diff options
-rw-r--r-- | crypto/dh/dh_lib.c | 5 | ||||
-rw-r--r-- | crypto/dsa/dsa_lib.c | 5 | ||||
-rw-r--r-- | crypto/ec/ec_key.c | 6 | ||||
-rw-r--r-- | crypto/ec/ecx_key.c | 5 | ||||
-rw-r--r-- | crypto/rsa/rsa_lib.c | 5 | ||||
-rw-r--r-- | include/crypto/dh.h | 1 | ||||
-rw-r--r-- | include/crypto/dsa.h | 1 | ||||
-rw-r--r-- | include/crypto/ec.h | 1 | ||||
-rw-r--r-- | include/crypto/ecx.h | 1 | ||||
-rw-r--r-- | include/crypto/rsa.h | 1 | ||||
-rw-r--r-- | providers/implementations/encode_decode/decode_der2key.c | 60 |
11 files changed, 91 insertions, 0 deletions
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index e687b04259..e8a66878ab 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -168,6 +168,11 @@ int DH_up_ref(DH *r) return ((i > 1) ? 1 : 0); } +void ossl_dh_set0_libctx(DH *d, OSSL_LIB_CTX *libctx) +{ + d->libctx = libctx; +} + #ifndef FIPS_MODULE int DH_set_ex_data(DH *d, int idx, void *arg) { diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 4a9f572edd..df9dd73dfd 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -247,6 +247,11 @@ int DSA_up_ref(DSA *r) return ((i > 1) ? 1 : 0); } +void ossl_dsa_set0_libctx(DSA *d, OSSL_LIB_CTX *libctx) +{ + d->libctx = libctx; +} + void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) { diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index da3d6f04a2..d03c75e8aa 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -659,6 +659,12 @@ const char *ec_key_get0_propq(const EC_KEY *key) return key->propq; } +void ec_key_set0_libctx(EC_KEY *key, OSSL_LIB_CTX *libctx) +{ + key->libctx = libctx; + /* Do we need to propagate this to the group? */ +} + const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key) { return key->group; diff --git a/crypto/ec/ecx_key.c b/crypto/ec/ecx_key.c index db74a40c97..2b9386d522 100644 --- a/crypto/ec/ecx_key.c +++ b/crypto/ec/ecx_key.c @@ -73,6 +73,11 @@ void ecx_key_free(ECX_KEY *key) OPENSSL_free(key); } +void ecx_key_set0_libctx(ECX_KEY *key, OSSL_LIB_CTX *libctx) +{ + key->libctx = libctx; +} + int ecx_key_up_ref(ECX_KEY *key) { int i; diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 8e7ad45608..f4e3ff423e 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -194,6 +194,11 @@ OSSL_LIB_CTX *ossl_rsa_get0_libctx(RSA *r) return r->libctx; } +void ossl_rsa_set0_libctx(RSA *r, OSSL_LIB_CTX *libctx) +{ + r->libctx = libctx; +} + #ifndef FIPS_MODULE int RSA_set_ex_data(RSA *r, int idx, void *arg) { diff --git a/include/crypto/dh.h b/include/crypto/dh.h index 3afe16935f..290cc7c0d2 100644 --- a/include/crypto/dh.h +++ b/include/crypto/dh.h @@ -14,6 +14,7 @@ DH *dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid); DH *dh_new_ex(OSSL_LIB_CTX *libctx); +void ossl_dh_set0_libctx(DH *d, OSSL_LIB_CTX *libctx); int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits, BN_GENCB *cb); diff --git a/include/crypto/dsa.h b/include/crypto/dsa.h index 759fa4cce4..775a83c1ea 100644 --- a/include/crypto/dsa.h +++ b/include/crypto/dsa.h @@ -15,6 +15,7 @@ #define DSA_PARAMGEN_TYPE_FIPS_186_2 1 /* Use legacy FIPS186-2 standard */ DSA *dsa_new_with_ctx(OSSL_LIB_CTX *libctx); +void ossl_dsa_set0_libctx(DSA *d, OSSL_LIB_CTX *libctx); int dsa_generate_ffc_parameters(DSA *dsa, int type, int pbits, int qbits, BN_GENCB *cb); diff --git a/include/crypto/ec.h b/include/crypto/ec.h index 451a3751a1..087457fa50 100644 --- a/include/crypto/ec.h +++ b/include/crypto/ec.h @@ -61,6 +61,7 @@ int ec_key_private_check(const EC_KEY *eckey); int ec_key_pairwise_check(const EC_KEY *eckey, BN_CTX *ctx); OSSL_LIB_CTX *ec_key_get_libctx(const EC_KEY *eckey); const char *ec_key_get0_propq(const EC_KEY *eckey); +void ec_key_set0_libctx(EC_KEY *key, OSSL_LIB_CTX *libctx); /* Backend support */ int ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl, diff --git a/include/crypto/ecx.h b/include/crypto/ecx.h index 4771df5fb6..df04cdb562 100644 --- a/include/crypto/ecx.h +++ b/include/crypto/ecx.h @@ -77,6 +77,7 @@ typedef struct ecx_key_st ECX_KEY; size_t ecx_key_length(ECX_KEY_TYPE type); ECX_KEY *ecx_key_new(OSSL_LIB_CTX *libctx, ECX_KEY_TYPE type, int haspubkey, const char *propq); +void