EVP: make it possible to init EVP_PKEY_CTX with provided EVP_PKEY

The case when EVP_PKEY_CTX_new() is called with a provided EVP_PKEY (no legacy data) wasn't handled properly. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10618)
2025-01-18 13:44:20 +08:00 · 2019-12-02 12:00:58 +01:00 · 2019-12-02 12:00:58 +01:00 · 982efd7765
commit 982efd7765
parent 19f909856d
1 changed files with 18 additions and 1 deletions
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@ -127,11 +127,28 @@ static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx,
    if (pkey == NULL && e == NULL && id == -1)
        goto common;

+    /*
+     * If the key doesn't contain anything legacy, then it must be provided,
+     * so we extract the necessary information and use that.
+     */
+    if (pkey != NULL && pkey->pkey.ptr == NULL) {
+        /* If we have an engine, something went wrong somewhere... */
+        if (!ossl_assert(e == NULL))
+            return NULL;
+        name = evp_first_name(pkey->pkeys[0].keymgmt->prov,
+                              pkey->pkeys[0].keymgmt->name_id);
+        /*
+         * TODO: I wonder if the EVP_PKEY should have the name and propquery
+         * that were used when building it....  /RL
+         */
+        goto common;
+    }
+
    /* TODO(3.0) Legacy code should be removed when all is provider based */
    /* BEGIN legacy */
    if (id == -1) {
        if (pkey == NULL)
-            return 0;
+            return NULL;
        id = pkey->type;
    }