diff options
| author | Richard Levitte <levitte@openssl.org> | 2021-10-01 08:57:03 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2021-10-27 12:46:15 +0200 |
| commit | fef21c2501387f254da469b9316ebc8cf2e49abc (patch) | |
| tree | 16c8dae2563b44811cd8858cdc0f3d0a9bda4c57 /include/crypto/evp.h | |
| parent | 026ed4d73369e603ab1606c1aa29b53a7a1a876c (diff) | |
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
(cherry picked from commit 5246183e7a9f9fb1819d50ab40e2fecc68235e0d)
Diffstat (limited to 'include/crypto/evp.h')
| -rw-r--r-- | include/crypto/evp.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 41ac80ed9d..c5d3a930f7 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -38,6 +38,7 @@ struct evp_pkey_ctx_st { OSSL_LIB_CTX *libctx; char *propquery; const char *keytype; + /* If |pkey| below is set, this field is always a reference to its keymgmt */ EVP_KEYMGMT *keymgmt; union { @@ -794,6 +795,8 @@ void *evp_keymgmt_util_gen(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, int evp_keymgmt_util_get_deflt_digest_name(EVP_KEYMGMT *keymgmt, void *keydata, char *mdname, size_t mdname_sz); +const char *evp_keymgmt_util_query_operation_name(EVP_KEYMGMT *keymgmt, + int op_id); /* * KEYMGMT provider interface functions |