diff options
author | Matt Caswell <matt@openssl.org> | 2020-04-10 18:28:24 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-04-17 12:26:56 +0100 |
commit | 629c72db5f8af3312fd89188298ce464186470d1 (patch) | |
tree | 46093f9f44f37422ee717a7b973437bb788a85b3 /crypto/evp | |
parent | 7da7b27eec58d1efc7012f002c45ddbdd61a5e79 (diff) |
When calling the import_to function pass the libctx too
Previously import_to just took an EVP_PKEY as the argument. However we
need to some additional context data as well - specifically the libctx.
Therefore we pass an EVP_PKEY_CTX instead to hold the combination of
both of these things.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11536)
Diffstat (limited to 'crypto/evp')
-rw-r--r-- | crypto/evp/p_lib.c | 46 |
1 files changed, 30 insertions, 16 deletions
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index b0163f5792..fa166958f0 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1568,24 +1568,38 @@ int evp_pkey_downgrade(EVP_PKEY *pk) if (pk->ameth->import_from == NULL) { ERR_raise_data(ERR_LIB_EVP, EVP_R_NO_IMPORT_FUNCTION, "key type = %s", keytype); - } else if (evp_keymgmt_export(keymgmt, keydata, - OSSL_KEYMGMT_SELECT_ALL, - pk->ameth->import_from, pk)) { + } else { /* - * Save the provider side data in the operation cache, so they'll - * find it again. evp_pkey_free_it() cleared the cache, so it's - * safe to assume slot zero is free. - * Note that evp_keymgmt_util_cache_keydata() increments keymgmt's - * reference count. + * We perform the export in the same libctx as the keymgmt that we + * are using. */ - evp_keymgmt_util_cache_keydata(pk, 0, keymgmt, keydata); - - /* Synchronize the dirty count */ - pk->dirty_cnt_copy = pk->ameth->dirty_cnt(pk); - - /* evp_keymgmt_export() increased the refcount... */ - EVP_KEYMGMT_free(keymgmt); - return 1; + OPENSSL_CTX *libctx = ossl_provider_library_context(keymgmt->prov); + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pk, NULL); + if (pctx == NULL) + ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); + + if (pctx != NULL + && evp_keymgmt_export(keymgmt, keydata, + OSSL_KEYMGMT_SELECT_ALL, + pk->ameth->import_from, pctx)) { + /* + * Save the provider side data in the operation cache, so they'll + * find it again. evp_pkey_free_it() cleared the cache, so it's + * safe to assume slot zero is free. + * Note that evp_keymgmt_util_cache_keydata() increments keymgmt's + * reference count. + */ + evp_keymgmt_util_cache_keydata(pk, 0, keymgmt, keydata); + EVP_PKEY_CTX_free(pctx); + + /* Synchronize the dirty count */ + pk->dirty_cnt_copy = pk->ameth->dirty_cnt(pk); + + /* evp_keymgmt_export() increased the refcount... */ + EVP_KEYMGMT_free(keymgmt); + return 1; + } + EVP_PKEY_CTX_free(pctx); } ERR_raise_data(ERR_LIB_EVP, EVP_R_KEYMGMT_EXPORT_FAILURE, |