diff options
| author | Matt Caswell <matt@openssl.org> | 2020-05-06 12:29:57 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-05-16 17:10:03 +0100 |
| commit | d40b42ab4c8a88740a2cc2a20c709fe869c4dd1e (patch) | |
| tree | 0dfa4439f3de544d7e52abf56c578e10e5346458 /providers | |
| parent | 827f04d5105e9bec0af214c42b8ad799fba5bb0d (diff) | |
Maintain strict type discipline between the core and providers
A provider could be linked against a different version of libcrypto than
the version of libcrypto that loaded the provider. Different versions of
libcrypto could define opaque types differently. It must never occur that
a type created in one libcrypto is used directly by the other libcrypto.
This will cause crashes.
We can "cheat" for "built-in" providers that are part of libcrypto itself,
because we know that the two libcrypto versions are the same - but not for
other providers.
To ensure this does not occur we use different types names for the handful
of opaque types that are passed between the core and providers.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11758)
Diffstat (limited to 'providers')
30 files changed, 762 insertions, 286 deletions
diff --git a/providers/common/bio_prov.c b/providers/common/bio_prov.c index 7b44004399..2bfd14b512 100644 --- a/providers/common/bio_prov.c +++ b/providers/common/bio_prov.c @@ -7,12 +7,15 @@ * https://www.openssl.org/source/license.html */ +#include <assert.h> #include <openssl/core_numbers.h> +#include "internal/cryptlib.h" #include "prov/bio.h" static OSSL_BIO_new_file_fn *c_bio_new_file = NULL; static OSSL_BIO_new_membuf_fn *c_bio_new_membuf = NULL; static OSSL_BIO_read_ex_fn *c_bio_read_ex = NULL; +static OSSL_BIO_write_ex_fn *c_bio_write_ex = NULL; static OSSL_BIO_free_fn *c_bio_free = NULL; static OSSL_BIO_vprintf_fn *c_bio_vprintf = NULL; @@ -32,6 +35,10 @@ int ossl_prov_bio_from_dispatch(const OSSL_DISPATCH *fns) if (c_bio_read_ex == NULL) c_bio_read_ex = OSSL_get_BIO_read_ex(fns); break; + case OSSL_FUNC_BIO_WRITE_EX: + if (c_bio_write_ex == NULL) + c_bio_write_ex = OSSL_get_BIO_write_ex(fns); + break; case OSSL_FUNC_BIO_FREE: if (c_bio_free == NULL) c_bio_free = OSSL_get_BIO_free(fns); @@ -46,21 +53,21 @@ int ossl_prov_bio_from_dispatch(const OSSL_DISPATCH *fns) return 1; } -BIO *ossl_prov_bio_new_file(const char *filename, const char *mode) +OSSL_CORE_BIO *ossl_prov_bio_new_file(const char *filename, const char *mode) { if (c_bio_new_file == NULL) return NULL; return c_bio_new_file(filename, mode); } -BIO *ossl_prov_bio_new_membuf(const char *filename, int len) +OSSL_CORE_BIO *ossl_prov_bio_new_membuf(const char *filename, int len) { if (c_bio_new_membuf == NULL) return NULL; return c_bio_new_membuf(filename, len); } -int ossl_prov_bio_read_ex(BIO *bio, void *data, size_t data_len, +int ossl_prov_bio_read_ex(OSSL_CORE_BIO *bio, void *data, size_t data_len, size_t *bytes_read) { if (c_bio_read_ex == NULL) @@ -68,21 +75,29 @@ int ossl_prov_bio_read_ex(BIO *bio, void *data, size_t data_len, return c_bio_read_ex(bio, data, data_len, bytes_read); } -int ossl_prov_bio_free(BIO *bio) +int ossl_prov_bio_write_ex(OSSL_CORE_BIO *bio, const void *data, size_t data_len, + size_t *written) +{ + if (c_bio_write_ex == NULL) + return 0; + return c_bio_write_ex(bio, data, data_len, written); +} + +int ossl_prov_bio_free(OSSL_CORE_BIO *bio) { if (c_bio_free == NULL) return 0; return c_bio_free(bio); } -int ossl_prov_bio_vprintf(BIO *bio, const char *format, va_list ap) +int ossl_prov_bio_vprintf(OSSL_CORE_BIO *bio, const char *format, va_list ap) { if (c_bio_vprintf == NULL) return -1; return c_bio_vprintf(bio, format, ap); } -int ossl_prov_bio_printf(BIO *bio, const char *format, ...) +int ossl_prov_bio_printf(OSSL_CORE_BIO *bio, const char *format, ...) { va_list ap; int ret; @@ -94,3 +109,90 @@ int ossl_prov_bio_printf(BIO *bio, const char *format, ...) return ret; } +#ifndef FIPS_MODULE + +/* No direct BIO support in the FIPS module */ + +static int bio_core_read_ex(BIO *bio, char *data, size_t data_len, + size_t *bytes_read) +{ + return ossl_prov_bio_read_ex(BIO_get_data(bio), data, data_len, bytes_read); +} + +static int bio_core_write_ex(BIO *bio, const char *data, size_t data_len, + size_t *written) +{ + return ossl_prov_bio_write_ex(BIO_get_data(bio), data, data_len, written); +} + +static long bio_core_ctrl(BIO *bio, int cmd, long num, void *ptr) +{ + /* We don't support this */ + assert(0); + return 0; +} + +static int bio_core_gets(BIO *bio, char *buf, int size) +{ + /* We don't support this */ + assert(0); + return -1; +} + +static int bio_core_puts(BIO *bio, const char *str) +{ + /* We don't support this */ + assert(0); + return -1; +} + +static int bio_core_new(BIO *bio) +{ + BIO_set_init(bio, 1); + + return 1; +} + +static int bio_core_free(BIO *bio) +{ + BIO_set_init(bio, 0); + + return 1; +} + +BIO_METHOD *bio_prov_init_bio_method(void) +{ + BIO_METHOD *corebiometh = NULL; + + corebiometh = BIO_meth_new(BIO_TYPE_CORE_TO_PROV, "BIO to Core filter"); + if (corebiometh == NULL + || !BIO_meth_set_write_ex(corebiometh, bio_core_write_ex) + || !BIO_meth_set_read_ex(corebiometh, bio_core_read_ex) + || !BIO_meth_set_puts(corebiometh, bio_core_puts) + || !BIO_meth_set_gets(corebiometh, bio_core_gets) + || !BIO_meth_set_ctrl(corebiometh, bio_core_ctrl) + || !BIO_meth_set_create(corebiometh, bio_core_new) + || !BIO_meth_set_destroy(corebiometh, bio_core_free)) { + BIO_meth_free(corebiometh); + return NULL; + } + + return corebiometh; +} + +BIO *bio_new_from_core_bio(PROV_CTX *provctx, OSSL_CORE_BIO *corebio) +{ + BIO *outbio; + BIO_METHOD *corebiometh = PROV_CTX_get0_core_bio_method(provctx); + + if (corebiometh == NULL) + return NULL; + + outbio = BIO_new(corebiometh); + if (outbio != NULL) + BIO_set_data(outbio, corebio); + + return outbio; +} + +#endif diff --git a/providers/common/include/prov/bio.h b/providers/common/include/prov/bio.h index 63f9d4ec3a..732dc06f03 100644 --- a/providers/common/include/prov/bio.h +++ b/providers/common/include/prov/bio.h @@ -10,13 +10,19 @@ #include <stdarg.h> #include <openssl/bio.h> #include <openssl/core.h> +#include "prov/provider_ctx.h" int ossl_prov_bio_from_dispatch(const OSSL_DISPATCH *fns); -BIO *ossl_prov_bio_new_file(const char *filename, const char *mode); -BIO *ossl_prov_bio_new_membuf(const char *filename, int len); -int ossl_prov_bio_read_ex(BIO *bio, void *data, size_t