diff options
author | Matt Caswell <matt@openssl.org> | 2020-06-15 14:21:00 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-06-19 10:34:58 +0100 |
commit | 2da8d4eb2812e18cec5c8324a54a4c56b52563ed (patch) | |
tree | 83398242047d499554026412f2bd68a51fe7217b /crypto/ec | |
parent | 48e971dd9f88933a7f77f5051a8b79b9e17892a9 (diff) |
Add more complete support for libctx/propq in the EC code
Renames some "new_ex" functions to "new_with_libctx" and ensures that we
pass around the libctx AND the propq everywhere.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12159)
Diffstat (limited to 'crypto/ec')
-rw-r--r-- | crypto/ec/ec_ameth.c | 2 | ||||
-rw-r--r-- | crypto/ec/ec_backend.c | 5 | ||||
-rw-r--r-- | crypto/ec/ec_curve.c | 16 | ||||
-rw-r--r-- | crypto/ec/ec_cvt.c | 4 | ||||
-rw-r--r-- | crypto/ec/ec_key.c | 27 | ||||
-rw-r--r-- | crypto/ec/ec_kmeth.c | 15 | ||||
-rw-r--r-- | crypto/ec/ec_lib.c | 22 | ||||
-rw-r--r-- | crypto/ec/ec_local.h | 9 |
8 files changed, 67 insertions, 33 deletions
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index bde8458274..757c568ca8 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -762,7 +762,7 @@ static int ec_pkey_import_from(const OSSL_PARAM params[], void *vpctx) { EVP_PKEY_CTX *pctx = vpctx; EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx); - EC_KEY *ec = EC_KEY_new_ex(pctx->libctx); + EC_KEY *ec = EC_KEY_new_with_libctx(pctx->libctx, pctx->propquery); if (ec == NULL) { ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c index b12a9411d2..2277c2c724 100644 --- a/crypto/ec/ec_backend.c +++ b/crypto/ec/ec_backend.c @@ -190,8 +190,9 @@ int ec_key_domparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]) || (curve_nid = ec_curve_name2nid(curve_name)) == NID_undef) goto err; - if ((ecg = EC_GROUP_new_by_curve_name_ex(ec_key_get_libctx(ec), - curve_nid)) == NULL) + if ((ecg = EC_GROUP_new_by_curve_name_with_libctx(ec_key_get_libctx(ec), + ec_key_get0_propq(ec), + curve_nid)) == NULL) goto err; } diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 3be62b3655..bf02c261f7 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -3180,6 +3180,7 @@ int ec_curve_name2nid(const char *name) } static EC_GROUP *ec_group_new_from_data(OPENSSL_CTX *libctx, + const char *propq, const ec_list_element curve) { EC_GROUP *group = NULL; @@ -3195,8 +3196,8 @@ static EC_GROUP *ec_group_new_from_data(OPENSSL_CTX *libctx, /* If no curve data curve method must handle everything */ if (curve.data == NULL) - return ec_group_new_ex(libctx, - curve.meth != NULL ? curve.meth() : NULL); + return ec_group_new_with_libctx(libctx, propq, + curve.meth != NULL ? curve.meth() : NULL); if ((ctx = BN_CTX_new_ex(libctx)) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); @@ -3218,7 +3219,7 @@ static EC_GROUP *ec_group_new_from_data(OPENSSL_CTX *libctx, if (curve.meth != 0) { meth = curve.meth(); - if (((group = ec_group_new_ex(libctx, meth)) == NULL) || + if (((group = ec_group_new_with_libctx(libctx, propq, meth)) == NULL) || (!(group->meth->group_set_curve(group, p, a, b, ctx)))) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; @@ -3288,14 +3289,15 @@ static EC_GROUP *ec_group_new_from_data(OPENSSL_CTX *libctx, return group; } -EC_GROUP *EC_GROUP_new_by_curve_name_ex(OPENSSL_CTX *libctx, int nid) +EC_GROUP *EC_GROUP_new_by_curve_name_with_libctx(OPENSSL_CTX *libctx, + const char *propq, int nid) { EC_GROUP *ret = NULL; const ec_list_element *curve; if ((curve = ec_curve_nid2curve(nid)) == NULL - || (ret = ec_group_new_from_data(libctx, *curve)) == NULL) { - ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME_EX, EC_R_UNKNOWN_GROUP); + || (ret = ec_group_new_from_data(libctx, propq, *curve)) == NULL) { + ECerr(0, EC_R_UNKNOWN_GROUP); return NULL; } @@ -3305,7 +3307,7 @@ EC_GROUP *EC_GROUP_new_by_curve_name_ex(OPENSSL_CTX *libctx, int nid) #ifndef FIPS_MODULE EC_GROUP *EC_GROUP_new_by_curve_name(int nid) { - return EC_GROUP_new_by_curve_name_ex(NULL, nid); + return