From 4547a71930a27fca9ae62c38962d6dc67ee0b4bf Mon Sep 17 00:00:00 2001 From: Pauli Date: Mon, 17 May 2021 12:18:53 +1000 Subject: [PATCH] seal: make EVP_SealInit() library context aware Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/15300) --- crypto/evp/p_seal.c | 12 +++++++++--- test/evp_extra_test.c | 18 ++++++++++++++---- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c index 9371d110e9a..76d3278b8cb 100644 --- a/crypto/evp/p_seal.c +++ b/crypto/evp/p_seal.c @@ -9,6 +9,7 @@ #include #include "internal/cryptlib.h" +#include "internal/provider.h" #include #include #include @@ -20,6 +21,9 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, EVP_PKEY **pubk, int npubk) { unsigned char key[EVP_MAX_KEY_LENGTH]; + const OSSL_PROVIDER *prov = EVP_CIPHER_provider(type); + OSSL_LIB_CTX *libctx = prov != NULL ? ossl_provider_libctx(prov) : NULL; + EVP_PKEY_CTX *pctx = NULL; int i, len; int rv = 0; @@ -35,7 +39,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, return 0; len = EVP_CIPHER_CTX_iv_length(ctx); - if (len < 0 || RAND_bytes(iv, len) <= 0) + if (len < 0 || RAND_priv_bytes_ex(libctx, iv, len) <= 0) goto err; len = EVP_CIPHER_CTX_key_length(ctx); @@ -47,9 +51,9 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, for (i = 0; i < npubk; i++) { size_t keylen = len; - EVP_PKEY_CTX *pctx = NULL; - if ((pctx = EVP_PKEY_CTX_new(pubk[i], NULL)) == NULL) { + pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pubk[i], NULL); + if (pctx == NULL) { ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); goto err; } @@ -60,8 +64,10 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ekl[i] = (int)keylen; EVP_PKEY_CTX_free(pctx); } + pctx = NULL; rv = npubk; err: + EVP_PKEY_CTX_free(pctx); OPENSSL_cleanse(key, sizeof(key)); return rv; } diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 56522e4af9e..10ab4bfc9e6 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -818,7 +818,11 @@ static int test_EC_priv_only_legacy(void) # endif /* OPENSSL_NO_DEPRECATED_3_0 */ #endif /* OPENSSL_NO_EC */ -static int test_EVP_Enveloped(void) +/* + * n = 0 => test using legacy cipher + * n = 1 => test using fetched cipher + */ +static int test_EVP_Enveloped(int n) { int ret = 0; EVP_CIPHER_CTX *ctx = NULL; @@ -828,12 +832,16 @@ static int test_EVP_Enveloped(void) static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 }; int len, kek_len, ciphertext_len, plaintext_len; unsigned char ciphertext[32], plaintext[16]; - const EVP_CIPHER *type = NULL; + EVP_CIPHER *type = NULL; if (nullprov != NULL) return TEST_skip("Test does not support a non-default library context"); - type = EVP_aes_256_cbc(); + if (n == 0) + type = (EVP_CIPHER *)EVP_aes_256_cbc(); + else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC", + testpropq))) + goto err; if (!TEST_ptr(keypair = load_example_rsa_key()) || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair))) @@ -860,6 +868,8 @@ static int test_EVP_Enveloped(void) ret = 1; err: + if (n != 0) + EVP_CIPHER_free(type); OPENSSL_free(kek); EVP_PKEY_free(keypair); EVP_CIPHER_CTX_free(ctx); @@ -2925,7 +2935,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_EVP_DigestSignInit, 9); ADD_TEST(test_EVP_DigestVerifyInit); ADD_TEST(test_EVP_Digest); - ADD_TEST(test_EVP_Enveloped); + ADD_ALL_TESTS(test_EVP_Enveloped, 2); ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); ADD_TEST(test_privatekey_to_pkcs8); ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag); -- 2.47.3