diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-02-20 20:26:16 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-02-29 05:39:43 +0100 |
| commit | 3c6ed9555c7735c24d5f59c8b4ab7b9c4d807c77 (patch) | |
| tree | 663b632b0655551629e64f860c64d8b892513449 /crypto/evp/m_sigver.c | |
| parent | 49119647639b0b3ecd4db3d99b653653b41d1d20 (diff) | |
Rethink the EVP_PKEY cache of provider side keys
The role of this cache was two-fold:
1. It was a cache of key copies exported to providers with which an
operation was initiated.
2. If the EVP_PKEY didn't have a legacy key, item 0 of the cache was
the corresponding provider side origin, while the rest was the
actual cache.
This dual role for item 0 made the code a bit confusing, so we now
make a separate keymgmt / keydata pair outside of that cache, which is
the provider side "origin" key.
A hard rule is that an EVP_PKEY cannot hold a legacy "origin" and a
provider side "origin" at the same time.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11148)
Diffstat (limited to 'crypto/evp/m_sigver.c')
| -rw-r--r-- | crypto/evp/m_sigver.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 1ea5669c02..b6c66722ec 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -64,10 +64,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, if (locpctx->keytype == NULL) goto legacy; - /* Ensure that the key is provided. If not, go legacy */ + /* + * Ensure that the key is provided, either natively, or as a cached export. + * If not, go legacy + */ tmp_keymgmt = locpctx->keymgmt; - provkey = evp_pkey_make_provided(locpctx->pkey, locpctx->libctx, - &tmp_keymgmt, locpctx->propquery); + provkey = evp_pkey_export_to_provider(locpctx->pkey, locpctx->libctx, + &tmp_keymgmt, locpctx->propquery); if (provkey == NULL) goto legacy; if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) { |