 0
+ pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, "DH", s->ctx->propq);
+# else
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL);
+# endif
# ifndef OPENSSL_NO_EC
else
-# endif
-# endif
+# endif /* OPENSSL_NO_EC */
+# endif /* OPENSSL_NO_DH */
# ifndef OPENSSL_NO_EC
{
+ /*
+ * TODO(3.0): When provider based EC key gen is present we can enable
+ * this code.
+ */
if (gtype == TLS_GROUP_CURVE_CUSTOM)
pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
else
+# if 0
+ pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, "EC",
+ s->ctx->propq);
+# else
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
+# endif
+
}
-# endif
+# endif /* OPENSSL_NO_EC */
if (pctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_MALLOC_FAILURE);
@@ -4806,7 +4820,11 @@ EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id)
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
+#if 0
+ const char *pkey_ctx_name;
+#else
int pkey_ctx_id;
+#endif
if (ginf == NULL)
goto err;
@@ -4824,9 +4842,16 @@ EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id)
* s->ctx->libctx and s->ctx->propq when paramgen has been updated to be
* provider aware.
*/
+#if 0
+ pkey_ctx_name = (ginf->flags & TLS_GROUP_FFDHE) != 0 ? "DH" : "EC";
+ pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, pkey_ctx_name,
+ s->ctx->propq);
+#else
pkey_ctx_id = (ginf->flags & TLS_GROUP_FFDHE)
? EVP_PKEY_DH : EVP_PKEY_EC;
pctx = EVP_PKEY_CTX_new_id(pkey_ctx_id, NULL);
+#endif
+
if (pctx == NULL)
goto err;
if (EVP_PKEY_paramgen_init(pctx) <= 0)