data_len, +OSSL_CORE_BIO *ossl_prov_bio_new_file(const char *filename, const char *mode); +OSSL_CORE_BIO *ossl_prov_bio_new_membuf(const char *filename, int len); +int ossl_prov_bio_read_ex(OSSL_CORE_BIO *bio, void *data, size_t data_len, size_t *bytes_read); -int ossl_prov_bio_free(BIO *bio); -int ossl_prov_bio_vprintf(BIO *bio, const char *format, va_list ap); -int ossl_prov_bio_printf(BIO *bio, const char *format, ...); +int ossl_prov_bio_write_ex(OSSL_CORE_BIO *bio, const void *data, size_t data_len, + size_t *written); +int ossl_prov_bio_free(OSSL_CORE_BIO *bio); +int ossl_prov_bio_vprintf(OSSL_CORE_BIO *bio, const char *format, va_list ap); +int ossl_prov_bio_printf(OSSL_CORE_BIO *bio, const char *format, ...); + +BIO_METHOD *bio_prov_init_bio_method(void); +BIO *bio_new_from_core_bio(PROV_CTX *provctx, OSSL_CORE_BIO *corebio); diff --git a/providers/common/include/prov/provider_ctx.h b/providers/common/include/prov/provider_ctx.h index fc2df2ee67..a252143e81 100644 --- a/providers/common/include/prov/provider_ctx.h +++ b/providers/common/include/prov/provider_ctx.h @@ -7,24 +7,34 @@ * https://www.openssl.org/source/license.html */ -#include <openssl/types.h> -#include <openssl/crypto.h> +#ifndef OSSL_PROV_PROVIDER_CTX_H +# define OSSL_PROV_PROVIDER_CTX_H + +# include <openssl/types.h> +# include <openssl/crypto.h> +# include <openssl/bio.h> +# include <openssl/core.h> typedef struct prov_ctx_st { - const OSSL_PROVIDER *provider; + const OSSL_CORE_HANDLE *handle; OPENSSL_CTX *libctx; /* For all provider modules */ + BIO_METHOD *corebiometh; } PROV_CTX; /* * To be used anywhere the library context needs to be passed, such as to * fetching functions. */ -#define PROV_LIBRARY_CONTEXT_OF(provctx) \ +# define PROV_LIBRARY_CONTEXT_OF(provctx) \ PROV_CTX_get0_library_context((provctx)) PROV_CTX *PROV_CTX_new(void); void PROV_CTX_free(PROV_CTX *ctx); void PROV_CTX_set0_library_context(PROV_CTX *ctx, OPENSSL_CTX *libctx); -void PROV_CTX_set0_provider(PROV_CTX *ctx, const OSSL_PROVIDER *libctx); +void PROV_CTX_set0_handle(PROV_CTX *ctx, const OSSL_CORE_HANDLE *handle); +void PROV_CTX_set0_core_bio_method(PROV_CTX *ctx, BIO_METHOD *corebiometh); OPENSSL_CTX *PROV_CTX_get0_library_context(PROV_CTX *ctx); -const OSSL_PROVIDER *PROV_CTX_get0_provider(PROV_CTX *ctx); +const OSSL_CORE_HANDLE *PROV_CTX_get0_handle(PROV_CTX *ctx); +BIO_METHOD *PROV_CTX_get0_core_bio_method(PROV_CTX *ctx); + +#endif diff --git a/providers/common/include/prov/providercommon.h b/providers/common/include/prov/providercommon.h index 5123f78ee1..07c5a67f38 100644 --- a/providers/common/include/prov/providercommon.h +++ b/providers/common/include/prov/providercommon.h @@ -9,7 +9,7 @@ #include <openssl/provider.h> -const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx); +const OSSL_CORE_HANDLE *FIPS_get_core_handle(OPENSSL_CTX *ctx); const char *ossl_prov_util_nid_to_name(int nid); diff --git a/providers/common/provider_ctx.c b/providers/common/provider_ctx.c index 66c7c74890..04cca1f23e 100644 --- a/providers/common/provider_ctx.c +++ b/providers/common/provider_ctx.c @@ -9,6 +9,7 @@ #include <stdlib.h> #include "prov/provider_ctx.h" +#include "prov/bio.h" PROV_CTX *PROV_CTX_new(void) { @@ -26,12 +27,17 @@ void PROV_CTX_set0_library_context(PROV_CTX *ctx, OPENSSL_CTX *libctx) ctx->libctx = libctx; } -void PROV_CTX_set0_provider(PROV_CTX *ctx, const OSSL_PROVIDER *provider) +void PROV_CTX_set0_handle(PROV_CTX *ctx, const OSSL_CORE_HANDLE *handle) { if (ctx != NULL) - ctx->provider = provider; + ctx->handle = handle; } +void PROV_CTX_set0_core_bio_method(PROV_CTX *ctx, BIO_METHOD *corebiometh) +{ + if (ctx != NULL) + ctx->corebiometh = corebiometh; +} OPENSSL_CTX *PROV_CTX_get0_library_context(PROV_CTX *ctx) { @@ -40,9 +46,16 @@ OPENSSL_CTX *PROV_CTX_get0_library_context(PROV_CTX *ctx) return ctx->libctx; } -const OSSL_PROVIDER *PROV_CTX_get0_provider(PROV_CTX *ctx) +const OSSL_CORE_HANDLE *PROV_CTX_get0_handle(PROV_CTX *ctx) +{ + if (ctx == NULL) + return NULL; + return ctx->handle; +} + +BIO_METHOD *PROV_CTX_get0_core_bio_method(PROV_CTX *ctx) { if (ctx == NULL) return NULL; - return ctx->provider; + return ctx->corebiometh; } diff --git a/providers/defltprov.c b/providers/defltprov.c index cedbddb80e..4b15a21c0b 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -552,6 +552,7 @@ static const OSSL_ALGORITHM *deflt_query(void *provctx, int operation_id, static void deflt_teardown(void *provctx) { + BIO_meth_free(PROV_CTX_get0_core_bio_method(provctx)); PROV_CTX_free(provctx); } @@ -566,12 +567,13 @@ static const OSSL_DISPATCH deflt_dispatch_table[] = { OSSL_provider_init_fn ossl_default_provider_init; -int ossl_default_provider_init(const OSSL_PROVIDER *provider, +int ossl_default_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, void **provctx) { OSSL_core_get_library_context_fn *c_get_libctx = NULL; + BIO_METHOD *corebiometh; if (!ossl_prov_bio_from_dispatch(in)) return 0; @@ -598,15 +600,20 @@ int ossl_default_provider_init(const OSSL_PROVIDER *provider, /* * We want to make sure that all calls from this provider that requires * a library context use the same context as the one used to call our - * functions. We do that by passing it along as the provider context. + * functions. We do that by passing it along in the provider context. * - * This is special for built-in providers. External providers should + * This only works for built-in providers. Most providers should * create their own library context. */ - if ((*provctx = PROV_CTX_new()) == NULL) + if ((*provctx = PROV_CTX_new()) == NULL + || (corebiometh = bio_prov_init_bio_method()) == NULL) { + PROV_CTX_free(*provctx); + *provctx = NULL; return 0; - PROV_CTX_set0_library_context(*provctx, c_get_libctx(provider)); - PROV_CTX_set0_provider(*provctx, provider); + } + PROV_CTX_set0_library_context(*provctx, (OPENSSL_CTX *)c_get_libctx(handle)); + PROV_CTX_set0_handle(*provctx, handle); + PROV_CTX_set0_core_bio_method(*provctx, corebiometh); *out = deflt_dispatch_table; diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 1d19c1b91a..1c4f3fdf50 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -81,7 +81,7 @@ static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated; static OSSL_BIO_vsnprintf_fn *c_BIO_vsnprintf; typedef struct fips_global_st { - const OSSL_PROVIDER *prov; + const OSSL_CORE_HANDLE *handle; } FIPS_GLOBAL; static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx) @@ -546,7 +546,7 @@ static const OSSL_DISPATCH intern_dispatch_table[] = { }; -int OSSL_provider_init(const OSSL_PROVIDER *provider, +int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, void **provctx) @@ -647,7 +647,7 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, } if (stcbfn != NULL && c_get_libctx != NULL) { - stcbfn(c_get_libctx(provider), &selftest_params.cb, + stcbfn(c_get_libctx(handle), &selftest_params.cb, &selftest_params.cb_arg); } else { @@ -655,7 +655,7 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, selftest_params.cb_arg = NULL; } - if (!c_get_params(provider, core_params)) + if (!c_get_params(handle, core_params)) return 0; /* Create a context. */ @@ -670,13 +670,13 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, goto err; } PROV_CTX_set0_library_context(*provctx, libctx); - PROV_CTX_set0_provider(*provctx, provider); + PROV_CTX_set0_handle(*provctx, handle); if ((fgbl = openssl_ctx_get_data(libctx, OPENSSL_CTX_FIPS_PROV_INDEX, &fips_prov_ossl_ctx_method)) == NULL) goto err; - fgbl->prov = provider; + fgbl->handle = handle; selftest_params.libctx = libctx; if (!SELF_TEST_post(&selftest_params, 0)) @@ -706,7 +706,7 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, * that was used in the EVP call that initiated this recursive call. */ OSSL_provider_init_fn fips_intern_provider_init; -int fips_intern_provider_init(const OSSL_PROVIDER *provider, +int fips_intern_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, void **provctx) @@ -728,8 +728,13 @@ int fips_intern_provider_init(const OSSL_PROVIDER *provider, if ((*provctx = PROV_CTX_new()) == NULL) return 0; - PROV_CTX_set0_library_context(*provctx, c_get_libctx(provider)); - PROV_CTX_set0_provider(*provctx, provider); + /* + * Using the parent library context only works because we are a built-in + * internal provider. This is not something that most providers would be + * able to do. + */ + PROV_CTX_set0_library_context(*provctx, (OPENSSL_CTX *)c_get_libctx(handle)); + PROV_CTX_set0_handle(*provctx, handle); *out = intern_dispatch_table; return 1; @@ -781,7 +786,7 @@ int ERR_pop_to_mark(void) * is also called from other parts of libcrypto, which all pass around a * OPENSSL_CTX pointer) */ -const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *libctx) +const OSSL_CORE_HANDLE *FIPS_get_core_handle(OPENSSL_CTX *libctx) { FIPS_GLOBAL *fgbl = openssl_ctx_get_data(libctx, OPENSSL_CTX_FIPS_PROV_INDEX, @@ -790,7 +795,7 @@ const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *libctx) if (fgbl == NULL) return NULL; - return fgbl->prov; + return fgbl->handle; } void *CRYPTO_malloc(size_t num, const char *file, int line) diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c index 5c69dfa691..b767e8f300 100644 --- a/providers/fips/self_test.c +++ b/providers/fips/self_test.c @@ -130,7 +130,7 @@ DEP_FINI_ATTRIBUTE void cleanup(void) * the result matches the expected value. * Return 1 if verified, or 0 if it fails. */ -static int verify_integrity(BIO *bio, OSSL_BIO_read_ex_fn read_ex_cb, +static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_BIO_read_ex_fn read_ex_cb, unsigned char *expected, size_t