diff options
| author | Matt Caswell <matt@openssl.org> | 2021-04-09 17:26:34 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2021-04-16 14:27:28 +0100 |
| commit | 6ce58488bdce66584a7075e19821add29445d746 (patch) | |
| tree | a5b5bde99d963808dabc07b430a48a140036d6e1 /providers/implementations/exchange | |
| parent | 81cc5ce1a0f996f88051f031bda1079961ee4a5c (diff) | |
Store some FIPS global variables in the FIPS_GLOBAL structure
We had some FIPS global variables that were based on values from the
config file. In theory if two instances of the fips module are loaded
they could be based on different config files which would cause this to
fail. Instead we store them in the FIPS_GLOBAL structure.
Fixes #14364
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14814)
Diffstat (limited to 'providers/implementations/exchange')
| -rw-r--r-- | providers/implementations/exchange/dh_exch.c | 5 | ||||
| -rw-r--r-- | providers/implementations/exchange/ecdh_exch.c | 6 |
2 files changed, 6 insertions, 5 deletions
diff --git a/providers/implementations/exchange/dh_exch.c b/providers/implementations/exchange/dh_exch.c index 0ecc6c7a4c..67a73d36ef 100644 --- a/providers/implementations/exchange/dh_exch.c +++ b/providers/implementations/exchange/dh_exch.c @@ -105,7 +105,8 @@ static int dh_init(void *vpdhctx, void *vdh, const OSSL_PARAM params[]) DH_free(pdhctx->dh); pdhctx->dh = vdh; pdhctx->kdf_type = PROV_DH_KDF_NONE; - return dh_set_ctx_params(pdhctx, params) && ossl_dh_check_key(vdh); + return dh_set_ctx_params(pdhctx, params) + && ossl_dh_check_key(pdhctx->libctx, vdh); } /* The 2 parties must share the same domain parameters */ @@ -345,7 +346,7 @@ static int dh_set_ctx_params(void *vpdhctx, const OSSL_PARAM params[]) EVP_MD_free(pdhctx->kdf_md); pdhctx->kdf_md = EVP_MD_fetch(pdhctx->libctx, name, mdprops); - if (!ossl_digest_is_allowed(pdhctx->kdf_md)) { + if (!ossl_digest_is_allowed(pdhctx->libctx, pdhctx->kdf_md)) { EVP_MD_free(pdhctx->kdf_md); pdhctx->kdf_md = NULL; } diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c index ba2b493a76..7748340248 100644 --- a/providers/implementations/exchange/ecdh_exch.c +++ b/providers/implementations/exchange/ecdh_exch.c @@ -113,7 +113,7 @@ int ecdh_init(void *vpecdhctx, void *vecdh, const OSSL_PARAM params[]) pecdhctx->cofactor_mode = -1; pecdhctx->kdf_type = PROV_ECDH_KDF_NONE; return ecdh_set_ctx_params(pecdhctx, params) - && ossl_ec_check_key(vecdh, 1); + && ossl_ec_check_key(pecdhctx->libctx, vecdh, 1); } static @@ -147,7 +147,7 @@ int ecdh_set_peer(void *vpecdhctx, void *vecdh) || pecdhctx == NULL || vecdh == NULL || !ecdh_match_params(pecdhctx->k, vecdh) - || !ossl_ec_check_key(vecdh, 1) + || !ossl_ec_check_key(pecdhctx->libctx, vecdh, 1) || !EC_KEY_up_ref(vecdh)) return 0; @@ -283,7 +283,7 @@ int ecdh_set_ctx_params(void *vpecdhctx, const OSSL_PARAM params[]) EVP_MD_free(pectx->kdf_md); pectx->kdf_md = EVP_MD_fetch(pectx->libctx, name, mdprops); - if (!ossl_digest_is_allowed(pectx->kdf_md)) { + if (!ossl_digest_is_allowed(pectx->libctx, pectx->kdf_md)) { EVP_MD_free(pectx->kdf_md); pectx->kdf_md = NULL; } |