ecx_key_set0_libctx(ECX_KEY *key, OSSL_LIB_CTX *libctx); unsigned char *ecx_key_allocate_privkey(ECX_KEY *key); void ecx_key_free(ECX_KEY *key); int ecx_key_up_ref(ECX_KEY *key); diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h index ede11cfd41..cb53b5dde6 100644 --- a/include/crypto/rsa.h +++ b/include/crypto/rsa.h @@ -51,6 +51,7 @@ const char *ossl_rsa_oaeppss_nid2name(int md); RSA *ossl_rsa_new_with_ctx(OSSL_LIB_CTX *libctx); OSSL_LIB_CTX *ossl_rsa_get0_libctx(RSA *r); +void ossl_rsa_set0_libctx(RSA *r, OSSL_LIB_CTX *libctx); int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes, const STACK_OF(BIGNUM) *exps, diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index 17ed16235d..a91bd3b7b8 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -24,7 +24,11 @@ #include <openssl/x509.h> #include "internal/cryptlib.h" /* ossl_assert() */ #include "internal/asn1.h" +#include "crypto/dh.h" +#include "crypto/dsa.h" +#include "crypto/ec.h" #include "crypto/ecx.h" +#include "crypto/rsa.h" #include "prov/bio.h" #include "prov/implementations.h" #include "prov/providercommonerr.h" @@ -106,7 +110,9 @@ static OSSL_FUNC_decoder_freectx_fn der2key_freectx; static OSSL_FUNC_decoder_decode_fn der2key_decode; static OSSL_FUNC_decoder_export_object_fn der2key_export_object; +struct der2key_ctx_st; /* Forward declaration */ typedef void *(extract_key_fn)(EVP_PKEY *); +typedef void (adjust_key_fn)(void *, struct der2key_ctx_st *ctx); typedef void (free_key_fn)(void *); struct keytype_desc_st { const char *keytype_name; @@ -130,10 +136,16 @@ struct keytype_desc_st { d2i_of_void *d2i_private_key; d2i_of_void *d2i_public_key; d2i_of_void *d2i_key_params; + /* * For PKCS#8 decoders, we use EVP_PKEY extractors, EVP_PKEY_get1_{TYPE}() */ extract_key_fn *extract_key; + /* + * For any key, we may need to make provider specific adjustments, such + * as ensure the key carries the correct library context. + */ + adjust_key_fn *adjust_key; /* {type}_free() */ free_key_fn *free_key; }; @@ -341,6 +353,9 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, } } + if (key != NULL && ctx->desc->adjust_key != NULL) + ctx->desc->adjust_key(key, ctx); + end: /* * Prune low-level ASN.1 parse errors from error queue, assuming @@ -403,12 +418,18 @@ static int der2key_export_object(void *vctx, # define dh_d2i_key_params (d2i_of_void *)d2i_DHparams # define dh_free (free_key_fn *)DH_free +static void dh_adjust(void *key, struct der2key_ctx_st *ctx) +{ + ossl_dh_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); +} + # define dhx_evp_type EVP_PKEY_DHX # define dhx_evp_extract (extract_key_fn *)EVP_PKEY_get1_DH # define dhx_d2i_private_key NULL # define dhx_d2i_public_key NULL # define dhx_d2i_key_params (d2i_of_void *)d2i_DHxparams # define dhx_free (free_key_fn *)DH_free +# define dhx_adjust dh_adjust #endif /* ---------------------------------------------------------------------- */ @@ -420,6 +441,11 @@ static int der2key_export_object(void *vctx, # define dsa_d2i_public_key (d2i_of_void *)d2i_DSAPublicKey # define dsa_d2i_key_params (d2i_of_void *)d2i_DSAparams # define dsa_free (free_key_fn *)DSA_free + +static void dsa_adjust(void *key, struct der2key_ctx_st *ctx) +{ + ossl_dsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); +} #endif /* ---------------------------------------------------------------------- */ @@ -432,16 +458,28 @@ static int der2key_export_object(void *vctx, # define ec_d2i_key_params (d2i_of_void *)d2i_ECParameters # define ec_free (free_key_fn *)EC_KEY_free +static void ec_adjust(void *key, struct der2key_ctx_st *ctx) +{ + ec_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); +} + /* * ED25519, ED448, X25519, X448 only implement PKCS#8 and SubjectPublicKeyInfo, * so no d2i functions to be had. */ + +static void ecx_key_adjust(void *key, struct der2key_ctx_st *ctx) +{ + ecx_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); +} + # define ed25519_evp_type EVP_PKEY_ED25519 # define ed25519_evp_extract (extract_key_fn *)evp_pkey_get1_ED25519 # define ed25519_d2i_private_key NULL # define ed25519_d2i_public_key NULL # define ed25519_d2i_key_params NULL # define ed25519_free (free_key_fn *)ecx_key_free +# define ed25519_adjust ecx_key_adjust # define ed448_evp_type EVP_PKEY_ED448 # define ed448_evp_extract (extract_key_fn *)evp_pkey_get1_ED448 @@ -449,6 +487,7 @@ static int der2key_export_object(void *vctx, # define ed448_d2i_public_key NULL # define ed448_d2i_key_params NULL # define ed448_free (free_key_fn *)ecx_key_free +# define ed448_adjust ecx_key_adjust # define x25519_evp_type EVP_PKEY_X25519 # define x25519_evp_extract (extract_key_fn *)evp_pkey_get1_X25519 @@ -456,6 +495,7 @@ static int der2key_export_object(void *vctx, # define x25519_d2i_public_key NULL # define x25519_d2i_key_params NULL # define x25519_free (free_key_fn *)ecx_key_free +# define x25519_adjust ecx_key_adjust # define x448_evp_type EVP_PKEY_X448 # define x448_evp_extract (extract_key_fn *)evp_pkey_get1_X448 @@ -463,6 +503,7 @@ static int der2key_export_object(void *vctx, # define x448_d2i_public_key NULL # define x448_d2i_key_params NULL # define x448_free (free_key_fn *)ecx_key_free +# define x448_adjust ecx_key_adjust #endif /* ---------------------------------------------------------------------- */ @@ -474,12 +515,18 @@ static int der2key_export_object(void *vctx, #define rsa_d2i_key_params NULL #define rsa_free (free_key_fn *)RSA_free +static void rsa_adjust(void *key, struct der2key_ctx_st *ctx) +{ + ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); +} + #define rsapss_evp_type EVP_PKEY_RSA_PSS #define rsapss_evp_extract (extract_key_fn *)EVP_PKEY_get1_RSA #define rsapss_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey #define rsapss_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey #define rsapss_d2i_key_params NULL #define rsapss_free (free_key_fn *)RSA_free +#define rsapss_adjust rsa_adjust /* ---------------------------------------------------------------------- */ @@ -494,6 +541,7 @@ static int der2key_export_object(void *vctx, keytype##_d2i_public_key, \ NULL, \ NULL, \ + keytype##_adjust, \ keytype##_free #define DO_type_specific_pub(keytype) \ @@ -503,6 +551,7 @@ static int der2key_export_object(void *vctx, keytype##_d2i_public_key, \ NULL, \ NULL, \ + keytype##_adjust, \ keytype##_free #define DO_type_specific_priv(keytype) \ @@ -512,6 +561,7 @@ static int der2key_export_object(void *vctx, NULL, \ NULL, \ NULL, \ + keytype##_adjust, \ keytype##_free #define DO_type_specific_params(keytype) \ @@ -521,6 +571,7 @@ static int der2key_export_object(void *vctx, NULL, \ keytype##_d2i_key_params, \ NULL, \ + keytype##_adjust, \ keytype##_free #define DO_type_specific(keytype) \ @@ -530,6 +581,7 @@ static int der2key_export_object(void *vctx, keytype##_d2i_public_key, \ keytype##_d2i_key_params, \ NULL, \ + keytype##_adjust, \ keytype##_free #define DO_type_specific_no_pub(keytype) \ @@ -540,6 +592,7 @@ static int der2key_export_object(void *vctx, NULL, \ keytype##_d2i_key_params, \ NULL, \ + keytype##_adjust, \ keytype##_free #define DO_PKCS8(keytype) \ @@ -549,6 +602,7 @@ static int der2key_export_object(void *vctx, NULL, \ NULL, \ keytype##_evp_extract, \ + keytype##_adjust, \ keytype##_free #define DO_SubjectPublicKeyInfo(keytype) \ @@ -558,6 +612,7 @@ static int der2key_export_object(void *vctx, NULL, \ NULL, \ keytype##_evp_extract, \ + keytype##_adjust, \ keytype##_free #define DO_DH(keytype) \ @@ -567,6 +622,7 @@ static int der2key_export_object(void *vctx, NULL, \ keytype##_d2i_key_params, \ NULL, \ + keytype##_adjust, \ keytype##_free #define DO_DHX(keytype) \ @@ -576,6 +632,7 @@ static int der2key_export_object(void *vctx, NULL, \ keytype##_d2i_key_params, \ NULL, \ + keytype##_adjust, \ keytype##_free #define DO_DSA(keytype) \ @@ -585,6 +642,7 @@ static int der2key_export_object(void *vctx, keytype##_d2i_public_key, \ keytype##_d2i_key_params, \ NULL, \ + keytype##_adjust, \ keytype##_free #define DO_EC(keytype) \ @@ -595,6 +653,7 @@ static int der2key_export_object(void *vctx, NULL, \ keytype##_d2i_key_params, \ NULL, \ + keytype##_adjust, \ keytype##_free #define DO_RSA(keytype) \ @@ -604,6 +663,7 @@ static int der2key_export_object(void *vctx, keytype##_d2i_public_key, \ NULL, \ NULL, \ + keytype##_adjust, \ keytype##_free /* |