diff options
| author | Matt Caswell <matt@openssl.org> | 2020-01-15 11:20:58 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-02-06 11:59:07 +0000 |
| commit | 0f00ed7720257512924a7c891336d66e1c1083fa (patch) | |
| tree | 72155959e8f6e167d68d2804148e23dd806a3967 /ssl/s3_lib.c | |
| parent | c8f6c28a938fc887ee3d2337f09db453e7fb0369 (diff) | |
Use the OPENSSL_CTX and property query string in EVP_PKEY_CTX
When we use an EVP_PKEY_CTX in libssl we should be doing so with the
OPENSSL_CTX and property query string that were specified when the
SSL_CTX object was first created.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10854)
Diffstat (limited to 'ssl/s3_lib.c')
| -rw-r--r-- | ssl/s3_lib.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index f5e313b21f..706290be9b 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4676,14 +4676,14 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, } /* Generate a private key from parameters */ -EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm) +EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm) { EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *pkey = NULL; if (pm == NULL) return NULL; - pctx = EVP_PKEY_CTX_new(pm, NULL); + pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pm, s->ctx->propq); if (pctx == NULL) goto err; if (EVP_PKEY_keygen_init(pctx) <= 0) @@ -4716,6 +4716,11 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id) goto err; } gtype = ginf->flags & TLS_GROUP_TYPE; + /* + * TODO(3.0): Convert these EVP_PKEY_CTX_new_id calls to ones that take + * s->ctx->libctx and s->ctx->propq when keygen has been updated to be + * provider aware. + */ # ifndef OPENSSL_NO_DH if (gtype == TLS_GROUP_FFDHE) pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL); @@ -4809,6 +4814,11 @@ EVP_PKEY *ssl_generate_param_group(uint16_t id) return NULL; } + /* + * TODO(3.0): Convert this EVP_PKEY_CTX_new_id call to one that takes + * s->ctx->libctx and s->ctx->propq when paramgen has been updated to be + * provider aware. + */ pkey_ctx_id = (ginf->flags & TLS_GROUP_FFDHE) ? EVP_PKEY_DH : EVP_PKEY_EC; pctx = EVP_PKEY_CTX_new_id(pkey_ctx_id, NULL); @@ -4855,7 +4865,7 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret) return 0; } - pctx = EVP_PKEY_CTX_new(privkey, NULL); + pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq); if (EVP_PKEY_derive_init(pctx) <= 0 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0 |