Enable export_to functions to have access to the libctx

The EC export_to function calls EC_POINT_point2buf that can later
generate a random number in some circumstances. Therefore we pass in a
BN_CTX associated with the library context. This means we have to change
the export_to function signature to accept the library context.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11493)

diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 86e78aaf6cbebb19da62e599c811d778d8876630..f5bcee246086b4815a89cf234f28fc6f81604bc0 100644 (file)
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -491,7 +491,8 @@ static size_t dh_pkey_dirty_cnt(const EVP_PKEY *pkey)
 }
 
 static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
-                             EVP_KEYMGMT *to_keymgmt)
+                             EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx,
+                             const char *propq)
 {
     DH *dh = from->pkey.dh;
     OSSL_PARAM_BLD *tmpl;

diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index cc72189cdbb9a39cf850cf66d6437cbb85f3c87a..d63c142fdd157c3fc3aeb9bb94aa4f281f545dd5 100644 (file)
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -520,7 +520,8 @@ static size_t dsa_pkey_dirty_cnt(const EVP_PKEY *pkey)
 }
 
 static int dsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
-                              EVP_KEYMGMT *to_keymgmt)
+                              EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx,
+                              const char *propq)
 {
     DSA *dsa = from->pkey.dsa;
     OSSL_PARAM_BLD *tmpl;

diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 65af8cc3c5cc58f8690dc5e5d15502b54704daf0..33712247ad707a531e7a87e4ed1a8c6bdbf7e194 100644 (file)
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -620,7 +620,8 @@ int ecparams_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl)
 
 static
 int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
-                      EVP_KEYMGMT *to_keymgmt)
+                      EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx,
+                      const char *propq)
 {
     const EC_KEY *eckey = NULL;
     const EC_GROUP *ecg = NULL;
@@ -632,6 +633,7 @@ int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
     const EC_POINT *pub_point = NULL;
     int selection = 0;
     int rv = 0;
+    BN_CTX *bnctx = NULL;
 
     if (from == NULL
             || (eckey = from->pkey.ec) == NULL
@@ -658,10 +660,18 @@ int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
     pub_point = EC_KEY_get0_public_key(eckey);
 
     if (pub_point != NULL) {
+        /*
+         * EC_POINT_point2buf() can generate random numbers in some
+         * implementations so we need to ensure we use the correct libctx.
+         */
+        bnctx = BN_CTX_new_ex(libctx);
+        if (bnctx == NULL)
+            goto err;
+
         /* convert pub_point to a octet string according to the SECG standard */
         if ((pub_key_buflen = EC_POINT_point2buf(ecg, pub_point,
                                                  POINT_CONVERSION_COMPRESSED,
-                                                 &pub_key_buf, NULL)) == 0
+                                                 &pub_key_buf, bnctx)) == 0
             || !OSSL_PARAM_BLD_push_octet_string(tmpl,
                                                  OSSL_PKEY_PARAM_PUB_KEY,
                                                  pub_key_buf,
@@ -744,6 +754,7 @@ int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
     OSSL_PARAM_BLD_free(tmpl);
     OSSL_PARAM_BLD_free_params(params);
     OPENSSL_free(pub_key_buf);
+    BN_CTX_free(bnctx);
     return rv;
 }
 

diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index c142552b29b7e7cc1277fe9931f95bb3dd0dba84..750a51c3f248215909095b4120ad075fda6c3c03 100644 (file)
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -406,7 +406,8 @@ static size_t ecx_pkey_dirty_cnt(const EVP_PKEY *pkey)
 }
 
 static int ecx_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
-                              EVP_KEYMGMT *to_keymgmt)
+                              EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx,
+                              const char *propq)
 {
     const ECX_KEY *key = from->pkey.ecx;
     OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new();

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 8e7af17c310eb0e275e0bce5f3674cd9d3245f3c..85b5cc8127df84bdf0a05b66618658034768b8bb 100644 (file)
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -1442,7 +1442,7 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OPENSSL_CTX *libctx,
         if ((keydata = evp_keymgmt_newdata(tmp_keymgmt)) == NULL)
             goto end;
 
-        if (!pk->ameth->export_to(pk, keydata, tmp_keymgmt)) {
+        if (!pk->ameth->export_to(pk, keydata, tmp_keymgmt, libctx, propquery)) {
             evp_keymgmt_freedata(tmp_keymgmt, keydata);
             keydata = NULL;
             goto end;

diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index fb378ae03984845797753c289e0e73b0a6dc3e29..720eb523dd731a1f395cafe5d07c76129c2afaa4 100644 (file)
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -1081,7 +1081,8 @@ static size_t rsa_pkey_dirty_cnt(const EVP_PKEY *pkey)
 DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
 
 static int rsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
-                              EVP_KEYMGMT *to_keymgmt)
+                              EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx,
+                              const char *propq)
 {
     RSA *rsa = from->pkey.rsa;
     OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new();

diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h
index 20732c2251424d20baf58fb29a5f641c354e4ac5..84e6e7f54410f9250372eb49f7053972c63c0752 100644 (file)
--- a/include/crypto/asn1.h
+++ b/include/crypto/asn1.h
@@ -73,7 +73,8 @@ struct evp_pkey_asn1_method_st {
     /* Exports and imports to / from providers */
     size_t (*dirty_cnt) (const EVP_PKEY *pk);
     int (*export_to) (const EVP_PKEY *pk, void *to_keydata,
-                      EVP_KEYMGMT *to_keymgmt);
+                      EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx,
+                      const char *propq);
     OSSL_CALLBACK *import_from;
 } /* EVP_PKEY_ASN1_METHOD */ ;