We should use EVP_PKEY_CTX_new_from_pkey() to ensure we use the correct
libctx.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11401)
*/
# ifndef OPENSSL_NO_DH
if (gtype == TLS_GROUP_FFDHE)
*/
# ifndef OPENSSL_NO_DH
if (gtype == TLS_GROUP_FFDHE)
+# if 0
+ pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, "DH", s->ctx->propq);
+# else
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL);
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL);
# ifndef OPENSSL_NO_EC
else
# ifndef OPENSSL_NO_EC
else
+# endif /* OPENSSL_NO_EC */
+# endif /* OPENSSL_NO_DH */
+ /*
+ * TODO(3.0): When provider based EC key gen is present we can enable
+ * this code.
+ */
if (gtype == TLS_GROUP_CURVE_CUSTOM)
pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
else
if (gtype == TLS_GROUP_CURVE_CUSTOM)
pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
else
+# if 0
+ pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, "EC",
+ s->ctx->propq);
+# else
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
+# endif /* OPENSSL_NO_EC */
if (pctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_MALLOC_FAILURE);
if (pctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_MALLOC_FAILURE);
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
+#if 0
+ const char *pkey_ctx_name;
+#else
if (ginf == NULL)
goto err;
if (ginf == NULL)
goto err;
* s->ctx->libctx and s->ctx->propq when paramgen has been updated to be
* provider aware.
*/
* s->ctx->libctx and s->ctx->propq when paramgen has been updated to be
* provider aware.
*/
+#if 0
+ pkey_ctx_name = (ginf->flags & TLS_GROUP_FFDHE) != 0 ? "DH" : "EC";
+ pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, pkey_ctx_name,
+ s->ctx->propq);
+#else
pkey_ctx_id = (ginf->flags & TLS_GROUP_FFDHE)
? EVP_PKEY_DH : EVP_PKEY_EC;
pctx = EVP_PKEY_CTX_new_id(pkey_ctx_id, NULL);
pkey_ctx_id = (ginf->flags & TLS_GROUP_FFDHE)
? EVP_PKEY_DH : EVP_PKEY_EC;
pctx = EVP_PKEY_CTX_new_id(pkey_ctx_id, NULL);
if (pctx == NULL)
goto err;
if (EVP_PKEY_paramgen_init(pctx) <= 0)
if (pctx == NULL)
goto err;
if (EVP_PKEY_paramgen_init(pctx) <= 0)