diff options
| -rw-r--r-- | crypto/evp/pmeth_lib.c | 24 | ||||
| -rw-r--r-- | doc/man3/EVP_PKEY_CTX_new.pod | 13 | ||||
| -rw-r--r-- | include/crypto/evp.h | 6 | ||||
| -rw-r--r-- | include/openssl/evp.h | 3 |
4 files changed, 33 insertions, 13 deletions
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 5ba844f53e..d547e5a69d 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -111,7 +111,8 @@ const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type) return (**ret)(); } -static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, +static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx, + EVP_PKEY *pkey, ENGINE *e, const char *name, const char *propquery, int id) { @@ -149,6 +150,16 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, if (e == NULL) name = OBJ_nid2sn(id); propquery = NULL; + /* + * We were called using legacy data, or an EVP_PKEY, but an EVP_PKEY + * isn't tied to a specific library context, so we fall back to the + * default library context. + * TODO(v3.0): an EVP_PKEY that doesn't originate from a leagacy key + * structure only has the pkeys[] cache, where the first element is + * considered the "origin". Investigate if that could be a suitable + * way to find a library context. + */ + libctx = NULL; #ifndef OPENSSL_NO_ENGINE if (e == NULL && pkey != NULL) @@ -191,6 +202,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, EVPerr(EVP_F_INT_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; } + ret->libctx = libctx; ret->algorithm = name; ret->propquery = propquery; ret->engine = e; @@ -303,18 +315,19 @@ void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth) EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e) { - return int_ctx_new(pkey, e, NULL, NULL, -1); + return int_ctx_new(NULL, pkey, e, NULL, NULL, -1); } EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e) { - return int_ctx_new(NULL, e, NULL, NULL, id); + return int_ctx_new(NULL, NULL, e, NULL, NULL, id); } -EVP_PKEY_CTX *EVP_PKEY_CTX_new_provided(const char *name, +EVP_PKEY_CTX *EVP_PKEY_CTX_new_provided(OPENSSL_CTX *libctx, + const char *name, const char *propquery) { - return int_ctx_new(NULL, NULL, name, propquery, -1); + return int_ctx_new(libctx, NULL, NULL, name, propquery, -1); } EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) @@ -344,6 +357,7 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) EVP_PKEY_up_ref(pctx->pkey); rctx->pkey = pctx->pkey; rctx->operation = pctx->operation; + rctx->libctx = pctx->libctx; rctx->algorithm = pctx->algorithm; rctx->propquery = pctx->propquery; diff --git a/doc/man3/EVP_PKEY_CTX_new.pod b/doc/man3/EVP_PKEY_CTX_new.pod index de7f439da5..5d18a04344 100644 --- a/doc/man3/EVP_PKEY_CTX_new.pod +++ b/doc/man3/EVP_PKEY_CTX_new.pod @@ -12,7 +12,8 @@ EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); - EVP_PKEY_CTX *EVP_PKEY_CTX_new_provided(const char *name, + EVP_PKEY_CTX *EVP_PKEY_CTX_new_provided(OPENSSL_CTX *libctx, + const char *name, const char *propquery); EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); @@ -25,11 +26,11 @@ the algorithm specified in I<pkey> and ENGINE I<e>. The EVP_PKEY_CTX_new_id() function allocates public key algorithm context using the algorithm specified by I<id> and ENGINE I<e>. -The EVP_PKEY_CTX_new_provided() function allocates a public key -algorithm context using the algorithm specified by I<name> and the -property query I<propquery>. The strings aren't duplicated, so they -must remain unchanged for the lifetime of the returned B<EVP_PKEY_CTX> -or of any of its duplicates. +The EVP_PKEY_CTX_new_provided() function allocates a public key algorithm +context using the library context I<libctx> (see L<OPENSSL_CTX(3)>), the +algorithm specified by I<name> and the property query I<propquery>. None +of the arguments are duplicated, so they must remain unchanged for the +lifetime of the returned B<EVP_PKEY_CTX> or of any of its duplicates. EVP_PKEY_CTX_new_id() and EVP_PKEY_CTX_new_provided() are normally used when no B<EVP_PKEY> structure is associated with the operations, diff --git a/include/crypto/evp.h b/include/crypto/evp.h index dad7174bc5..32ae121eea 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -21,7 +21,11 @@ struct evp_pkey_ctx_st { /* Actual operation */ int operation; - /* Algorithm name and properties associated with this context */ + /* + * Library context, Algorithm name and properties associated + * with this context + */ + OPENSSL_CTX *libctx; const char *algorithm; const char *propquery; diff --git a/include/openssl/evp.h b/include/openssl/evp.h index a0190c8b08..baa1ce8c6c 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1461,7 +1461,8 @@ void EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt, EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); -EVP_PKEY_CTX *EVP_PKEY_CTX_new_provided(const char *name, +EVP_PKEY_CTX *EVP_PKEY_CTX_new_provided(OPENSSL_CTX *libctx, + const char *name, const char *propquery); EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); |