When calling the import_to function pass the libctx too

Previously import_to just took an EVP_PKEY as the argument. However we need to some additional context data as well - specifically the libctx. Therefore we pass an EVP_PKEY_CTX instead to hold the combination of both of these things. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11536)
author: Matt Caswell <matt@openssl.org> 2020-04-10 18:28:24 +0100
committer: Matt Caswell <matt@openssl.org> 2020-04-17 12:26:56 +0100
commit: 629c72db5f8af3312fd89188298ce464186470d1 (patch)
tree: 46093f9f44f37422ee717a7b973437bb788a85b3 /crypto/evp
parent: 7da7b27eec58d1efc7012f002c45ddbdd61a5e79 (diff)
1 files changed, 30 insertions, 16 deletions
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index b0163f5792..fa166958f0 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -1568,24 +1568,38 @@ int evp_pkey_downgrade(EVP_PKEY *pk)
         if (pk->ameth->import_from == NULL) {
             ERR_raise_data(ERR_LIB_EVP, EVP_R_NO_IMPORT_FUNCTION,
                            "key type = %s", keytype);
-        } else if (evp_keymgmt_export(keymgmt, keydata,
-                                      OSSL_KEYMGMT_SELECT_ALL,
-                                      pk->ameth->import_from, pk)) {
+        } else {
             /*
-             * Save the provider side data in the operation cache, so they'll
-             * find it again.  evp_pkey_free_it() cleared the cache, so it's
-             * safe to assume slot zero is free.
-             * Note that evp_keymgmt_util_cache_keydata() increments keymgmt's
-             * reference count.
+             * We perform the export in the same libctx as the keymgmt that we
+             * are using.
              */
-            evp_keymgmt_util_cache_keydata(pk, 0, keymgmt, keydata);
-
-            /* Synchronize the dirty count */
-            pk->dirty_cnt_copy = pk->ameth->dirty_cnt(pk);
-
-            /* evp_keymgmt_export() increased the refcount... */
-            EVP_KEYMGMT_free(keymgmt);
-            return 1;
+            OPENSSL_CTX *libctx = ossl_provider_library_context(keymgmt->prov);
+            EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pk, NULL);
+            if (pctx == NULL)
+                ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
+
+            if (pctx != NULL
+                    && evp_keymgmt_export(keymgmt, keydata,
+                                          OSSL_KEYMGMT_SELECT_ALL,
+                                          pk->ameth->import_from, pctx)) {
+                /*
+                 * Save the provider side data in the operation cache, so they'll
+                 * find it again.  evp_pkey_free_it() cleared the cache, so it's
+                 * safe to assume slot zero is free.
+                 * Note that evp_keymgmt_util_cache_keydata() increments keymgmt's
+                 * reference count.
+                 */
+                evp_keymgmt_util_cache_keydata(pk, 0, keymgmt, keydata);
+                EVP_PKEY_CTX_free(pctx);
+
+                /* Synchronize the dirty count */
+                pk->dirty_cnt_copy = pk->ameth->dirty_cnt(pk);
+
+                /* evp_keymgmt_export() increased the refcount... */
+                EVP_KEYMGMT_free(keymgmt);
+                return 1;
+            }
+            EVP_PKEY_CTX_free(pctx);
         }
 
         ERR_raise_data(ERR_LIB_EVP, EVP_R_KEYMGMT_EXPORT_FAILURE,
author	Matt Caswell <matt@openssl.org>	2020-04-10 18:28:24 +0100
committer	Matt Caswell <matt@openssl.org>	2020-04-17 12:26:56 +0100
commit	629c72db5f8af3312fd89188298ce464186470d1 (patch)
tree	46093f9f44f37422ee717a7b973437bb788a85b3 /crypto/evp
parent	7da7b27eec58d1efc7012f002c45ddbdd61a5e79 (diff)