QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-05-02 12:39:38 +00:00
Code Issues Projects Releases Wiki Activity

Make the EVP_PKEY_get0* functions have a const return type

Browse Source 
OTC have decided that the EVP_PKEY_get0* functions should have a const
return type. This is a breaking change to emphasise that these values
should be considered as immutable.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)
This commit is contained in:
Matt Caswell 2021-03-02 15:52:00 +00:00
parent cc57dc9625
commit 7bc0fdd3fd
14 changed files with 125 additions and 51 deletions

14
CHANGES.md

@ -36,9 +36,21 @@ OpenSSL 3.0
then these functions now return a cached copy of the key. Changes to
the internal provider key that take place after the first time the cached key
is accessed will not be reflected back in the cached copy. Similarly any
changed made to the cached copy by application code will not be reflected
changes made to the cached copy by application code will not be reflected
back in the internal provider key.
For the above reasons the keys returned from these functions should typically
be treated as read-only. To emphasise this the value returned from
EVP_PKEY_get0(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
EVP_PKEY_get0_EC_KEY() and EVP_PKEY_get0_DH() has been made const. This may
break some existing code. Applications broken by this change should be
modified. The preferred solution is to refactor the code to avoid the use of
these deprecated functions. Failing this the code should be modified to use a
const pointer instead. The EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(),
EVP_PKEY_get1_EC_KEY() and EVP_PKEY_get1_DH() functions continue to return a
non-const pointer to enable them to be "freed". However they should also be
treated as read-only.
*Matt Caswell*
* A number of functions handling low level keys or engines were deprecated

5
crypto/dh/dh_ameth.c

@ -433,7 +433,10 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
{
switch (op) {
case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
return ossl_dh_buf2key(EVP_PKEY_get0_DH(pkey), arg2, arg1);
/* We should only be here if we have a legacy key */
if (!ossl_assert(evp_pkey_is_legacy(pkey)))
return 0;
return ossl_dh_buf2key(evp_pkey_get0_DH_int(pkey), arg2, arg1);
case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
return ossl_dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2, 0, 1);
default:

5
crypto/ec/ec_ameth.c

@ -482,7 +482,10 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
return 1;
case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
return EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(pkey), arg2, arg1, NULL);
/* We should only be here if we have a legacy key */
if (!ossl_assert(evp_pkey_is_legacy(pkey)))
return 0;
return EC_KEY_oct2key(evp_pkey_get0_EC_KEY_int(pkey), arg2, arg1, NULL);
case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
return EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(pkey),

8
crypto/evp/ctrl_params_translate.c

@ -1481,7 +1481,7 @@ static int get_payload_group_name(enum state state,
#ifndef OPENSSL_NO_DH
case EVP_PKEY_DH:
{
DH *dh = EVP_PKEY_get0_DH(pkey);
const DH *dh = EVP_PKEY_get0_DH(pkey);
int uid = DH_get_nid(dh);
if (uid != NID_undef) {
@ -1531,7 +1531,7 @@ static int get_payload_private_key(enum state state,
#ifndef OPENSSL_NO_DH
case EVP_PKEY_DH:
{
DH *dh = EVP_PKEY_get0_DH(pkey);
const DH *dh = EVP_PKEY_get0_DH(pkey);
ctx->p2 = (BIGNUM *)DH_get0_priv_key(dh);
}
@ -1540,7 +1540,7 @@ static int get_payload_private_key(enum state state,
#ifndef OPENSSL_NO_EC
case EVP_PKEY_EC:
{
EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
ctx->p2 = (BIGNUM *)EC_KEY_get0_private_key(ec);
}
@ -1590,7 +1590,7 @@ static int get_payload_public_key(enum state state,
#ifndef OPENSSL_NO_EC
case EVP_PKEY_EC:
if (ctx->params->data_type == OSSL_PARAM_OCTET_STRING) {
EC_KEY *eckey = EVP_PKEY_get0_EC_KEY(pkey);
const EC_KEY *eckey = EVP_PKEY_get0_EC_KEY(pkey);
BN_CTX *bnctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(eckey));
const EC_GROUP *ecg = EC_KEY_get0_group(eckey);
const EC_POINT *point = EC_KEY_get0_public_key(eckey);

