Detect low-level engine and app method based keys

The low-level engine and app method based keys have to be treated as foreign and must be used with old legacy pmeths. Fixes #14632 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14859)
author: Tomas Mraz <tomas@openssl.org> 2021-04-13 17:31:08 +0200
committer: Tomas Mraz <tomas@openssl.org> 2021-04-19 11:36:16 +0200
commit: b247113c053903ebb61a54ba5324847ba883ed70 (patch)
tree: d01dfc99a0b4f52ba94b186ff1e476f1b1916e2f /crypto/dh
parent: 5ae52001e115452ca285713feb1c2feaf07902ad (diff)
download: openssl-new-b247113c053903ebb61a54ba5324847ba883ed70.tar.gz
1 files changed, 10 insertions, 3 deletions
diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c
index 18cf3f5992..a727d5c87b 100644
--- a/crypto/dh/dh_backend.c
+++ b/crypto/dh/dh_backend.c
@@ -118,6 +118,15 @@ int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
     return 1;
 }
 
+int ossl_dh_is_foreign(const DH *dh)
+{
+#ifndef FIPS_MODULE
+    if (dh->engine != NULL || ossl_dh_get_method(dh) != DH_OpenSSL())
+        return 1;
+#endif
+    return 0;
+}
+
 static ossl_inline int dh_bn_dup_check(BIGNUM **out, const BIGNUM *f)
 {
     if (f != NULL && (*out = BN_dup(f)) == NULL)
@@ -129,11 +138,9 @@ DH *ossl_dh_dup(const DH *dh, int selection)
 {
     DH *dupkey = NULL;
 
-#ifndef FIPS_MODULE
     /* Do not try to duplicate foreign DH keys */
-    if (ossl_dh_get_method(dh) != DH_OpenSSL())
+    if (ossl_dh_is_foreign(dh))
         return NULL;
-#endif
 
     if ((dupkey = ossl_dh_new_ex(dh->libctx)) == NULL)
         return NULL;
author	Tomas Mraz <tomas@openssl.org>	2021-04-13 17:31:08 +0200
committer	Tomas Mraz <tomas@openssl.org>	2021-04-19 11:36:16 +0200
commit	b247113c053903ebb61a54ba5324847ba883ed70 (patch)
tree	d01dfc99a0b4f52ba94b186ff1e476f1b1916e2f /crypto/dh
parent	5ae52001e115452ca285713feb1c2feaf07902ad (diff)
download	openssl-new-b247113c053903ebb61a54ba5324847ba883ed70.tar.gz