diff options
author | Matt Caswell <matt@openssl.org> | 2021-07-20 09:58:53 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-07-22 13:52:46 +0200 |
commit | 5dc6489bb6026b679eb6cbe696e4227da9c7032e (patch) | |
tree | a567173607b9708303fbf01061e52c33800006df /crypto/dh | |
parent | 981a5b7ce3bcdf4748162073c3dbd096c82d3c69 (diff) |
Update our EVP_PKEY_METHODs to get low level keys via public APIs
It is possible to call built-in EVP_PKEY_METHOD functions with a provided
key. For example this might occur if a custom EVP_PKEY_METHOD is in use
that wraps a built-in EVP_PKEY_METHOD. Therefore our EVP_PKEY_METHOD
functions should not assume that we are using a legacy key. Instead we
get the low level key using EVP_PKEY_get0_RSA() or other similar functions.
This "does the right thing" if the key is actually provided.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16118)
Diffstat (limited to 'crypto/dh')
-rw-r--r-- | crypto/dh/dh_pmeth.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index f742bf75cf..1ad50b850d 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -392,7 +392,7 @@ static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) /* Note: if error return, pkey is freed by parent routine */ if (ctx->pkey != NULL && !EVP_PKEY_copy_parameters(pkey, ctx->pkey)) return 0; - return DH_generate_key(pkey->pkey.dh); + return DH_generate_key((DH *)EVP_PKEY_get0_DH(pkey)); } static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, @@ -408,7 +408,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, ERR_raise(ERR_LIB_DH, DH_R_KEYS_NOT_SET); return 0; } - dh = ctx->pkey->pkey.dh; + dh = (DH *)EVP_PKEY_get0_DH(ctx->pkey); dhpub = EVP_PKEY_get0_DH(ctx->peerkey); if (dhpub == NULL) { ERR_raise(ERR_LIB_DH, DH_R_KEYS_NOT_SET); |