EC_GROUP_new_by_curve_name_with_libctx(NULL, NULL, nid); } #endif diff --git a/crypto/ec/ec_cvt.c b/crypto/ec/ec_cvt.c index a8ea6fe7fd..e5e6f10ce4 100644 --- a/crypto/ec/ec_cvt.c +++ b/crypto/ec/ec_cvt.c @@ -54,7 +54,7 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, meth = EC_GFp_mont_method(); #endif - ret = ec_group_new_ex(bn_get_lib_ctx(ctx), meth); + ret = ec_group_new_with_libctx(bn_get_lib_ctx(ctx), NULL, meth); if (ret == NULL) return NULL; @@ -75,7 +75,7 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, meth = EC_GF2m_simple_method(); - ret = ec_group_new_ex(bn_get_lib_ctx(ctx), meth); + ret = ec_group_new_with_libctx(bn_get_lib_ctx(ctx), NULL, meth); if (ret == NULL) return NULL; diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 47feede54b..359e034ed9 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -29,21 +29,22 @@ static int ecdsa_keygen_pairwise_test(EC_KEY *eckey, OSSL_CALLBACK *cb, #ifndef FIPS_MODULE EC_KEY *EC_KEY_new(void) { - return ec_key_new_method_int(NULL, NULL); + return ec_key_new_method_int(NULL, NULL, NULL); } #endif -EC_KEY *EC_KEY_new_ex(OPENSSL_CTX *ctx) +EC_KEY *EC_KEY_new_with_libctx(OPENSSL_CTX *ctx, const char *propq) { - return ec_key_new_method_int(ctx, NULL); + return ec_key_new_method_int(ctx, propq, NULL); } -EC_KEY *EC_KEY_new_by_curve_name_ex(OPENSSL_CTX *ctx, int nid) +EC_KEY *EC_KEY_new_by_curve_name_with_libctx(OPENSSL_CTX *ctx, + const char *propq, int nid) { - EC_KEY *ret = EC_KEY_new_ex(ctx); + EC_KEY *ret = EC_KEY_new_with_libctx(ctx, propq); if (ret == NULL) return NULL; - ret->group = EC_GROUP_new_by_curve_name_ex(ctx, nid); + ret->group = EC_GROUP_new_by_curve_name_with_libctx(ctx, propq, nid); if (ret->group == NULL) { EC_KEY_free(ret); return NULL; @@ -59,7 +60,7 @@ EC_KEY *EC_KEY_new_by_curve_name_ex(OPENSSL_CTX *ctx, int nid) #ifndef FIPS_MODULE EC_KEY *EC_KEY_new_by_curve_name(int nid) { - return EC_KEY_new_by_curve_name_ex(NULL, nid); + return EC_KEY_new_by_curve_name_with_libctx(NULL, NULL, nid); } #endif @@ -93,6 +94,7 @@ void EC_KEY_free(EC_KEY *r) EC_GROUP_free(r->group); EC_POINT_free(r->pub_key); BN_clear_free(r->priv_key); + OPENSSL_free(r->propq); OPENSSL_clear_free((void *)r, sizeof(EC_KEY)); } @@ -119,7 +121,8 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) if (src->group != NULL) { /* clear the old group */ EC_GROUP_free(dest->group); - dest->group = ec_group_new_ex(src->libctx, src->group->meth); + dest->group = ec_group_new_with_libctx(src->libctx, src->propq, + src->group->meth); if (dest->group == NULL) return NULL; if (!EC_GROUP_copy(dest->group, src->group)) @@ -180,7 +183,8 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) EC_KEY *EC_KEY_dup(const EC_KEY *ec_key) { - EC_KEY *ret = ec_key_new_method_int(ec_key->libctx, ec_key->engine); + EC_KEY *ret = ec_key_new_method_int(ec_key->libctx, ec_key->propq, + ec_key->engine); if (ret == NULL) return NULL; @@ -631,6 +635,11 @@ OPENSSL_CTX *ec_key_get_libctx(const EC_KEY *key) return key->libctx; } +const char *ec_key_get0_propq(const EC_KEY *key) +{ + return key->propq; +} + const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key) { return key->group; diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c index 1f30571089..3fec8a4d81 100644 --- a/crypto/ec/ec_kmeth.c +++ b/crypto/ec/ec_kmeth.c @@ -76,7 +76,8 @@ int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth) return 1; } -EC_KEY *ec_key_new_method_int(OPENSSL_CTX *libctx, ENGINE *engine) +EC_KEY *ec_key_new_method_int(OPENSSL_CTX *libctx, const char *propq, + ENGINE *engine) { EC_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); @@ -86,13 +87,19 @@ EC_KEY *ec_key_new_method_int(OPENSSL_CTX *libctx, ENGINE *engine) } ret->libctx = libctx; + if (propq != NULL) { + ret->propq = OPENSSL_strdup(propq); + if (ret->propq == NULL) { + ECerr(EC_F_EC_KEY_NEW_METHOD_INT, ERR_R_MALLOC_FAILURE); + goto err; + } + } ret->references = 1; ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { ECerr(EC_F_EC_KEY_NEW_METHOD_INT, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ret); - return NULL; + goto err; } ret->meth = EC_KEY_get_default_method(); @@ -138,7 +145,7 @@ EC_KEY *ec_key_new_method_int(OPENSSL_CTX *libctx, ENGINE *engine) #ifndef FIPS_MODULE EC_KEY *EC_KEY_new_method(ENGINE *engine) { - return ec_key_new_method_int(NULL, engine); + return ec_key_new_method_int(NULL, NULL, engine); } #endif diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index f62eff5034..a0c007a13e 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -23,26 +23,34 @@ /* functions for EC_GROUP objects */ -EC_GROUP *ec_group_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth) +EC_GROUP *ec_group_new_with_libctx(OPENSSL_CTX *libctx, const char *propq, + const EC_METHOD *meth) { EC_GROUP *ret; if (meth == NULL) { - ECerr(EC_F_EC_GROUP_NEW_EX, EC_R_SLOT_FULL); + ECerr(0, EC_R_SLOT_FULL); return NULL; } if (meth->group_init == 0) { - ECerr(EC_F_EC_GROUP_NEW_EX, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ECerr(0, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return NULL; } ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { - ECerr(EC_F_EC_GROUP_NEW_EX, ERR_R_MALLOC_FAILURE); + ECerr(0, ERR_R_MALLOC_FAILURE); return NULL; } ret->libctx = libctx; + if (propq != NULL) { + ret->propq = OPENSSL_strdup(propq); + if (ret->propq == NULL) { + ECerr(0, ERR_R_MALLOC_FAILURE); + goto err; + } + } ret->meth = meth; if ((ret->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) { ret->order = BN_new(); @@ -61,6 +69,7 @@ EC_GROUP *ec_group_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth) err: BN_free(ret->order); BN_free(ret->cofactor); + OPENSSL_free(ret->propq); OPENSSL_free(ret); return NULL; } @@ -69,7 +78,7 @@ EC_GROUP *ec_group_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth) # ifndef FIPS_MODULE EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) { - return ec_group_new_ex(NULL, meth); + return ec_group_new_with_libctx(NULL, NULL, meth); } # endif #endif @@ -121,6 +130,7 @@ void EC_GROUP_free(EC_GROUP *group) BN_free(group->order); BN_free(group->cofactor); OPENSSL_free(group->seed); + OPENSSL_free(group->propq); OPENSSL_free(group); } @@ -257,7 +267,7 @@ EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) if (a == NULL) return NULL; - if ((t = ec_group_new_ex(a->libctx, a->meth)) == NULL) + if ((t = ec_group_new_with_libctx(a->libctx, a->propq, a->meth)) == NULL) return NULL; if (!EC_GROUP_copy(t, a)) goto err; diff --git a/crypto/ec/ec_local.h b/crypto/ec/ec_local.h index 7f9b61bc49..aa040b54d1 100644 --- a/crypto/ec/ec_local.h +++ b/crypto/ec/ec_local.h @@ -274,6 +274,7 @@ struct ec_group_st { } pre_comp; OPENSSL_CTX *libctx; + char *propq; }; #define SETPRECOMP(g, type, pre) \ @@ -297,6 +298,7 @@ struct ec_key_st { #endif CRYPTO_RWLOCK *lock; OPENSSL_CTX *libctx; + char *propq; /* Provider data */ size_t dirty_cnt; /* If any key material changes, increment this */ @@ -593,10 +595,12 @@ int ec_group_simple_order_bits(const EC_GROUP *group); * Creates a new EC_GROUP object * \param libctx The associated library context or NULL for the default * library context + * \param propq Any property query string * \param meth EC_METHOD to use * \return newly created EC_GROUP object or NULL in case of an error. */ -EC_GROUP *ec_group_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth); +EC_GROUP *ec_group_new_with_libctx(OPENSSL_CTX *libctx, const char *propq, + const EC_METHOD *meth); #ifdef ECP_NISTZ256_ASM /** Returns GFp methods using montgomery multiplication, with x86-64 optimized @@ -651,7 +655,8 @@ struct ec_key_method_st { #define EC_KEY_METHOD_DYNAMIC 1 -EC_KEY *ec_key_new_method_int(OPENSSL_CTX *libctx, ENGINE *engine); +EC_KEY *ec_key_new_method_int(OPENSSL_CTX *libctx, const char *propq, + ENGINE *engine); int ossl_ec_key_gen(EC_KEY *eckey); int ossl_ecdh_compute_key(unsigned char **pout, size_t *poutlen, |