3
crypto/evp/p_dec.c

@ -16,6 +16,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include "crypto/evp.h"
int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl,
EVP_PKEY *priv)
@ -28,7 +29,7 @@ int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl,
}
ret =
RSA_private_decrypt(ekl, ek, key, EVP_PKEY_get0_RSA(priv),
RSA_private_decrypt(ekl, ek, key, evp_pkey_get0_RSA_int(priv),
RSA_PKCS1_PADDING);
err:
return ret;

4
crypto/evp/p_enc.c

@ -16,6 +16,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include "crypto/evp.h"
int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key,
int key_len, EVP_PKEY *pubk)
@ -26,8 +27,9 @@ int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key,
ERR_raise(ERR_LIB_EVP, EVP_R_PUBLIC_KEY_NOT_RSA);
goto err;
}
ret =
RSA_public_encrypt(key_len, key, ek, EVP_PKEY_get0_RSA(pubk),
RSA_public_encrypt(key_len, key, ek, evp_pkey_get0_RSA_int(pubk),
RSA_PKCS1_PADDING);
err:
return ret;

20
crypto/evp/p_legacy.c

@ -31,7 +31,7 @@ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
return ret;
}
RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey)
RSA *evp_pkey_get0_RSA_int(const EVP_PKEY *pkey)
{
if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) {
ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_AN_RSA_KEY);
@ -40,9 +40,14 @@ RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey)
return evp_pkey_get_legacy((EVP_PKEY *)pkey);
}
const RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey)
{
return evp_pkey_get0_RSA_int(pkey);
}
RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
{
RSA *ret = EVP_PKEY_get0_RSA(pkey);
RSA *ret = evp_pkey_get0_RSA_int(pkey);
if (ret != NULL)
RSA_up_ref(ret);
@ -59,18 +64,23 @@ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
return ret;
}
EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey)
EC_KEY *evp_pkey_get0_EC_KEY_int(const EVP_PKEY *pkey)
{
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_EC_KEY);
return NULL;
}
return evp_pkey_get_legacy((EVP_PKEY *)pkey);
}
const EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey)
{
return evp_pkey_get0_EC_KEY_int(pkey);
}
EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
{
EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey);
EC_KEY *ret = evp_pkey_get0_EC_KEY_int(pkey);
if (ret != NULL)
EC_KEY_up_ref(ret);

