EVP: use evp_pkey_ctx_is_legacy() to find what implementation to use

We've had explicit checks for when to fall back to legacy code for
operations that use an EVP_PKEY.  Unfortunately, the checks were
radically different in different spots, so we refactor that into a
macro that gets used everywhere.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13043)

diff --git a/crypto/evp/asymcipher.c b/crypto/evp/asymcipher.c
index a80398782c56fd52252233a4d9a90d90c66f035a..f28bfe6aefc11efcee9b91b1fb4fee309eea4580 100644 (file)
--- a/crypto/evp/asymcipher.c
+++ b/crypto/evp/asymcipher.c
@@ -38,7 +38,7 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation)
      */
     ERR_set_mark();
 
-    if (ctx->engine != NULL || ctx->keytype == NULL)
+    if (evp_pkey_ctx_is_legacy(ctx))
         goto legacy;
 
     /*

diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c
index ccd75099ad9925838ef086b7d7bd9e27d7835d64..ea1f771d6f6414c797b5a82e9886f9803716fdb6 100644 (file)
--- a/crypto/evp/exchange.c
+++ b/crypto/evp/exchange.c
@@ -197,7 +197,7 @@ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
      */
     ERR_set_mark();
 
-    if (ctx->keymgmt == NULL)
+    if (evp_pkey_ctx_is_legacy(ctx))
         goto legacy;
 
     /*

diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index faf5191234ccafe103f2005514d46f2428c8805c..783225b6f7c1b7335f58c95e1710a135b96c12b9 100644 (file)
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -80,7 +80,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
      */
     ERR_set_mark();
 
-    if (locpctx->engine != NULL || locpctx->keytype == NULL)
+    if (evp_pkey_ctx_is_legacy(locpctx))
         goto legacy;
 
     /*

diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c
index 7a2af1b5a271b4594c5a330250394586efedc229..c0126501f82bb0fddc1775d837d64035216e78ed 100644 (file)
--- a/crypto/evp/signature.c
+++ b/crypto/evp/signature.c
@@ -381,7 +381,7 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation)
      */
     ERR_set_mark();
 
-    if (ctx->keymgmt == NULL)
+    if (evp_pkey_ctx_is_legacy(ctx))
         goto legacy;
 
     /*

diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 986e11705ba98b716402b80fca36417bd1ed4c5d..9ca1a6062f57329cebdb876ba0bffb4bfeb19a58 100644 (file)
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -18,6 +18,22 @@
  */
 #define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX   0x0400
 
+/*
+ * An EVP_PKEY can have the following support states:
+ *
+ * Supports legacy implementations only:
+ *
+ *      engine != NULL || keytype == NULL
+ *
+ * Supports provided implementations:
+ *
+ *      engine == NULL && keytype != NULL
+ */
+#define evp_pkey_ctx_is_legacy(ctx)                             \
+    ((ctx)->engine != NULL || (ctx)->keytype == NULL)
+#define evp_pkey_ctx_is_provided(ctx)                           \
+    (!evp_pkey_ctx_is_legacy(ctx))
+
 struct evp_pkey_ctx_st {
     /* Actual operation */
     int operation;