From 5e2d22d53ed322a7124e26a4fbd116a8210eb77a Mon Sep 17 00:00:00 2001
From: Jon Spillett <jon.spillett@oracle.com>
Date: Tue, 18 May 2021 13:37:35 +1000
Subject: Pass library context and property query into private key decoders

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14587)
---
 crypto/pem/pvkfmt.c                                  | 20 ++++++++++++++++----
 include/crypto/pem.h                                 |  4 ++++
 .../implementations/encode_decode/decode_pvk2key.c   | 10 ++++++----
 3 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index d08fab4ba8..1ff68e2158 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -946,21 +946,33 @@ static void *do_PVK_key_bio(BIO *in, pem_password_cb *cb, void *u,
 }
 
 #ifndef OPENSSL_NO_DSA
-DSA *b2i_DSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
+DSA *b2i_DSA_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u,
+                        OSSL_LIB_CTX *libctx, const char *propq)
 {
     int isdss = 1;
     int ispub = 0;               /* PVK keys are always private */
 
-    return do_PVK_key_bio(in, cb, u, &isdss, &ispub, NULL, NULL);
+    return do_PVK_key_bio(in, cb, u, &isdss, &ispub, libctx, propq);
+}
+
+DSA *b2i_DSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
+{
+    return b2i_DSA_PVK_bio_ex(in, cb, u, NULL, NULL);
 }
 #endif
 
-RSA *b2i_RSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
+RSA *b2i_RSA_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u,
+                        OSSL_LIB_CTX *libctx, const char *propq)
 {
     int isdss = 0;
     int ispub = 0;               /* PVK keys are always private */
 
-    return do_PVK_key_bio(in, cb, u, &isdss, &ispub, NULL, NULL);
+    return do_PVK_key_bio(in, cb, u, &isdss, &ispub, libctx, propq);
+}
+
+RSA *b2i_RSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
+{
+    return b2i_RSA_PVK_bio_ex(in, cb, u, NULL, NULL);
 }
 
 EVP_PKEY *b2i_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u,
diff --git a/include/crypto/pem.h b/include/crypto/pem.h
index 2a0e6424a5..840dc18f06 100644
--- a/include/crypto/pem.h
+++ b/include/crypto/pem.h
@@ -40,8 +40,12 @@ EVP_PKEY *ossl_b2i_bio(BIO *in, int *ispub);
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 #  ifndef OPENSSL_NO_DSA
 DSA *b2i_DSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
+DSA *b2i_DSA_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u,
+                        OSSL_LIB_CTX *libctx, const char *propq);
 #  endif
 RSA *b2i_RSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
+RSA *b2i_RSA_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u,
+                        OSSL_LIB_CTX *libctx, const char *propq);
 # endif
 
 #endif
diff --git a/providers/implementations/encode_decode/decode_pvk2key.c b/providers/implementations/encode_decode/decode_pvk2key.c
index 702c89a928..b69b2416a5 100644
--- a/providers/implementations/encode_decode/decode_pvk2key.c
+++ b/providers/implementations/encode_decode/decode_pvk2key.c
@@ -33,7 +33,8 @@
 struct pvk2key_ctx_st;            /* Forward declaration */
 typedef int check_key_fn(void *, struct pvk2key_ctx_st *ctx);
 typedef void adjust_key_fn(void *, struct pvk2key_ctx_st *ctx);
-typedef void *b2i_PVK_of_bio_pw_fn(BIO *in, pem_password_cb *cb, void *u);
+typedef void *b2i_PVK_of_bio_pw_fn(BIO *in, pem_password_cb *cb, void *u,
+                                   OSSL_LIB_CTX *libctx, const char *propq);
 typedef void free_key_fn(void *);
 struct keytype_desc_st {
     int type;                 /* EVP key type */
@@ -118,7 +119,8 @@ static int pvk2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
         if (!ossl_pw_set_ossl_passphrase_cb(&pwdata, pw_cb, pw_cbarg))
             goto end;
 
-        key = ctx->desc->read_private_key(in, ossl_pw_pem_password, &pwdata);
+        key = ctx->desc->read_private_key(in, ossl_pw_pem_password, &pwdata,
+                                          PROV_LIBCTX_OF(ctx->provctx), NULL);
 
         /*
          * Because the PVK API doesn't have a separate decrypt call, we need
@@ -204,13 +206,13 @@ static int pvk2key_export_object(void *vctx,
 
 /* ---------------------------------------------------------------------- */
 
-#define dsa_private_key_bio     (b2i_PVK_of_bio_pw_fn *)b2i_DSA_PVK_bio
+#define dsa_private_key_bio     (b2i_PVK_of_bio_pw_fn *)b2i_DSA_PVK_bio_ex
 #define dsa_adjust              NULL
 #define dsa_free                (void (*)(void *))DSA_free
 
 /* ---------------------------------------------------------------------- */
 
-#define rsa_private_key_bio     (b2i_PVK_of_bio_pw_fn *)b2i_RSA_PVK_bio
+#define rsa_private_key_bio     (b2i_PVK_of_bio_pw_fn *)b2i_RSA_PVK_bio_ex
 
 static void rsa_adjust(void *key, struct pvk2key_ctx_st *ctx)
 {
-- 
cgit v1.2.3