36
crypto/evp/p_lib.c

@ -740,7 +740,7 @@ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
}
# endif
void *EVP_PKEY_get0(const EVP_PKEY *pkey)
const void *EVP_PKEY_get0(const EVP_PKEY *pkey)
{
if (pkey == NULL)
return NULL;
@ -750,7 +750,7 @@ void *EVP_PKEY_get0(const EVP_PKEY *pkey)
const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len)
{
ASN1_OCTET_STRING *os = NULL;
const ASN1_OCTET_STRING *os = NULL;
if (pkey->type != EVP_PKEY_HMAC) {
ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_AN_HMAC_KEY);
return NULL;
@ -763,7 +763,7 @@ const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len)
# ifndef OPENSSL_NO_POLY1305
const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len)
{
ASN1_OCTET_STRING *os = NULL;
const ASN1_OCTET_STRING *os = NULL;
if (pkey->type != EVP_PKEY_POLY1305) {
ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_POLY1305_KEY);
return NULL;
@ -777,7 +777,7 @@ const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len)
# ifndef OPENSSL_NO_SIPHASH
const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len)
{
ASN1_OCTET_STRING *os = NULL;
const ASN1_OCTET_STRING *os = NULL;
if (pkey->type != EVP_PKEY_SIPHASH) {
ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_SIPHASH_KEY);
@ -790,7 +790,7 @@ const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len)
# endif
# ifndef OPENSSL_NO_DSA
DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey)
static DSA *evp_pkey_get0_DSA_int(const EVP_PKEY *pkey)
{
if (pkey->type != EVP_PKEY_DSA) {
ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_DSA_KEY);
@ -799,6 +799,11 @@ DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey)
return evp_pkey_get_legacy((EVP_PKEY *)pkey);
}
const DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey)
{
return evp_pkey_get0_DSA_int(pkey);
}
int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
{
int ret = EVP_PKEY_assign_DSA(pkey, key);
@ -808,7 +813,8 @@ int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
}
DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
{
DSA *ret = EVP_PKEY_get0_DSA(pkey);
DSA *ret = evp_pkey_get0_DSA_int(pkey);
if (ret != NULL)
DSA_up_ref(ret);
return ret;
@ -818,7 +824,7 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
#ifndef FIPS_MODULE
# ifndef OPENSSL_NO_EC
static ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type)
static const ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type)
{
if (EVP_PKEY_base_id(pkey) != type) {
ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_ECX_KEY);
@ -829,7 +835,7 @@ static ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type)
static ECX_KEY *evp_pkey_get1_ECX_KEY(EVP_PKEY *pkey, int type)
{
ECX_KEY *ret = evp_pkey_get0_ECX_KEY(pkey, type);
ECX_KEY *ret = (ECX_KEY *)evp_pkey_get0_ECX_KEY(pkey, type);
if (ret != NULL)
ossl_ecx_key_up_ref(ret);
return ret;
@ -859,7 +865,7 @@ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
return ret;
}
DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey)
DH *evp_pkey_get0_DH_int(const EVP_PKEY *pkey)
{
if (pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) {
ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_DH_KEY);
@ -868,9 +874,15 @@ DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey)
return evp_pkey_get_legacy((EVP_PKEY *)pkey);
}
const DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey)
{
return evp_pkey_get0_DH_int(pkey);
}
DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
{
DH *ret = EVP_PKEY_get0_DH(pkey);
DH *ret = evp_pkey_get0_DH_int(pkey);
if (ret != NULL)
DH_up_ref(ret);
return ret;
@ -2166,7 +2178,7 @@ int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey)
|| pkey->keydata == NULL) {
#ifndef OPENSSL_NO_EC
/* Might work through the legacy route */
EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
if (ec == NULL)
return 0;
@ -2206,7 +2218,7 @@ int EVP_PKEY_get_field_type(const EVP_PKEY *pkey)
|| pkey->keydata == NULL) {
#ifndef OPENSSL_NO_EC
/* Might work through the legacy route */
EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
const EC_GROUP *grp;
if (ec == NULL)

16
crypto/pem/pvkfmt.c

@ -450,12 +450,12 @@ static void write_lebn(unsigned char **out, const BIGNUM *bn, int len)
*out += len;
}
static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic);
static void write_rsa(unsigned char **out, RSA *rsa, int ispub);
static int check_bitlen_rsa(const RSA *rsa, int ispub, unsigned int *magic);
static void write_rsa(unsigned char **out, const RSA *rsa, int ispub);
#ifndef OPENSSL_NO_DSA
static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic);
static void write_dsa(unsigned char **out, DSA *dsa, int ispub);
static int check_bitlen_dsa(const DSA *dsa, int ispub, unsigned int *magic);
static void write_dsa(unsigned char **out, const DSA *dsa, int ispub);
#endif
static int do_i2b(unsigned char **out, const EVP_PKEY *pk, int ispub)
@ -542,7 +542,7 @@ static int do_i2b_bio(BIO *out, const EVP_PKEY *pk, int ispub)
return -1;
}
static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
static int check_bitlen_rsa(const RSA *rsa, int ispub, unsigned int *pmagic)
{
int nbyte, hnbyte, bitlen;
const BIGNUM *e;
@ -582,7 +582,7 @@ static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
return 0;
}
static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
static void write_rsa(unsigned char **out, const RSA *rsa, int ispub)
{
int nbyte, hnbyte;
const BIGNUM *n, *d, *e, *p, *q, *iqmp, *dmp1, *dmq1;
@ -605,7 +605,7 @@ static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
}
#ifndef OPENSSL_NO_DSA
static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
static int check_bitlen_dsa(const DSA *dsa, int ispub, unsigned int *pmagic)
{
int bitlen;
const BIGNUM *p = NULL, *q = NULL, *g = NULL;
@ -633,7 +633,7 @@ static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
return 0;
}
static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
static void write_dsa(unsigned char **out, const DSA *dsa, int ispub)
{
int nbyte;
const BIGNUM *p = NULL, *q = NULL, *g = NULL;

22
doc/man3/EVP_PKEY_set1_RSA.pod

@ -38,10 +38,10 @@ L<openssl_user_macros(7)>:
const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey);
DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
const RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
const DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey);
const DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
const EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key);
int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
@ -143,6 +143,17 @@ EVP_PKEY_id(), EVP_PKEY_base_id(), EVP_PKEY_type(), EVP_PKEY_set_alias_type()
For EVP_PKEY key type checking purposes, L<EVP_PKEY_is_a(3)> is more generic.
The keys returned from the functions EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() were changed to have a "const"
return type in OpenSSL 3.0. As described above the keys returned may be cached
copies of the key held in a provider. Due to this, and unlike in earlier
versions of OpenSSL, they should be considered read-only copies of the key.
Updates to these keys will not be reflected back in the provider side key. The
EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
EVP_PKEY_get1_EC_KEY() functions were not changed to have a "const" return type
in order that applications can "free" the return value. However applications
should still consider them as read-only copies.
=head1 NOTES
In accordance with the OpenSSL naming convention the key obtained
@ -216,6 +227,9 @@ EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash,
EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine and EVP_PKEY_get0_engine were
deprecated in OpenSSL 3.0.
The return value from EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH,
EVP_PKEY_get0_EC_KEY were made const in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.

7
include/crypto/evp.h

@ -890,4 +890,11 @@ int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
/* This must ONLY be called for legacy EVP_PKEYs */
int evp_pkey_get_params_to_ctrl(const EVP_PKEY *pkey, OSSL_PARAM *params);
/* Same as the public get0 functions but are not const */
# ifndef OPENSSL_NO_DEPRECATED_3_0
DH *evp_pkey_get0_DH_int(const EVP_PKEY *pkey);
EC_KEY *evp_pkey_get0_EC_KEY_int(const EVP_PKEY *pkey);
RSA *evp_pkey_get0_RSA_int(const EVP_PKEY *pkey);
# endif
#endif /* OSSL_CRYPTO_EVP_H */

10
include/openssl/evp.h

@ -1249,7 +1249,7 @@ ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey);
OSSL_DEPRECATEDIN_3_0
int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
OSSL_DEPRECATEDIN_3_0
void *EVP_PKEY_get0(const EVP_PKEY *pkey);
const void *EVP_PKEY_get0(const EVP_PKEY *pkey);
OSSL_DEPRECATEDIN_3_0
const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
# ifndef OPENSSL_NO_POLY1305
@ -1265,7 +1265,7 @@ struct rsa_st;
OSSL_DEPRECATEDIN_3_0
int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
OSSL_DEPRECATEDIN_3_0
struct rsa_st *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
const struct rsa_st *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
OSSL_DEPRECATEDIN_3_0
struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
@ -1274,7 +1274,7 @@ struct dsa_st;
OSSL_DEPRECATEDIN_3_0
int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key);
OSSL_DEPRECATEDIN_3_0
struct dsa_st *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey);
const struct dsa_st *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey);
OSSL_DEPRECATEDIN_3_0
struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
# endif
@ -1282,7 +1282,7 @@ struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
# ifndef OPENSSL_NO_DH
struct dh_st;
OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key);
OSSL_DEPRECATEDIN_3_0 struct dh_st *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
OSSL_DEPRECATEDIN_3_0 const struct dh_st *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
OSSL_DEPRECATEDIN_3_0 struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
# endif
@ -1291,7 +1291,7 @@ struct ec_key_st;
OSSL_DEPRECATEDIN_3_0
int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
OSSL_DEPRECATEDIN_3_0
struct ec_key_st *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
const struct ec_key_st *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
OSSL_DEPRECATEDIN_3_0
struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
# endif

