Update our EVP_PKEY_METHODs to get low level keys via public APIs

It is possible to call built-in EVP_PKEY_METHOD functions with a provided key. For example this might occur if a custom EVP_PKEY_METHOD is in use that wraps a built-in EVP_PKEY_METHOD. Therefore our EVP_PKEY_METHOD functions should not assume that we are using a legacy key. Instead we get the low level key using EVP_PKEY_get0_RSA() or other similar functions. This "does the right thing" if the key is actually provided. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16118)
author: Matt Caswell <matt@openssl.org> 2021-07-20 09:58:53 +0100
committer: Tomas Mraz <tomas@openssl.org> 2021-07-22 13:52:46 +0200
commit: 5dc6489bb6026b679eb6cbe696e4227da9c7032e (patch)
tree: a567173607b9708303fbf01061e52c33800006df /crypto/ec
parent: 981a5b7ce3bcdf4748162073c3dbd096c82d3c69 (diff)
2 files changed, 35 insertions, 15 deletions
diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index ce658e14ca..19e2f0d0c0 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -109,7 +109,12 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
     int ret, type;
     unsigned int sltmp;
     EC_PKEY_CTX *dctx = ctx->data;
-    EC_KEY *ec = ctx->pkey->pkey.ec;
+    /*
+     * Discard const. Its marked as const because this may be a cached copy of
+     * the "real" key. These calls don't make any modifications that need to
+     * be reflected back in the "original" key.
+     */
+    EC_KEY *ec = (EC_KEY *)EVP_PKEY_get0_EC_KEY(ctx->pkey);
     const int sig_sz = ECDSA_size(ec);
 
     /* ensure cast to size_t is safe */
@@ -142,7 +147,12 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
 {
     int ret, type;
     EC_PKEY_CTX *dctx = ctx->data;
-    EC_KEY *ec = ctx->pkey->pkey.ec;
+    /*
+     * Discard const. Its marked as const because this may be a cached copy of
+     * the "real" key. These calls don't make any modifications that need to
+     * be reflected back in the "original" key.
+     */
+    EC_KEY *ec = (EC_KEY *)EVP_PKEY_get0_EC_KEY(ctx->pkey);
 
     if (dctx->md)
         type = EVP_MD_get_type(dctx->md);
@@ -174,7 +184,8 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
         return 0;
     }
 
-    eckey = dctx->co_key ? dctx->co_key : ctx->pkey->pkey.ec;
+    eckey = dctx->co_key ? dctx->co_key
+                         : (EC_KEY *)EVP_PKEY_get0_EC_KEY(ctx->pkey);
 
     if (!key) {
         const EC_GROUP *group;
@@ -266,14 +277,23 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
             if (dctx->cofactor_mode != -1)
                 return dctx->cofactor_mode;
             else {
-                EC_KEY *ec_key = ctx->pkey->pkey.ec;
+                const EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(ctx->pkey);
                 return EC_KEY_get_flags(ec_key) & EC_FLAG_COFACTOR_ECDH ? 1 : 0;
             }
         } else if (p1 < -1 || p1 > 1)
             return -2;
         dctx->cofactor_mode = p1;
         if (p1 != -1) {
-            EC_KEY *ec_key = ctx->pkey->pkey.ec;
+            EC_KEY *ec_key = (EC_KEY *)EVP_PKEY_get0_EC_KEY(ctx->pkey);
+
+            /*
+             * We discarded the "const" above. This will only work if the key is
+             * a "real" legacy key, and not a cached copy of a provided key
+             */
+            if (evp_pkey_is_provided(ctx->pkey)) {
+                ERR_raise(ERR_LIB_EC, ERR_R_UNSUPPORTED);
+                return 0;
+            }
             if (!ec_key->group)
                 return -2;
             /* If cofactor is 1 cofactor mode does nothing */
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index c4bbb0a535..9098decf2f 100644
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -732,8 +732,8 @@ static int validate_ecx_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
         ERR_raise(ERR_LIB_EC, EC_R_KEYS_NOT_SET);
         return 0;
     }
-    ecxkey = ctx->pkey->pkey.ecx;
-    peerkey = EVP_PKEY_get0(ctx->peerkey);
+    ecxkey = evp_pkey_get_legacy(ctx->pkey);
+    peerkey = evp_pkey_get_legacy(ctx->peerkey);
     if (ecxkey == NULL || ecxkey->privkey == NULL) {
         ERR_raise(ERR_LIB_EC, EC_R_INVALID_PRIVATE_KEY);
         return 0;
@@ -806,7 +806,7 @@ static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig,
                                     size_t *siglen, const unsigned char *tbs,
                                     size_t tbslen)
 {
-    const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
+    const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
 
     if (sig == NULL) {
         *siglen = ED25519_SIGSIZE;
@@ -828,7 +828,7 @@ static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig,
                                   size_t *siglen, const unsigned char *tbs,
                                   size_t tbslen)
 {
-    const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
+    const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
 
     if (sig == NULL) {
         *siglen = ED448_SIGSIZE;
@@ -850,7 +850,7 @@ static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig,
                                       size_t siglen, const unsigned char *tbs,
                                       size_t tbslen)
 {
-    const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
+    const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
 
     if (siglen != ED25519_SIGSIZE)
         return 0;
@@ -863,7 +863,7 @@ static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig,
                                     size_t siglen, const unsigned char *tbs,
                                     size_t tbslen)
 {
-    const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
+    const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
 
     if (siglen != ED448_SIGSIZE)
         return 0;
@@ -1177,7 +1177,7 @@ static int s390x_pkey_ecd_digestsign25519(EVP_MD_CTX *ctx,
         } ed25519;
         unsigned long long buff[512];
     } param;
-    const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
+    const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
     int rc;
 
     if (sig == NULL) {
@@ -1217,7 +1217,7 @@ static int s390x_pkey_ecd_digestsign448(EVP_MD_CTX *ctx,
         } ed448;
         unsigned long long buff[512];
     } param;
-    const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
+    const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
     int rc;
 
     if (sig == NULL) {
@@ -1260,7 +1260,7 @@ static int s390x_pkey_ecd_digestverify25519(EVP_MD_CTX *ctx,
         } ed25519;
         unsigned long long buff[512];
     } param;
-    const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
+    const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
 
     if (siglen != ED25519_SIGSIZE)
         return 0;
@@ -1287,7 +1287,7 @@ static int s390x_pkey_ecd_digestverify448(EVP_MD_CTX *ctx,
         } ed448;
         unsigned long long buff[512];
     } param;
-    const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
+    const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey);
 
     if (siglen != ED448_SIGSIZE)
         return 0;
author	Matt Caswell <matt@openssl.org>	2021-07-20 09:58:53 +0100
committer	Tomas Mraz <tomas@openssl.org>	2021-07-22 13:52:46 +0200
commit	5dc6489bb6026b679eb6cbe696e4227da9c7032e (patch)
tree	a567173607b9708303fbf01061e52c33800006df /crypto/ec
parent	981a5b7ce3bcdf4748162073c3dbd096c82d3c69 (diff)