diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-06-04 20:05:26 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-06-08 23:50:22 +0200 |
| commit | 4ec1463d71db6324abe9c91d2ed9aa1e136c9cb3 (patch) | |
| tree | fea3280e6d465bdcfe522157140f74613444fd3a /crypto | |
| parent | a6d36303e91b79379da2e2ffaa608dba704d3eb8 (diff) | |
EVP: Let EVP_PKEY_gen() initialize ctx->keygen_info
In EVP_PKEY_METHOD code, the backend initializes ctx->keygen_info.
With provider side code, it's not possible to reach back into the
EVP_PKEY_CTX in the same manner, so we need to make that
initialization in the central generation function, EVP_PKEY_gen().
This isn't quite compatible with the idea that keygen_info could have
an arbitrary amount of elements, but since all our legacy backends use
exactly two elements, that's what we go for.
Fixes #12047
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12048)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/evp/pmeth_gn.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index fb861d2487..411f270b49 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -144,6 +144,8 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) int ret = 0; OSSL_CALLBACK cb; EVP_PKEY *allocated_pkey = NULL; + /* Legacy compatible keygen callback info, only used with provider impls */ + int gentmp[2]; if (ppkey == NULL) return -1; @@ -165,6 +167,18 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) if (ctx->op.keymgmt.genctx == NULL) goto legacy; + /* + * Asssigning gentmp to ctx->keygen_info is something our legacy + * implementations do. Because the provider implementations aren't + * allowed to reach into our EVP_PKEY_CTX, we need to provide similar + * space for backward compatibility. It's ok that we attach a local + * variable, as it should only be useful in the calls down from here. + * This is cleared as soon as it isn't useful any more, i.e. directly + * after the evp_keymgmt_util_gen() call. + */ + ctx->keygen_info = gentmp; + ctx->keygen_info_count = 2; + ret = 1; if (ctx->pkey != NULL) { EVP_KEYMGMT *tmp_keymgmt = ctx->keymgmt; @@ -191,6 +205,8 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) ossl_callback_to_pkey_gencb, ctx) != NULL); + ctx->keygen_info = NULL; + #ifndef FIPS_MODULE /* In case |*ppkey| was originally a legacy key */ if (ret) |