diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-03-21 06:03:39 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-03-25 17:00:39 +0100 |
| commit | adc9f7312665f14ec5c73b60090a4df933e6556d (patch) | |
| tree | 76b323c6e2214561e7ba4430ae296ff5d24cfffd /crypto/evp/pmeth_lib.c | |
| parent | EC: Refactor ec_curve_name2nid() to accept NIST curve names (diff) | |
| download | openssl-adc9f7312665f14ec5c73b60090a4df933e6556d.tar.xz openssl-adc9f7312665f14ec5c73b60090a4df933e6556d.zip | |
EVP: Clarify the states of an EVP_PKEY
EVP_PKEY is rather complex, even before provider side keys entered the
stage.
You could have untyped / unassigned keys (pk->type == EVP_PKEY_NONE),
keys that had been assigned a type but no data (pk->pkey.ptr == NULL),
and fully assigned keys (pk->type != EVP_PKEY_NONE && pk->pkey.ptr != NULL).
For provider side keys, the corresponding states weren't well defined,
and the code didn't quite account for all the possibilities.
We also guard most of the legacy fields in EVP_PKEY with FIPS_MODE, so
they don't exist at all in the FIPS module.
Most of all, code needs to adapt to the case where an EVP_PKEY's
|keymgmt| is non-NULL, but its |keydata| is NULL.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11375)
Diffstat (limited to 'crypto/evp/pmeth_lib.c')
| -rw-r--r-- | crypto/evp/pmeth_lib.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index f5e1131f06..ecaaec41c7 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -157,7 +157,7 @@ static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx, * If the key doesn't contain anything legacy, then it must be provided, * so we extract the necessary information and use that. */ - if (pkey != NULL && pkey->ameth == NULL) { + if (pkey != NULL && pkey->type == EVP_PKEY_NONE) { /* If we have an engine, something went wrong somewhere... */ if (!ossl_assert(e == NULL)) return NULL; |