[openssl] master update

Matt Caswell matt at openssl.org
Wed Apr 15 10:37:55 UTC 2020 

The branch master has been updated
       via  e395ba223d45ead1bafe05bb8c4e19fdbc201bd0 (commit)
      from  137b274aee0cd96d64fd68cd393717d6a69ec005 (commit)


- Log -----------------------------------------------------------------
commit e395ba223d45ead1bafe05bb8c4e19fdbc201bd0
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Apr 10 18:27:11 2020 +0100

    When calling EC_POINT_point2buf we must use a libctx
    
    In a similar way to commit 76e23fc5 we must ensure that we use a libctx
    whenever we call EC_POINT_point2buf because it can end up using crypto
    algorithms.
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/11535)

-----------------------------------------------------------------------

Summary of changes:
 providers/implementations/keymgmt/ec_kmgmt.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
index 0e310ecbae..467004c783 100644
--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
@@ -116,6 +116,7 @@ int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl,
     const EC_GROUP *ecg = NULL;
     size_t pub_key_len = 0;
     int ret = 0;
+    BN_CTX *bnctx = NULL;
 
     if (eckey == NULL
         || (ecg = EC_KEY_get0_group(eckey)) == NULL)
@@ -125,10 +126,18 @@ int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl,
     pub_point = EC_KEY_get0_public_key(eckey);
 
     if (pub_point != NULL) {
+        /*
+         * EC_POINT_point2buf() can generate random numbers in some
+         * implementations so we need to ensure we use the correct libctx.
+         */
+        bnctx = BN_CTX_new_ex(ec_key_get_libctx(eckey));
+        if (bnctx == NULL)
+            goto err;
+
         /* convert pub_point to a octet string according to the SECG standard */
         if ((pub_key_len = EC_POINT_point2buf(ecg, pub_point,
                                               POINT_CONVERSION_COMPRESSED,
-                                              pub_key, NULL)) == 0
+                                              pub_key, bnctx)) == 0
             || !ossl_param_build_set_octet_string(tmpl, params,
                                                   OSSL_PKEY_PARAM_PUB_KEY,
                                                   *pub_key, pub_key_len))
@@ -184,6 +193,7 @@ int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl,
     }
     ret = 1;
  err:
+    BN_CTX_free(bnctx);
     return ret;
 }

More information about the openssl-commits mailing list