From: Matt Caswell Date: Fri, 10 Apr 2020 17:27:11 +0000 (+0100) Subject: When calling EC_POINT_point2buf we must use a libctx X-Git-Tag: openssl-3.0.0-alpha1~96 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=e395ba223d45ead1bafe05bb8c4e19fdbc201bd0;p=oweals%2Fopenssl.git When calling EC_POINT_point2buf we must use a libctx In a similar way to commit 76e23fc5 we must ensure that we use a libctx whenever we call EC_POINT_point2buf because it can end up using crypto algorithms. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11535) --- diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index 0e310ecbae..467004c783 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -116,6 +116,7 @@ int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl, const EC_GROUP *ecg = NULL; size_t pub_key_len = 0; int ret = 0; + BN_CTX *bnctx = NULL; if (eckey == NULL || (ecg = EC_KEY_get0_group(eckey)) == NULL) @@ -125,10 +126,18 @@ int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl, pub_point = EC_KEY_get0_public_key(eckey); if (pub_point != NULL) { + /* + * EC_POINT_point2buf() can generate random numbers in some + * implementations so we need to ensure we use the correct libctx. + */ + bnctx = BN_CTX_new_ex(ec_key_get_libctx(eckey)); + if (bnctx == NULL) + goto err; + /* convert pub_point to a octet string according to the SECG standard */ if ((pub_key_len = EC_POINT_point2buf(ecg, pub_point, POINT_CONVERSION_COMPRESSED, - pub_key, NULL)) == 0 + pub_key, bnctx)) == 0 || !ossl_param_build_set_octet_string(tmpl, params, OSSL_PKEY_PARAM_PUB_KEY, *pub_key, pub_key_len)) @@ -184,6 +193,7 @@ int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl, } ret = 1; err: + BN_CTX_free(bnctx); return ret; }