From acb90ba8ffe6a27f625607760e82842673eb9378 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 21 Mar 2020 06:21:26 +0100 Subject: EVP: Downgrade keys rather than upgrade Upgrading EVP_PKEYs from containing legacy keys to containing provider side keys proved to be risky, with a number of unpleasant corner cases, and with functions like EVP_PKEY_get0_DSA() failing unexpectedly. We therefore change course, and instead of upgrading legacy internal keys to provider side internal keys, we downgrade provider side internal keys to legacy ones. To be able to do this, we add |import_from| and make it a callback function designed for evp_keymgmt_export(). This means that evp_pkey_upgrade_to_provider() is replaced with evp_pkey_downgrade(). EVP_PKEY_copy_parameters() is the most deeply affected function of this change. Fixes #11366 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11375) --- test/keymgmt_internal_test.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to 'test/keymgmt_internal_test.c') diff --git a/test/keymgmt_internal_test.c b/test/keymgmt_internal_test.c index 5ef238ccf1..fd60893a45 100644 --- a/test/keymgmt_internal_test.c +++ b/test/keymgmt_internal_test.c @@ -207,14 +207,10 @@ static int test_pass_rsa(FIXTURE *fixture) || !TEST_ptr_ne(km1, km2)) goto err; - if (!TEST_ptr(evp_pkey_export_to_provider(pk, NULL, &km1, NULL)) - || !TEST_ptr(evp_pkey_upgrade_to_provider(pk, NULL, &km1, NULL)) - || !TEST_ptr(provkey = evp_keymgmt_util_export_to_provider(pk, km2))) - goto err; - - if (!TEST_true(evp_keymgmt_export(km2, provkey, - OSSL_KEYMGMT_SELECT_KEYPAIR, - &export_cb, keydata))) + if (!TEST_ptr(provkey = evp_pkey_export_to_provider(pk, NULL, &km1, NULL)) + || !TEST_true(evp_keymgmt_export(km2, provkey, + OSSL_KEYMGMT_SELECT_KEYPAIR, + &export_cb, keydata))) goto err; /* -- cgit v1.2.3