Enable export_to functions to have access to the libctx

The EC export_to function calls EC_POINT_point2buf that can later generate a random number in some circumstances. Therefore we pass in a BN_CTX associated with the library context. This means we have to change the export_to function signature to accept the library context. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11493)
author: Matt Caswell <matt@openssl.org> 2020-04-06 16:05:24 +0100
committer: Matt Caswell <matt@openssl.org> 2020-04-09 12:24:24 +0100
commit: 76e23fc50b2dcf9b4d33824102ce5ae03f8faea3 (patch)
tree: b62d1f7553025c0d7cd44932b99e2d0060bd5999 /crypto/ec
parent: 8519b244bc6c38f265bf9bad80c52bd7c0ff469f (diff)
2 files changed, 15 insertions, 3 deletions
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 65af8cc3c5..33712247ad 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -620,7 +620,8 @@ int ecparams_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl)
 
 static
 int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
-                      EVP_KEYMGMT *to_keymgmt)
+                      EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx,
+                      const char *propq)
 {
     const EC_KEY *eckey = NULL;
     const EC_GROUP *ecg = NULL;
@@ -632,6 +633,7 @@ int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
     const EC_POINT *pub_point = NULL;
     int selection = 0;
     int rv = 0;
+    BN_CTX *bnctx = NULL;
 
     if (from == NULL
             || (eckey = from->pkey.ec) == NULL
@@ -658,10 +660,18 @@ int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
     pub_point = EC_KEY_get0_public_key(eckey);
 
     if (pub_point != NULL) {
+        /*
+         * EC_POINT_point2buf() can generate random numbers in some
+         * implementations so we need to ensure we use the correct libctx.
+         */
+        bnctx = BN_CTX_new_ex(libctx);
+        if (bnctx == NULL)
+            goto err;
+
         /* convert pub_point to a octet string according to the SECG standard */
         if ((pub_key_buflen = EC_POINT_point2buf(ecg, pub_point,
                                                  POINT_CONVERSION_COMPRESSED,
-                                                 &pub_key_buf, NULL)) == 0
+                                                 &pub_key_buf, bnctx)) == 0
             || !OSSL_PARAM_BLD_push_octet_string(tmpl,
                                                  OSSL_PKEY_PARAM_PUB_KEY,
                                                  pub_key_buf,
@@ -744,6 +754,7 @@ int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
     OSSL_PARAM_BLD_free(tmpl);
     OSSL_PARAM_BLD_free_params(params);
     OPENSSL_free(pub_key_buf);
+    BN_CTX_free(bnctx);
     return rv;
 }
 
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index c142552b29..750a51c3f2 100644
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -406,7 +406,8 @@ static size_t ecx_pkey_dirty_cnt(const EVP_PKEY *pkey)
 }
 
 static int ecx_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
-                              EVP_KEYMGMT *to_keymgmt)
+                              EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx,
+                              const char *propq)
 {
     const ECX_KEY *key = from->pkey.ecx;
     OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new();
author	Matt Caswell <matt@openssl.org>	2020-04-06 16:05:24 +0100
committer	Matt Caswell <matt@openssl.org>	2020-04-09 12:24:24 +0100
commit	76e23fc50b2dcf9b4d33824102ce5ae03f8faea3 (patch)
tree	b62d1f7553025c0d7cd44932b99e2d0060bd5999 /crypto/ec
parent	8519b244bc6c38f265bf9bad80c52bd7c0ff469f (diff)