git.openssl.org Git - openssl.git/commit

author	Richard Levitte <levitte@openssl.org>
	Sat, 21 Mar 2020 05:21:26 +0000 (06:21 +0100)
committer	Richard Levitte <levitte@openssl.org>
	Wed, 25 Mar 2020 16:01:10 +0000 (17:01 +0100)
commit	acb90ba8ffe6a27f625607760e82842673eb9378
tree	e2960e7bf66bf703ec58c26942462a1cbf27ed7b	tree \| snapshot
parent	8243d8d1a17b700c9c48fc5660ff61245b1d14d2	commit \| diff

EVP: Downgrade keys rather than upgrade

Upgrading EVP_PKEYs from containing legacy keys to containing provider
side keys proved to be risky, with a number of unpleasant corner
cases, and with functions like EVP_PKEY_get0_DSA() failing
unexpectedly.

We therefore change course, and instead of upgrading legacy internal
keys to provider side internal keys, we downgrade provider side
internal keys to legacy ones. To be able to do this, we add
|import_from| and make it a callback function designed for
evp_keymgmt_export().

This means that evp_pkey_upgrade_to_provider() is replaced with
evp_pkey_downgrade().

EVP_PKEY_copy_parameters() is the most deeply affected function of
this change.

Fixes #11366

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11375)

CHANGES.md		diff \| blob \| history
crypto/err/openssl.txt		diff \| blob \| history
crypto/evp/evp_err.c		diff \| blob \| history
crypto/evp/p_lib.c		diff \| blob \| history
crypto/evp/pmeth_gn.c		diff \| blob \| history
include/crypto/asn1.h		diff \| blob \| history
include/crypto/evp.h		diff \| blob \| history
include/openssl/evperr.h		diff \| blob \| history
test/keymgmt_internal_test.c		diff \| blob \| history