12
test/endecoder_legacy_test.c

@ -58,11 +58,11 @@
#include "testutil.h"
typedef int PEM_write_bio_of_void_protected(BIO *out, void *obj,
typedef int PEM_write_bio_of_void_protected(BIO *out, const void *obj,
const EVP_CIPHER *enc,
unsigned char *kstr, int klen,
pem_password_cb *cb, void *u);
typedef int PEM_write_bio_of_void_unprotected(BIO *out, void *obj);
typedef int PEM_write_bio_of_void_unprotected(BIO *out, const void *obj);
typedef void *PEM_read_bio_of_void(BIO *out, void **obj,
pem_password_cb *cb, void *u);
typedef int EVP_PKEY_print_fn(BIO *out, const EVP_PKEY *pkey,
@ -294,7 +294,7 @@ static int test_membio_str_eq(BIO *bio_provided, BIO *bio_legacy)
}
static int test_protected_PEM(const char *keytype, int evp_type,
void *legacy_key,
const void *legacy_key,
PEM_write_bio_of_void_protected *pem_write_bio,
PEM_read_bio_of_void *pem_read_bio,
EVP_PKEY_eq_fn *evp_pkey_eq,
@ -362,7 +362,7 @@ static int test_protected_PEM(const char *keytype, int evp_type,
}
static int test_unprotected_PEM(const char *keytype, int evp_type,
void *legacy_key,
const void *legacy_key,
PEM_write_bio_of_void_unprotected *pem_write_bio,
PEM_read_bio_of_void *pem_read_bio,
EVP_PKEY_eq_fn *evp_pkey_eq,
@ -429,7 +429,7 @@ static int test_unprotected_PEM(const char *keytype, int evp_type,
}
static int test_DER(const char *keytype, int evp_type,
void *legacy_key, i2d_of_void *i2d, d2i_of_void *d2i,
const void *legacy_key, i2d_of_void *i2d, d2i_of_void *d2i,
EVP_PKEY_eq_fn *evp_pkey_eq,
EVP_PKEY_print_fn *evp_pkey_print,
EVP_PKEY *provided_pkey, int selection,
@ -506,7 +506,7 @@ static int test_key(int idx)
int ok = 0;
size_t i;
EVP_PKEY *pkey = NULL, *downgraded_pkey = NULL;
void *legacy_obj = NULL;
const void *legacy_obj = NULL;
/* Get the test data */
if (!TEST_ptr(test_stanza = &test_stanzas[idx])

14
test/sslapitest.c

@ -8313,7 +8313,14 @@ static DH *tmp_dh_callback(SSL *s, int is_export, int keylen)
if (!TEST_ptr(dhpkey))
return NULL;
ret = EVP_PKEY_get0_DH(dhpkey);
/*
* libssl does not free the returned DH, so we free it now knowing that even
* after we free dhpkey, there will still be a reference to the owning
* EVP_PKEY in tmp_dh_params, and so the DH object will live for the length
* of time we need it for.
*/
ret = EVP_PKEY_get1_DH(dhpkey);
DH_free(ret);
EVP_PKEY_free(dhpkey);
@ -8361,7 +8368,7 @@ static int test_set_tmp_dh(int idx)
}
# ifndef OPENSSL_NO_DEPRECATED_3_0
if (idx == 7 || idx == 8) {
dh = EVP_PKEY_get0_DH(dhpkey);
dh = EVP_PKEY_get1_DH(dhpkey);
if (!TEST_ptr(dh))
goto end;
}
@ -8431,6 +8438,9 @@ static int test_set_tmp_dh(int idx)
testresult = 1;
end:
# ifndef OPENSSL_NO_DEPRECATED_3_0
DH_free(dh);
# endif
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);