From ff1f7cdeb159e89ce305422b6e2a7e4002d825ab Mon Sep 17 00:00:00 2001
From: Aaron Thompson <dev@aaront.org>
Date: Tue, 7 Apr 2020 00:18:09 +0000
Subject: Add ex_data to EVP_PKEY.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11515)
---
 crypto/evp/p_lib.c                   | 27 +++++++++++++++++++++++++--
 doc/man3/BIO_get_ex_new_index.pod    |  1 +
 doc/man3/CRYPTO_get_ex_new_index.pod |  1 +
 include/crypto/evp.h                 |  3 +++
 include/openssl/crypto.h             |  3 ++-
 include/openssl/evp.h                |  5 +++++
 util/libcrypto.num                   |  2 ++
 7 files changed, 39 insertions(+), 3 deletions(-)

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 85b5cc8127..c1a8a8804d 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -96,6 +96,16 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
     return 0;
 }
 
+int EVP_PKEY_set_ex_data(EVP_PKEY *key, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&key->ex_data, idx, arg);
+}
+
+void *EVP_PKEY_get_ex_data(const EVP_PKEY *key, int idx)
+{
+    return CRYPTO_get_ex_data(&key->ex_data, idx);
+}
+
 int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
 {
     /*
@@ -1090,10 +1100,20 @@ EVP_PKEY *EVP_PKEY_new(void)
     ret->lock = CRYPTO_THREAD_lock_new();
     if (ret->lock == NULL) {
         EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
-        OPENSSL_free(ret);
-        return NULL;
+        goto err;
+    }
+#ifndef FIPS_MODE
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EVP_PKEY, ret, &ret->ex_data)) {
+        EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
     }
+#endif
     return ret;
+
+ err:
+    CRYPTO_THREAD_lock_free(ret->lock);
+    OPENSSL_free(ret);
+    return NULL;
 }
 
 /*
@@ -1328,6 +1348,9 @@ void EVP_PKEY_free(EVP_PKEY *x)
         return;
     REF_ASSERT_ISNT(i < 0);
     evp_pkey_free_it(x);
+#ifndef FIPS_MODE
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EVP_PKEY, x, &x->ex_data);
+#endif
     CRYPTO_THREAD_lock_free(x->lock);
 #ifndef FIPS_MODE
     sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
diff --git a/doc/man3/BIO_get_ex_new_index.pod b/doc/man3/BIO_get_ex_new_index.pod
index 71de3e6848..365c08405a 100644
--- a/doc/man3/BIO_get_ex_new_index.pod
+++ b/doc/man3/BIO_get_ex_new_index.pod
@@ -9,6 +9,7 @@ DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data,
 ECDH_get_ex_new_index, ECDH_set_ex_data, ECDH_get_ex_data,
 EC_KEY_get_ex_new_index, EC_KEY_set_ex_data, EC_KEY_get_ex_data,
 ENGINE_get_ex_new_index, ENGINE_set_ex_data, ENGINE_get_ex_data,
+EVP_PKEY_get_ex_new_index, EVP_PKEY_set_ex_data, EVP_PKEY_get_ex_data,
 RAND_DRBG_set_ex_data, RAND_DRBG_get_ex_data, RAND_DRBG_get_ex_new_index,
 RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data,
 RSA_set_app_data, RSA_get_app_data,
diff --git a/doc/man3/CRYPTO_get_ex_new_index.pod b/doc/man3/CRYPTO_get_ex_new_index.pod
index d8cecccdb1..10f7feb5cd 100644
--- a/doc/man3/CRYPTO_get_ex_new_index.pod
+++ b/doc/man3/CRYPTO_get_ex_new_index.pod
@@ -49,6 +49,7 @@ The specific structures are:
     DSA
     EC_KEY
     ENGINE
+    EVP_PKEY
     RAND_DRBG
     RSA
     SSL
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 63b6dad9c6..8acbc6a73e 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -557,6 +557,9 @@ struct evp_pkey_st {
     CRYPTO_RWLOCK *lock;
     STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
     int save_parameters;
+#ifndef FIPS_MODE
+    CRYPTO_EX_DATA ex_data;
+#endif
 
     /* == Provider attributes == */
 
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index 3508144b4a..c184d847f8 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -192,7 +192,8 @@ DEFINE_STACK_OF(void)
 # define CRYPTO_EX_INDEX_RAND_DRBG       15
 # define CRYPTO_EX_INDEX_DRBG            CRYPTO_EX_INDEX_RAND_DRBG
 # define CRYPTO_EX_INDEX_OPENSSL_CTX     16
-# define CRYPTO_EX_INDEX__COUNT          17
+# define CRYPTO_EX_INDEX_EVP_PKEY        17
+# define CRYPTO_EX_INDEX__COUNT          18
 
 typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
                            int idx, long argl, void *argp);
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index a14e899202..3945e43fac 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1616,6 +1616,11 @@ int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx);
 
+# define EVP_PKEY_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EVP_PKEY, l, p, newf, dupf, freef)
+int EVP_PKEY_set_ex_data(EVP_PKEY *key, int idx, void *arg);
+void *EVP_PKEY_get_ex_data(const EVP_PKEY *key, int idx);
+
 void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
 EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
 
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 71d08750be..983c74a6bf 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5045,3 +5045,5 @@ CT_POLICY_EVAL_CTX_new_with_libctx      ?	3_0_0	EXIST::FUNCTION:CT
 CTLOG_new_with_libctx                   ?	3_0_0	EXIST::FUNCTION:CT
 CTLOG_new_from_base64_with_libctx       ?	3_0_0	EXIST::FUNCTION:CT
 CTLOG_STORE_new_with_libctx             ?	3_0_0	EXIST::FUNCTION:CT
+EVP_PKEY_set_ex_data                    ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_ex_data                    ?	3_0_0	EXIST::FUNCTION:
-- 
cgit v1.2.3