diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-04-13 17:31:08 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-04-19 11:36:16 +0200 |
commit | b247113c053903ebb61a54ba5324847ba883ed70 (patch) | |
tree | d01dfc99a0b4f52ba94b186ff1e476f1b1916e2f /crypto/dh | |
parent | 5ae52001e115452ca285713feb1c2feaf07902ad (diff) | |
download | openssl-new-b247113c053903ebb61a54ba5324847ba883ed70.tar.gz |
Detect low-level engine and app method based keys
The low-level engine and app method based keys have to be treated
as foreign and must be used with old legacy pmeths.
Fixes #14632
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14859)
Diffstat (limited to 'crypto/dh')
-rw-r--r-- | crypto/dh/dh_backend.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c index 18cf3f5992..a727d5c87b 100644 --- a/crypto/dh/dh_backend.c +++ b/crypto/dh/dh_backend.c @@ -118,6 +118,15 @@ int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) return 1; } +int ossl_dh_is_foreign(const DH *dh) +{ +#ifndef FIPS_MODULE + if (dh->engine != NULL || ossl_dh_get_method(dh) != DH_OpenSSL()) + return 1; +#endif + return 0; +} + static ossl_inline int dh_bn_dup_check(BIGNUM **out, const BIGNUM *f) { if (f != NULL && (*out = BN_dup(f)) == NULL) @@ -129,11 +138,9 @@ DH *ossl_dh_dup(const DH *dh, int selection) { DH *dupkey = NULL; -#ifndef FIPS_MODULE /* Do not try to duplicate foreign DH keys */ - if (ossl_dh_get_method(dh) != DH_OpenSSL()) + if (ossl_dh_is_foreign(dh)) return NULL; -#endif if ((dupkey = ossl_dh_new_ex(dh->libctx)) == NULL) return NULL; |