summaryrefslogtreecommitdiffstats
path: root/crypto/evp/m_sigver.c
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2020-02-27 10:51:45 +0100
committerRichard Levitte <levitte@openssl.org>2020-03-09 10:54:01 +0100
commitdf13defd4fd4c5a7afff69bc9733e7526e07959a (patch)
tree869933ff708dffee404be50d512fff4f59394581 /crypto/evp/m_sigver.c
parentDOCS: Fix documentation on asymmetric keydata types (diff)
downloadopenssl-df13defd4fd4c5a7afff69bc9733e7526e07959a.tar.xz
openssl-df13defd4fd4c5a7afff69bc9733e7526e07959a.zip
EVP: Check that key methods aren't foreign when exporting
The EVP_PKEY_ASN1_METHOD function export_to() must check that the key we're trying to export has a known libcrypto method, i.e. is a built in RSA_METHOD, DSA_METHOD, etc. Otherwise, the method may be defined by the calling application, by an engine, by another library, and we simply cannot know all the quirks hidden behind that method, if we have access to the key data, or much anything. Such keys are simply deemed impossible to export to provider keys, i.e. have export_to() return 0. This cascades back to functions like evp_pkey_export_to_provider() and evp_pkey_upgrade_to_provider() and their callers. In most cases, this is fine, but if these get mixed in with provider side keys in any function, that function will fail. Fixes #11179 Fixes #9915 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11193)
Diffstat (limited to 'crypto/evp/m_sigver.c')
-rw-r--r--crypto/evp/m_sigver.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 225017b509..4b2cb4eb35 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -73,7 +73,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
*/
ERR_set_mark();
- if (locpctx->keytype == NULL)
+ if (locpctx->engine != NULL || locpctx->keytype == NULL)
goto legacy;
/*