expected_len, OPENSSL_CTX *libctx, OSSL_SELF_TEST *ev, const char *event_type) @@ -188,7 +188,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) int ok = 0; int kats_already_passed = 0; long checksum_len; - BIO *bio_module = NULL, *bio_indicator = NULL; + OSSL_CORE_BIO *bio_module = NULL, *bio_indicator = NULL; unsigned char *module_checksum = NULL; unsigned char *indicator_checksum = NULL; int loclstate; diff --git a/providers/implementations/serializers/serializer_common.c b/providers/implementations/serializers/serializer_common.c index 2dbbe6b37c..75c1ddc245 100644 --- a/providers/implementations/serializers/serializer_common.c +++ b/providers/implementations/serializers/serializer_common.c @@ -178,7 +178,7 @@ int ossl_prov_print_labeled_bignum(BIO *out, const char *label, } if (BN_is_zero(bn)) - return ossl_prov_bio_printf(out, "%s%s0\n", label, post_label_spc); + return BIO_printf(out, "%s%s0\n", label, post_label_spc); if (BN_num_bytes(bn) <= BN_BYTES) { BN_ULONG *words = bn_get_words(bn); @@ -186,10 +186,8 @@ int ossl_prov_print_labeled_bignum(BIO *out, const char *label, if (BN_is_negative(bn)) neg = "-"; - return ossl_prov_bio_printf(out, - "%s%s%s" BN_FMTu " (%s0x" BN_FMTx ")\n", - label, post_label_spc, neg, words[0], - neg, words[0]); + return BIO_printf(out, "%s%s%s" BN_FMTu " (%s0x" BN_FMTx ")\n", + label, post_label_spc, neg, words[0], neg, words[0]); } hex_str = BN_bn2hex(bn); @@ -198,18 +196,18 @@ int ossl_prov_print_labeled_bignum(BIO *out, const char *label, ++p; neg = " (Negative)"; } - if (ossl_prov_bio_printf(out, "%s%s\n", label, neg) <= 0) + if (BIO_printf(out, "%s%s\n", label, neg) <= 0) goto err; /* Keep track of how many bytes we have printed out so far */ bytes = 0; - if (ossl_prov_bio_printf(out, "%s", spaces) <= 0) + if (BIO_printf(out, "%s", spaces) <= 0) goto err; /* Add a leading 00 if the top bit is set */ if (*p >= '8') { - if (ossl_prov_bio_printf(out, "%02x", 0) <= 0) + if (BIO_printf(out, "%02x", 0) <= 0) goto err; ++bytes; use_sep = 1; @@ -217,18 +215,18 @@ int ossl_prov_print_labeled_bignum(BIO *out, const char *label, while (*p != '\0') { /* Do a newline after every 15 hex bytes + add the space indent */ if ((bytes % 15) == 0 && bytes > 0) { - if (ossl_prov_bio_printf(out, ":\n%s", spaces) <= 0) + if (BIO_printf(out, ":\n%s", spaces) <= 0) goto err; use_sep = 0; /* The first byte on the next line doesnt have a : */ } - if (ossl_prov_bio_printf(out, "%s%c%c", use_sep ? ":" : "", - ossl_tolower(p[0]), ossl_tolower(p[1])) <= 0) + if (BIO_printf(out, "%s%c%c", use_sep ? ":" : "", + ossl_tolower(p[0]), ossl_tolower(p[1])) <= 0) goto err; ++bytes; p += 2; use_sep = 1; } - if (ossl_prov_bio_printf(out, "\n") <= 0) + if (BIO_printf(out, "\n") <= 0) goto err; ret = 1; err: @@ -244,22 +242,22 @@ int ossl_prov_print_labeled_buf(BIO *out, const char *label, { size_t i; - if (ossl_prov_bio_printf(out, "%s\n", label) <= 0) + if (BIO_printf(out, "%s\n", label) <= 0) return 0; for (i = 0; i < buflen; i++) { if ((i % LABELED_BUF_PRINT_WIDTH) == 0) { - if (i > 0 && ossl_prov_bio_printf(out, "\n") <= 0) + if (i > 0 && BIO_printf(out, "\n") <= 0) return 0; - if (ossl_prov_bio_printf(out, " ") <= 0) + if (BIO_printf(out, " ") <= 