diff options
author | Matt Caswell <matt@openssl.org> | 2021-07-20 09:58:53 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-07-22 13:52:46 +0200 |
commit | 5dc6489bb6026b679eb6cbe696e4227da9c7032e (patch) | |
tree | a567173607b9708303fbf01061e52c33800006df /crypto/dsa | |
parent | 981a5b7ce3bcdf4748162073c3dbd096c82d3c69 (diff) |
Update our EVP_PKEY_METHODs to get low level keys via public APIs
It is possible to call built-in EVP_PKEY_METHOD functions with a provided
key. For example this might occur if a custom EVP_PKEY_METHOD is in use
that wraps a built-in EVP_PKEY_METHOD. Therefore our EVP_PKEY_METHOD
functions should not assume that we are using a legacy key. Instead we
get the low level key using EVP_PKEY_get0_RSA() or other similar functions.
This "does the right thing" if the key is actually provided.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16118)
Diffstat (limited to 'crypto/dsa')
-rw-r--r-- | crypto/dsa/dsa_pmeth.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index ffb19da580..ba6be720a2 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -81,7 +81,12 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int ret; unsigned int sltmp; DSA_PKEY_CTX *dctx = ctx->data; - DSA *dsa = ctx->pkey->pkey.dsa; + /* + * Discard const. Its marked as const because this may be a cached copy of + * the "real" key. These calls don't make any modifications that need to + * be reflected back in the "original" key. + */ + DSA *dsa = (DSA *)EVP_PKEY_get0_DSA(ctx->pkey); if (dctx->md != NULL && tbslen != (size_t)EVP_MD_get_size(dctx->md)) return 0; @@ -100,7 +105,12 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, { int ret; DSA_PKEY_CTX *dctx = ctx->data; - DSA *dsa = ctx->pkey->pkey.dsa; + /* + * Discard const. Its marked as const because this may be a cached copy of + * the "real" key. These calls don't make any modifications that need to + * be reflected back in the "original" key. + */ + DSA *dsa = (DSA *)EVP_PKEY_get0_DSA(ctx->pkey); if (dctx->md != NULL && tbslen != (size_t)EVP_MD_get_size(dctx->md)) return 0; @@ -245,7 +255,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) /* Note: if error return, pkey is freed by parent routine */ if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) return 0; - return DSA_generate_key(pkey->pkey.dsa); + return DSA_generate_key((DSA *)EVP_PKEY_get0_DSA(pkey)); } static const EVP_PKEY_METHOD dsa_pkey_meth = { |