Change EVP_PKEY_CTX_new_provided() to take a library context too.

With provided algorithms, the library context is ever present, so of course it should be specified alongside the algorithm name and property query string. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10308)
2025-03-31 20:10:45 +08:00 · 2019-11-01 16:56:31 +01:00 · 2019-11-01 16:56:31 +01:00 · 3ee348b0dc
commit 3ee348b0dc
parent 60653e5b25
4 changed files with 33 additions and 13 deletions
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@ -111,7 +111,8 @@ const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
    return (**ret)();
 }

-static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e,
+static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx,
+                                 EVP_PKEY *pkey, ENGINE *e,
                                 const char *name, const char *propquery,
                                 int id)
 {
@ -149,6 +150,16 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e,
    if (e == NULL)
        name = OBJ_nid2sn(id);
    propquery = NULL;
+    /*
+     * We were called using legacy data, or an EVP_PKEY, but an EVP_PKEY
+     * isn't tied to a specific library context, so we fall back to the
+     * default library context.
+     * TODO(v3.0): an EVP_PKEY that doesn't originate from a leagacy key
+     * structure only has the pkeys[] cache, where the first element is
+     * considered the "origin".  Investigate if that could be a suitable
+     * way to find a library context.
+     */
+    libctx = NULL;

 #ifndef OPENSSL_NO_ENGINE
    if (e == NULL && pkey != NULL)
@ -191,6 +202,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e,
        EVPerr(EVP_F_INT_CTX_NEW, ERR_R_MALLOC_FAILURE);
        return NULL;
    }
+    ret->libctx = libctx;
    ret->algorithm = name;
    ret->propquery = propquery;
    ret->engine = e;
@ -303,18 +315,19 @@ void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth)

 EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e)
 {
-    return int_ctx_new(pkey, e, NULL, NULL, -1);
+    return int_ctx_new(NULL, pkey, e, NULL, NULL, -1);
 }

 EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e)
 {
-    return int_ctx_new(NULL, e, NULL, NULL, id);
+    return int_ctx_new(NULL, NULL, e, NULL, NULL, id);
 }

-EVP_PKEY_CTX *EVP_PKEY_CTX_new_provided(const char *name,
+EVP_PKEY_CTX *EVP_PKEY_CTX_new_provided(OPENSSL_CTX *libctx,
+                                        const char *name,
                                        const char *propquery)
 {
-    return int_ctx_new(NULL, NULL, name, propquery, -1);
+    return int_ctx_new(libctx, NULL, NULL, name, propquery, -1);
 }

 EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
@ -344,6 +357,7 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
        EVP_PKEY_up_ref(pctx->pkey);
    rctx->pkey = pctx->pkey;
    rctx->operation = pctx->operation;
+    rctx->libctx = pctx->libctx;
    rctx->algorithm = pctx->algorithm;
    rctx->propquery = pctx->propquery;

--- a/doc/man3/EVP_PKEY_CTX_new.pod
+++ b/doc/man3/EVP_PKEY_CTX_new.pod
@ -12,7 +12,8 @@ EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free

 EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
 EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
- EVP_PKEY_CTX *EVP_PKEY_CTX_new_provided(const char *name,
+ EVP_PKEY_CTX *EVP_PKEY_CTX_new_provided(OPENSSL_CTX *libctx,
+                                         const char *name,
                                         const char *propquery);
 EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx);
 void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
@ -25,11 +26,11 @@ the algorithm specified in I<pkey> and ENGINE I<e>.
 The EVP_PKEY_CTX_new_id() function allocates public key algorithm context
 using the algorithm specified by I<id> and ENGINE I<e>.

-The EVP_PKEY_CTX_new_provided() function allocates a public key
-algorithm context using the algorithm specified by I<name> and the
-property query I<propquery>.  The strings aren't duplicated, so they
-must remain unchanged for the lifetime of the returned B<EVP_PKEY_CTX>
-or of any of its duplicates.
+The EVP_PKEY_CTX_new_provided() function allocates a public key algorithm
+context using the library context I<libctx> (see L<OPENSSL_CTX(3)>), the
+algorithm specified by I<name> and the property query I<propquery>.  None
+of the arguments are duplicated, so they  must remain unchanged for the
+lifetime of the returned B<EVP_PKEY_CTX> or of any of its duplicates.

 EVP_PKEY_CTX_new_id() and EVP_PKEY_CTX_new_provided() are normally
 used when no B<EVP_PKEY> structure is associated with the operations,
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@ -21,7 +21,11 @@ struct evp_pkey_ctx_st {
    /* Actual operation */
    int operation;

-    /* Algorithm name and properties associated with this context */
+    /*
+     * Library context, Algorithm name and properties associated
+     * with this context
+     */
+    OPENSSL_CTX *libctx;
    const char *algorithm;
    const char *propquery;

--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@ -1461,7 +1461,8 @@ void EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt,

 EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
 EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
-EVP_PKEY_CTX *EVP_PKEY_CTX_new_provided(const char *name,
+EVP_PKEY_CTX *EVP_PKEY_CTX_new_provided(OPENSSL_CTX *libctx,
+                                        const char *name,
                                        const char *propquery);
 EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx);
 void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);