diff options
author | Richard Levitte <levitte@openssl.org> | 2020-01-07 11:49:08 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-01-08 22:30:54 +0100 |
commit | e0d8523e801b7a1fcdda698f9c28dd7a0617cd02 (patch) | |
tree | 6e02db1b8e58c02ef1327b099f557969d2d32bdd /crypto/evp/exchange.c | |
parent | a9e4e3c39eb361ddfb438edb27c754947009eed6 (diff) |
EVP: If a key can't be exported to provider, fallback to legacy
Currently, the operations that do try to export a legacy key to
providers will fail if the export failed. It makes more sense to
simply use the legacy method instead, as a fallback for things not
being implemented (yet) in a provider.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10771)
Diffstat (limited to 'crypto/evp/exchange.c')
-rw-r--r-- | crypto/evp/exchange.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index 189c1c0f45..3e7c00103c 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -208,10 +208,9 @@ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) if (ctx->pkey != NULL) { provkey = evp_keymgmt_export_to_provider(ctx->pkey, ctx->keymgmt, 0); - if (provkey == NULL) { - EVPerr(0, EVP_R_INITIALIZATION_ERROR); - goto err; - } + /* If export failed, legacy may be able to pick it up */ + if (provkey == NULL) + goto legacy; } ctx->op.kex.exchprovctx = exchange->newctx(ossl_provider_ctx(exchange->prov)); if (ctx->op.kex.exchprovctx == NULL) { @@ -227,7 +226,7 @@ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) return 0; legacy: - if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->derive == NULL) { + if (ctx->pmeth == NULL || ctx->pmeth->derive == NULL) { EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } @@ -261,10 +260,9 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) } provkey = evp_keymgmt_export_to_provider(peer, ctx->keymgmt, 0); - if (provkey == NULL) { - EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, ERR_R_INTERNAL_ERROR); - return 0; - } + /* If export failed, legacy may be able to pick it up */ + if (provkey == NULL) + goto legacy; return ctx->op.kex.exchange->set_peer(ctx->op.kex.exchprovctx, provkey); legacy: |