From: Matt Caswell Date: Wed, 29 May 2019 16:03:53 +0000 (+0100) Subject: Create BN_CTX_new_ex() and BN_CTX_secure_new_ex() X-Git-Tag: openssl-3.0.0-alpha1~1962 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=7bc081dda349a3473154d31f6094ee34545c4980;p=oweals%2Fopenssl.git Create BN_CTX_new_ex() and BN_CTX_secure_new_ex() These variants of BN_CTX_new() and BN_CTX_secure_new() enable passing an OPENSSL_CTX so that we can access this where needed throughout the BIGNUM sub library. Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9130) --- diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index 62e29b5dcc..4857661d2d 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -86,6 +86,8 @@ struct bignum_ctx { int too_many; /* Flags. */ int flags; + /* The library context */ + OPENSSL_CTX *libctx; }; /* Debugging functionality */ @@ -121,30 +123,40 @@ static void ctxdbg(BIO *channel, const char *text, BN_CTX *ctx) ctxdbg(trc_out, str, ctx); \ } OSSL_TRACE_END(BN_CTX) - -BN_CTX *BN_CTX_new(void) +BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx) { BN_CTX *ret; if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { - BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE); + BNerr(BN_F_BN_CTX_NEW_EX, ERR_R_MALLOC_FAILURE); return NULL; } /* Initialise the structure */ BN_POOL_init(&ret->pool); BN_STACK_init(&ret->stack); + ret->libctx = ctx; return ret; } -BN_CTX *BN_CTX_secure_new(void) +BN_CTX *BN_CTX_new(void) { - BN_CTX *ret = BN_CTX_new(); + return BN_CTX_new_ex(NULL); +} + +BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx) +{ + BN_CTX *ret = BN_CTX_new_ex(ctx); if (ret != NULL) ret->flags = BN_FLG_SECURE; return ret; } +BN_CTX *BN_CTX_secure_new(void) +{ + return BN_CTX_secure_new_ex(NULL); +} + void BN_CTX_free(BN_CTX *ctx) { if (ctx == NULL) diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index b988646f22..5ca6a1f34f 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -29,6 +29,7 @@ static const ERR_STRING_DATA BN_str_functs[] = { {ERR_PACK(ERR_LIB_BN, BN_F_BN_COMPUTE_WNAF, 0), "bn_compute_wNAF"}, {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_GET, 0), "BN_CTX_get"}, {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_NEW, 0), "BN_CTX_new"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_NEW_EX, 0), "BN_CTX_new_ex"}, {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_START, 0), "BN_CTX_start"}, {ERR_PACK(ERR_LIB_BN, BN_F_BN_DIV, 0), "BN_div"}, {ERR_PACK(ERR_LIB_BN, BN_F_BN_DIV_RECP, 0), "BN_div_recp"}, diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 58e1b940cd..a8a632f025 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -196,6 +196,7 @@ BN_F_BN_BN2HEX:105:BN_bn2hex BN_F_BN_COMPUTE_WNAF:142:bn_compute_wNAF BN_F_BN_CTX_GET:116:BN_CTX_get BN_F_BN_CTX_NEW:106:BN_CTX_new +BN_F_BN_CTX_NEW_EX:151:BN_CTX_new_ex BN_F_BN_CTX_START:129:BN_CTX_start BN_F_BN_DIV:107:BN_div BN_F_BN_DIV_RECP:130:BN_div_recp diff --git a/doc/man3/BN_CTX_new.pod b/doc/man3/BN_CTX_new.pod index eb8899b773..17c53ec79d 100644 --- a/doc/man3/BN_CTX_new.pod +++ b/doc/man3/BN_CTX_new.pod @@ -2,14 +2,17 @@ =head1 NAME -BN_CTX_new, BN_CTX_secure_new, BN_CTX_free - allocate and free BN_CTX structures +BN_CTX_new_ex, BN_CTX_new, BN_CTX_secure_new_ex, BN_CTX_secure_new, BN_CTX_free +- allocate and free BN_CTX structures =head1 SYNOPSIS #include + BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx); BN_CTX *BN_CTX_new(void); + BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx); BN_CTX *BN_CTX_secure_new(void); void BN_CTX_free(BN_CTX *c); @@ -21,10 +24,17 @@ library functions. Since dynamic memory allocation to create Bs is rather expensive when used in conjunction with repeated subroutine calls, the B structure is used. -BN_CTX_new() allocates and initializes a B structure. -BN_CTX_secure_new() allocates and initializes a B structure +BN_CTX_new_ex() allocates and initializes a B structure for the given +library context B. The value may be NULL in which case the default +library context will be used. BN_CTX_new() is the same as BN_CTX_new_ex() except +that the default library context is always used. + +BN_CTX_secure_new_ex() allocates and initializes a B structure but uses the secure heap (see L) to hold the -Bs. +Bs for the given library context B. The value may be NULL in +which case the default library context will be used. BN_CTX_secure_new() is the +same as BN_CTX_secure_new_ex() except that the default library context is always +used. BN_CTX_free() frees the components of the B and the structure itself. Since BN_CTX_start() is required in order to obtain Bs from the diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 57d2ddd18d..377016062d 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -198,7 +198,9 @@ void BN_zero_ex(BIGNUM *a); const BIGNUM *BN_value_one(void); char *BN_options(void); +BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx); BN_CTX *BN_CTX_new(void); +BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx); BN_CTX *BN_CTX_secure_new(void); void BN_CTX_free(BN_CTX *c); void BN_CTX_start(BN_CTX *ctx); diff --git a/include/openssl/bnerr.h b/include/openssl/bnerr.h index bcf4f8f2eb..6bdea5bb0e 100644 --- a/include/openssl/bnerr.h +++ b/include/openssl/bnerr.h @@ -35,6 +35,7 @@ int ERR_load_BN_strings(void); # define BN_F_BN_COMPUTE_WNAF 142 # define BN_F_BN_CTX_GET 116 # define BN_F_BN_CTX_NEW 106 +# define BN_F_BN_CTX_NEW_EX 151 # define BN_F_BN_CTX_START 129 # define BN_F_BN_DIV 107 # define BN_F_BN_DIV_RECP 130 diff --git a/util/libcrypto.num b/util/libcrypto.num index 0c2a8f5da7..7280649920 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4829,3 +4829,5 @@ RAND_DRBG_secure_new_ex 4773 3_0_0 EXIST::FUNCTION: OPENSSL_CTX_get0_master_drbg 4774 3_0_0 EXIST::FUNCTION: OPENSSL_CTX_get0_public_drbg 4775 3_0_0 EXIST::FUNCTION: OPENSSL_CTX_get0_private_drbg 4776 3_0_0 EXIST::FUNCTION: +BN_CTX_new_ex 4777 3_0_0 EXIST::FUNCTION: +BN_CTX_secure_new_ex 4778 3_0_0 EXIST::FUNCTION: