diff options
author | Matt Caswell <matt@openssl.org> | 2020-04-10 18:27:11 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-04-15 11:31:39 +0100 |
commit | e395ba223d45ead1bafe05bb8c4e19fdbc201bd0 (patch) | |
tree | aca5733d9259519f20606796ff6fd1f50ce4c68e /providers | |
parent | 137b274aee0cd96d64fd68cd393717d6a69ec005 (diff) | |
download | openssl-e395ba223d45ead1bafe05bb8c4e19fdbc201bd0.zip openssl-e395ba223d45ead1bafe05bb8c4e19fdbc201bd0.tar.gz openssl-e395ba223d45ead1bafe05bb8c4e19fdbc201bd0.tar.bz2 |
When calling EC_POINT_point2buf we must use a libctx
In a similar way to commit 76e23fc5 we must ensure that we use a libctx
whenever we call EC_POINT_point2buf because it can end up using crypto
algorithms.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11535)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/keymgmt/ec_kmgmt.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index 0e310ec..467004c 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -116,6 +116,7 @@ int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl, const EC_GROUP *ecg = NULL; size_t pub_key_len = 0; int ret = 0; + BN_CTX *bnctx = NULL; if (eckey == NULL || (ecg = EC_KEY_get0_group(eckey)) == NULL) @@ -125,10 +126,18 @@ int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl, pub_point = EC_KEY_get0_public_key(eckey); if (pub_point != NULL) { + /* + * EC_POINT_point2buf() can generate random numbers in some + * implementations so we need to ensure we use the correct libctx. + */ + bnctx = BN_CTX_new_ex(ec_key_get_libctx(eckey)); + if (bnctx == NULL) + goto err; + /* convert pub_point to a octet string according to the SECG standard */ if ((pub_key_len = EC_POINT_point2buf(ecg, pub_point, POINT_CONVERSION_COMPRESSED, - pub_key, NULL)) == 0 + pub_key, bnctx)) == 0 || !ossl_param_build_set_octet_string(tmpl, params, OSSL_PKEY_PARAM_PUB_KEY, *pub_key, pub_key_len)) @@ -184,6 +193,7 @@ int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl, } ret = 1; err: + BN_CTX_free(bnctx); return ret; } |