[openssl] master update
Matt Caswell
matt at openssl.org
Thu Apr 9 11:24:57 UTC 2020
The branch master has been updated
via 76e23fc50b2dcf9b4d33824102ce5ae03f8faea3 (commit)
from 8519b244bc6c38f265bf9bad80c52bd7c0ff469f (commit)
- Log -----------------------------------------------------------------
commit 76e23fc50b2dcf9b4d33824102ce5ae03f8faea3
Author: Matt Caswell <matt at openssl.org>
Date: Mon Apr 6 16:05:24 2020 +0100
Enable export_to functions to have access to the libctx
The EC export_to function calls EC_POINT_point2buf that can later
generate a random number in some circumstances. Therefore we pass in a
BN_CTX associated with the library context. This means we have to change
the export_to function signature to accept the library context.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11493)
-----------------------------------------------------------------------
Summary of changes:
crypto/dh/dh_ameth.c | 3 ++-
crypto/dsa/dsa_ameth.c | 3 ++-
crypto/ec/ec_ameth.c | 15 +++++++++++++--
crypto/ec/ecx_meth.c | 3 ++-
crypto/evp/p_lib.c | 2 +-
crypto/rsa/rsa_ameth.c | 3 ++-
include/crypto/asn1.h | 3 ++-
7 files changed, 24 insertions(+), 8 deletions(-)
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 86e78aaf6c..f5bcee2460 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -491,7 +491,8 @@ static size_t dh_pkey_dirty_cnt(const EVP_PKEY *pkey)
}
static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
- EVP_KEYMGMT *to_keymgmt)
+ EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx,
+ const char *propq)
{
DH *dh = from->pkey.dh;
OSSL_PARAM_BLD *tmpl;
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index cc72189cdb..d63c142fdd 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -520,7 +520,8 @@ static size_t dsa_pkey_dirty_cnt(const EVP_PKEY *pkey)
}
static int dsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
- EVP_KEYMGMT *to_keymgmt)
+ EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx,
+ const char *propq)
{
DSA *dsa = from->pkey.dsa;
OSSL_PARAM_BLD *tmpl;
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 65af8cc3c5..33712247ad 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -620,7 +620,8 @@ int ecparams_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl)
static
int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
- EVP_KEYMGMT *to_keymgmt)
+ EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx,
+ const char *propq)
{
const EC_KEY *eckey = NULL;
const EC_GROUP *ecg = NULL;
@@ -632,6 +633,7 @@ int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
const EC_POINT *pub_point = NULL;
int selection = 0;
int rv = 0;
+ BN_CTX *bnctx = NULL;
if (from == NULL
|| (eckey = from->pkey.ec) == NULL
@@ -658,10 +660,18 @@ int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
pub_point = EC_KEY_get0_public_key(eckey);
if (pub_point != NULL) {
+ /*
+ * EC_POINT_point2buf() can generate random numbers in some
+ * implementations so we need to ensure we use the correct libctx.
+ */
+ bnctx = BN_CTX_new_ex(libctx);
+ if (bnctx == NULL)
+ goto err;
+
/* convert pub_point to a octet string according to the SECG standard */
if ((pub_key_buflen = EC_POINT_point2buf(ecg, pub_point,
POINT_CONVERSION_COMPRESSED,
- &pub_key_buf, NULL)) == 0
+ &pub_key_buf, bnctx)) == 0
|| !OSSL_PARAM_BLD_push_octet_string(tmpl,
OSSL_PKEY_PARAM_PUB_KEY,
pub_key_buf,
@@ -744,6 +754,7 @@ int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
OSSL_PARAM_BLD_free(tmpl);
OSSL_PARAM_BLD_free_params(params);
OPENSSL_free(pub_key_buf);
+ BN_CTX_free(bnctx);
return rv;
}
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index c142552b29..750a51c3f2 100644
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -406,7 +406,8 @@ static size_t ecx_pkey_dirty_cnt(const EVP_PKEY *pkey)
}
static int ecx_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
- EVP_KEYMGMT *to_keymgmt)
+ EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx,
+ const char *propq)
{
const ECX_KEY *key = from->pkey.ecx;
OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new();
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 8e7af17c31..85b5cc8127 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -1442,7 +1442,7 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OPENSSL_CTX *libctx,
if ((keydata = evp_keymgmt_newdata(tmp_keymgmt)) == NULL)
goto end;
- if (!pk->ameth->export_to(pk, keydata, tmp_keymgmt)) {
+ if (!pk->ameth->export_to(pk, keydata, tmp_keymgmt, libctx, propquery)) {
evp_keymgmt_freedata(tmp_keymgmt, keydata);
keydata = NULL;
goto end;
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index fb378ae039..720eb523dd 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -1081,7 +1081,8 @@ static size_t rsa_pkey_dirty_cnt(const EVP_PKEY *pkey)
DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
static int rsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
- EVP_KEYMGMT *to_keymgmt)
+ EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx,
+ const char *propq)
{
RSA *rsa = from->pkey.rsa;
OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new();
diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h
index 20732c2251..84e6e7f544 100644
--- a/include/crypto/asn1.h
+++ b/include/crypto/asn1.h
@@ -73,7 +73,8 @@ struct evp_pkey_asn1_method_st {
/* Exports and imports to / from providers */
size_t (*dirty_cnt) (const EVP_PKEY *pk);
int (*export_to) (const EVP_PKEY *pk, void *to_keydata,
- EVP_KEYMGMT *to_keymgmt);
+ EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx,
+ const char *propq);
OSSL_CALLBACK *import_from;
} /* EVP_PKEY_ASN1_METHOD */ ;
More information about the openssl-commits
mailing list