Fixes #14466.
Reverting the changes of the EVP_PKEY_get0 function.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14468)
-----------
### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
+ * The deprecated function EVP_PKEY_get0() now returns NULL being called for a
+ provided key.
- * The deprecated functions EVP_PKEY_get0(), EVP_PKEY_get0_RSA(),
+ *Dmitry Belyavskiy*
+
+ * The deprecated functions EVP_PKEY_get0_RSA(),
EVP_PKEY_get0_DSA(), EVP_PKEY_get0_EC_KEY(), EVP_PKEY_get0_DH(),
EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305() and EVP_PKEY_get0_siphash() as
well as the similarly named "get1" functions behave slightly differently in
For the above reasons the keys returned from these functions should typically
be treated as read-only. To emphasise this the value returned from
- EVP_PKEY_get0(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
+ EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
EVP_PKEY_get0_EC_KEY() and EVP_PKEY_get0_DH() has been made const. This may
break some existing code. Applications broken by this change should be
modified. The preferred solution is to refactor the code to avoid the use of
}
# endif
-const void *EVP_PKEY_get0(const EVP_PKEY *pkey)
+void *EVP_PKEY_get0(const EVP_PKEY *pkey)
{
if (pkey == NULL)
return NULL;
- return evp_pkey_get_legacy((EVP_PKEY *)pkey);
+ if (!evp_pkey_is_provided(pkey))
+ return pkey->pkey.ptr;
+
+ return NULL;
}
const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len)
ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_AN_HMAC_KEY);
return NULL;
}
- os = EVP_PKEY_get0(pkey);
- *len = os->length;
- return os->data;
+ os = evp_pkey_get_legacy((EVP_PKEY *)pkey);
+ if (os != NULL) {
+ *len = os->length;
+ return os->data;
+ }
+ return NULL;
}
# ifndef OPENSSL_NO_POLY1305
ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_POLY1305_KEY);
return NULL;
}
- os = EVP_PKEY_get0(pkey);
- *len = os->length;
- return os->data;
+ os = evp_pkey_get_legacy((EVP_PKEY *)pkey);
+ if (os != NULL) {
+ *len = os->length;
+ return os->data;
+ }
+ return NULL;
}
# endif
ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_SIPHASH_KEY);
return NULL;
}
- os = EVP_PKEY_get0(pkey);
- *len = os->length;
- return os->data;
+ os = evp_pkey_get_legacy((EVP_PKEY *)pkey);
+ if (os != NULL) {
+ *len = os->length;
+ return os->data;
+ }
+ return NULL;
}
# endif
EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH,
EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash,
-EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type,
-EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions
+EVP_PKEY_get0, EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id,
+EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine, EVP_PKEY_get0_engine -
+EVP_PKEY assignment functions
=head1 SYNOPSIS
const DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey);
const DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
const EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
+ void *EVP_PKEY_get0(const EVP_PKEY *pkey);
int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key);
int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
possible. If access to the low level key parameters is required then
applications should use L<EVP_PKEY_get_params(3)> and other similar functions.
To write an EVP_PKEY out use the OSSL_ENCODER APIs (see
-L<OSSL_ENCODER_CTX_new_for_pkey(3)>).
+L<OSSL_ENCODER_CTX_new_for_pkey(3)>). EVP_PKEY_get0() returns a pointer to the
+legacy key or NULL if the key is not legacy.
Note that if an EVP_PKEY was not constructed using one of the deprecated
functions such as EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH()
OSSL_DEPRECATEDIN_3_0
int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
OSSL_DEPRECATEDIN_3_0
-const void *EVP_PKEY_get0(const EVP_PKEY *pkey);
+void *EVP_PKEY_get0(const EVP_PKEY *pkey);
OSSL_DEPRECATEDIN_3_0
const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
# ifndef OPENSSL_NO_POLY1305
* This test is only relevant for deprecated functions that perform
* downgrading
*/
- if (EVP_PKEY_get0(shared_evp_pkey) == NULL)
+ if (EVP_PKEY_get0_RSA(shared_evp_pkey) == NULL)
multi_success = 0;
#else
/* Shouldn't ever get here */
EVP_PKEY_decrypt_old(3)
EVP_PKEY_delete_attr(3)
EVP_PKEY_encrypt_old(3)
-EVP_PKEY_get0(3)
EVP_PKEY_get_attr(3)
EVP_PKEY_get_attr_by_NID(3)
EVP_PKEY_get_attr_by_OBJ(3)