From 76e23fc50b2dcf9b4d33824102ce5ae03f8faea3 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 6 Apr 2020 16:05:24 +0100 Subject: [PATCH] Enable export_to functions to have access to the libctx The EC export_to function calls EC_POINT_point2buf that can later generate a random number in some circumstances. Therefore we pass in a BN_CTX associated with the library context. This means we have to change the export_to function signature to accept the library context. Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11493) --- crypto/dh/dh_ameth.c | 3 ++- crypto/dsa/dsa_ameth.c | 3 ++- crypto/ec/ec_ameth.c | 15 +++++++++++++-- crypto/ec/ecx_meth.c | 3 ++- crypto/evp/p_lib.c | 2 +- crypto/rsa/rsa_ameth.c | 3 ++- include/crypto/asn1.h | 3 ++- 7 files changed, 24 insertions(+), 8 deletions(-) diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 86e78aaf6c..f5bcee2460 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -491,7 +491,8 @@ static size_t dh_pkey_dirty_cnt(const EVP_PKEY *pkey) } static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata, - EVP_KEYMGMT *to_keymgmt) + EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx, + const char *propq) { DH *dh = from->pkey.dh; OSSL_PARAM_BLD *tmpl; diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index cc72189cdb..d63c142fdd 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -520,7 +520,8 @@ static size_t dsa_pkey_dirty_cnt(const EVP_PKEY *pkey) } static int dsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata, - EVP_KEYMGMT *to_keymgmt) + EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx, + const char *propq) { DSA *dsa = from->pkey.dsa; OSSL_PARAM_BLD *tmpl; diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 65af8cc3c5..33712247ad 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -620,7 +620,8 @@ int ecparams_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl) static int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata, - EVP_KEYMGMT *to_keymgmt) + EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx, + const char *propq) { const EC_KEY *eckey = NULL; const EC_GROUP *ecg = NULL; @@ -632,6 +633,7 @@ int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata, const EC_POINT *pub_point = NULL; int selection = 0; int rv = 0; + BN_CTX *bnctx = NULL; if (from == NULL || (eckey = from->pkey.ec) == NULL @@ -658,10 +660,18 @@ int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata, pub_point = EC_KEY_get0_public_key(eckey); if (pub_point != NULL) { + /* + * EC_POINT_point2buf() can generate random numbers in some + * implementations so we need to ensure we use the correct libctx. + */ + bnctx = BN_CTX_new_ex(libctx); + if (bnctx == NULL) + goto err; + /* convert pub_point to a octet string according to the SECG standard */ if ((pub_key_buflen = EC_POINT_point2buf(ecg, pub_point, POINT_CONVERSION_COMPRESSED, - &pub_key_buf, NULL)) == 0 + &pub_key_buf, bnctx)) == 0 || !OSSL_PARAM_BLD_push_octet_string(tmpl, OSSL_PKEY_PARAM_PUB_KEY, pub_key_buf, @@ -744,6 +754,7 @@ int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata, OSSL_PARAM_BLD_free(tmpl); OSSL_PARAM_BLD_free_params(params); OPENSSL_free(pub_key_buf); + BN_CTX_free(bnctx); return rv; } diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index c142552b29..750a51c3f2 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -406,7 +406,8 @@ static size_t ecx_pkey_dirty_cnt(const EVP_PKEY *pkey) } static int ecx_pkey_export_to(const EVP_PKEY *from, void *to_keydata, - EVP_KEYMGMT *to_keymgmt) + EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx, + const char *propq) { const ECX_KEY *key = from->pkey.ecx; OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new(); diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 8e7af17c31..85b5cc8127 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1442,7 +1442,7 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OPENSSL_CTX *libctx, if ((keydata = evp_keymgmt_newdata(tmp_keymgmt)) == NULL) goto end; - if (!pk->ameth->export_to(pk, keydata, tmp_keymgmt)) { + if (!pk->ameth->export_to(pk, keydata, tmp_keymgmt, libctx, propquery)) { evp_keymgmt_freedata(tmp_keymgmt, keydata); keydata = NULL; goto end; diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index fb378ae039..720eb523dd 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -1081,7 +1081,8 @@ static size_t rsa_pkey_dirty_cnt(const EVP_PKEY *pkey) DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) static int rsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata, - EVP_KEYMGMT *to_keymgmt) + EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx, + const char *propq) { RSA *rsa = from->pkey.rsa; OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new(); diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h index 20732c2251..84e6e7f544 100644 --- a/include/crypto/asn1.h +++ b/include/crypto/asn1.h @@ -73,7 +73,8 @@ struct evp_pkey_asn1_method_st { /* Exports and imports to / from providers */ size_t (*dirty_cnt) (const EVP_PKEY *pk); int (*export_to) (const EVP_PKEY *pk, void *to_keydata, - EVP_KEYMGMT *to_keymgmt); + EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx, + const char *propq); OSSL_CALLBACK *import_from; } /* EVP_PKEY_ASN1_METHOD */ ; -- 2.25.1