Pass low level DSA objects to the default provider

author Matt Caswell <matt@openssl.org>

Fri, 6 Feb 2026 14:57:43 +0000 (14:57 +0000)

committer Tomas Mraz <tomas@openssl.org>

Fri, 13 Feb 2026 07:57:58 +0000 (08:57 +0100)
author Matt Caswell <matt@openssl.org>
Fri, 6 Feb 2026 14:57:43 +0000 (14:57 +0000)
committer Tomas Mraz <tomas@openssl.org>
Fri, 13 Feb 2026 07:57:58 +0000 (08:57 +0100)
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c

index 01d5d8e3c1ab2b4422b4f00e6bacd50433cb8970..7b7c3f7e2ef7cb3eeebeb4c94a348a6237b431bd 100644 (file)
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -223,6 +223,11 @@ int DSA_up_ref(DSA *r)
      return ((i > 1) ? 1 : 0);
  }
  
+OSSL_LIB_CTX *ossl_dsa_get0_libctx(const DSA *d)
+{
+    return d->libctx;
+}
+
  void ossl_dsa_set0_libctx(DSA *d, OSSL_LIB_CTX *libctx)
  {
      d->libctx = libctx;
diff --git a/include/crypto/dsa.h b/include/crypto/dsa.h

index 73a61e7a88baa7b9d3a09be2b29289cec26e67c9..fa571a610b7e540f9b801de0b18279f0037ec304 100644 (file)
--- a/include/crypto/dsa.h
+++ b/include/crypto/dsa.h
@@ -25,6 +25,7 @@
  #define DSA_PARAMGEN_TYPE_FIPS_DEFAULT 2
  
  DSA *ossl_dsa_new(OSSL_LIB_CTX *libctx);
+OSSL_LIB_CTX *ossl_dsa_get0_libctx(const DSA *d);
  void ossl_dsa_set0_libctx(DSA *d, OSSL_LIB_CTX *libctx);
  
  int ossl_dsa_generate_ffc_parameters(DSA *dsa, int type, int pbits, int qbits,
diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c

index b3cc76a89dd152767c981b64f656f8f266f7ebe7..d2d4abf105ab5ff7b9d672fdf3f2aef697050cee 100644 (file)
--- a/providers/implementations/keymgmt/dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/dsa_kmgmt.c
@@ -26,6 +26,7 @@
  #include "internal/sizes.h"
  #include "internal/nelem.h"
  #include "internal/param_build_set.h"
+#include "internal/threads_common.h"
  
  static OSSL_FUNC_keymgmt_new_fn dsa_newdata;
  static OSSL_FUNC_keymgmt_free_fn dsa_freedata;
@@ -121,9 +122,33 @@ static int dsa_key_todata(DSA *dsa, OSSL_PARAM_BLD *bld, OSSL_PARAM *pubkey,
  
  static void *dsa_newdata(void *provctx)
  {
+    DSA *dsa = NULL;
+    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx);
+
      if (!ossl_prov_is_running())
          return NULL;
-    return ossl_dsa_new(PROV_LIBCTX_OF(provctx));
+
+#ifndef FIPS_MODULE
+    /*
+     * This only works because we are in the default provider. We are not
+     * normally allowed to pass complex objects across the provider boundary
+     * like this.
+     */
+    dsa = CRYPTO_THREAD_get_local_ex(CRYPTO_THREAD_LOCAL_LOW_LEVEL_OBJECT, libctx);
+    if (dsa != NULL) {
+        if (ossl_lib_ctx_get_concrete(ossl_dsa_get0_libctx(dsa)) != ossl_lib_ctx_get_concrete(libctx))
+            dsa = NULL;
+        else if (!DSA_up_ref(dsa))
+            return NULL;
+    }
+    if (dsa != NULL && !DSA_up_ref(dsa))
+        return NULL;
+#endif
+
+    if (dsa == NULL)
+        dsa = ossl_dsa_new(libctx);
+
+    return dsa;
  }
  
  static void dsa_freedata(void *keydata)
author	Matt Caswell <matt@openssl.org>
	Fri, 6 Feb 2026 14:57:43 +0000 (14:57 +0000)
committer	Tomas Mraz <tomas@openssl.org>
	Fri, 13 Feb 2026 07:57:58 +0000 (08:57 +0100)
crypto/dsa/dsa_lib.c		patch \| blob \| blame \| history
include/crypto/dsa.h		patch \| blob \| blame \| history
providers/implementations/keymgmt/dsa_kmgmt.c		patch \| blob \| blame \| history