diff options
| author | Matt Caswell <matt@openssl.org> | 2020-01-15 11:20:58 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-02-06 11:59:07 +0000 |
| commit | 0f00ed7720257512924a7c891336d66e1c1083fa (patch) | |
| tree | 72155959e8f6e167d68d2804148e23dd806a3967 /ssl/statem | |
| parent | c8f6c28a938fc887ee3d2337f09db453e7fb0369 (diff) | |
Use the OPENSSL_CTX and property query string in EVP_PKEY_CTX
When we use an EVP_PKEY_CTX in libssl we should be doing so with the
OPENSSL_CTX and property query string that were specified when the
SSL_CTX object was first created.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10854)
Diffstat (limited to 'ssl/statem')
| -rw-r--r-- | ssl/statem/extensions_srvr.c | 2 | ||||
| -rw-r--r-- | ssl/statem/statem_clnt.c | 8 | ||||
| -rw-r--r-- | ssl/statem/statem_srvr.c | 6 |
3 files changed, 9 insertions, 7 deletions
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 999e1cd832..36201c68e4 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -1728,7 +1728,7 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, return EXT_RETURN_FAIL; } - skey = ssl_generate_pkey(ckey); + skey = ssl_generate_pkey(s, ckey); if (skey == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_MALLOC_FAILURE); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index e524e62b93..ba2fe0802d 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -3049,7 +3049,7 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt) goto err; } - ckey = ssl_generate_pkey(skey); + ckey = ssl_generate_pkey(s, skey); if (ckey == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR); @@ -3107,7 +3107,7 @@ static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt) return 0; } - ckey = ssl_generate_pkey(skey); + ckey = ssl_generate_pkey(s, skey); if (ckey == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_MALLOC_FAILURE); @@ -3173,7 +3173,9 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) return 0; } - pkey_ctx = EVP_PKEY_CTX_new(X509_get0_pubkey(peer_cert), NULL); + pkey_ctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, + X509_get0_pubkey(peer_cert), + s->ctx->propq); if (pkey_ctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_MALLOC_FAILURE); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 256575f1a0..ab032ae956 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2568,7 +2568,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) goto err; } - s->s3.tmp.pkey = ssl_generate_pkey(pkdhp); + s->s3.tmp.pkey = ssl_generate_pkey(s, pkdhp); if (s->s3.tmp.pkey == NULL) { /* SSLfatal() already called */ goto err; @@ -3013,7 +3013,7 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt) return 0; } - ctx = EVP_PKEY_CTX_new(rsa, NULL); + ctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, rsa, s->ctx->propq); if (ctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA, ERR_R_MALLOC_FAILURE); @@ -3296,7 +3296,7 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt) pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; } - pkey_ctx = EVP_PKEY_CTX_new(pk, NULL); + pkey_ctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pk, s->ctx->propq); if (pkey_ctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_MALLOC_FAILURE); |