0) return 0; } - if (ossl_prov_bio_printf(out, "%02x%s", buf[i], + if (BIO_printf(out, "%02x%s", buf[i], (i == buflen - 1) ? "" : ":") <= 0) return 0; } - if (ossl_prov_bio_printf(out, "\n") <= 0) + if (BIO_printf(out, "\n") <= 0) return 0; return 1; diff --git a/providers/implementations/serializers/serializer_dh.c b/providers/implementations/serializers/serializer_dh.c index 2b616b2ef1..df92017ba3 100644 --- a/providers/implementations/serializers/serializer_dh.c +++ b/providers/implementations/serializers/serializer_dh.c @@ -70,7 +70,7 @@ int ossl_prov_print_dh(BIO *out, DH *dh, enum dh_print_type type) if (p == NULL) goto null_err; - if (ossl_prov_bio_printf(out, "%s: (%d bit)\n", type_label, BN_num_bits(p)) + if (BIO_printf(out, "%s: (%d bit)\n", type_label, BN_num_bits(p)) <= 0) goto err; if (priv_key != NULL diff --git a/providers/implementations/serializers/serializer_dh_param.c b/providers/implementations/serializers/serializer_dh_param.c index 5e06178590..4acf5caec6 100644 --- a/providers/implementations/serializers/serializer_dh_param.c +++ b/providers/implementations/serializers/serializer_dh_param.c @@ -21,6 +21,7 @@ #include "prov/bio.h" #include "prov/implementations.h" #include "prov/providercommonerr.h" +#include "prov/provider_ctx.h" #include "serializer_local.h" static OSSL_OP_serializer_newctx_fn dh_param_newctx; @@ -48,7 +49,8 @@ static void dh_param_freectx(void *ctx) } /* Public key : DER */ -static int dh_param_der_data(void *ctx, const OSSL_PARAM params[], BIO *out, +static int dh_param_der_data(void *ctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *dh_new = ossl_prov_get_keymgmt_dh_new(); @@ -69,14 +71,23 @@ static int dh_param_der_data(void *ctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int dh_param_der(void *ctx, void *dh, BIO *out, +static int dh_param_der(void *ctx, void *dh, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return i2d_DHparams_bio(out, dh); + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + ret = i2d_DHparams_bio(out, dh); + BIO_free(out); + + return ret; } /* Public key : PEM */ -static int dh_param_pem_data(void *ctx, const OSSL_PARAM params[], BIO *out, +static int dh_param_pem_data(void *ctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *dh_new = ossl_prov_get_keymgmt_dh_new(); @@ -97,13 +108,23 @@ static int dh_param_pem_data(void *ctx, const OSSL_PARAM params[], BIO *out, return ok; } -static int dh_param_pem(void *ctx, void *dh, BIO *out, +static int dh_param_pem(void *ctx, void *dh, OSSL_CORE_BIO *cout, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { - return PEM_write_bio_DHparams(out, dh); + BIO *out = bio_new_from_core_bio(ctx, cout); + int ret; + + if (out == NULL) + return 0; + + ret = PEM_write_bio_DHparams(out, dh); + BIO_free(out); + + return ret; } -static int dh_param_print_data(void *ctx, const OSSL_PARAM params[], BIO *out, +static int dh_param_print_data(void *ctx, const OSSL_PARAM params[], + OSSL_CORE_BIO *out, OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) { OSSL_OP_keymgmt_new_fn *dh_new = ossl_prov_get_keymgmt_dh_new(); @@ -124,10 +145,19 @@ static int dh_param_print_data(void *ctx, const OSSL_PARAM params[], BIO *o |