From: Richard Levitte <levitte@openssl.org>
Date: Thu, 4 Jun 2020 18:05:26 +0000 (+0200)
Subject: EVP: Let EVP_PKEY_gen() initialize ctx->keygen_info
X-Git-Tag: openssl-3.0.0-alpha4~151
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=4ec1463d71db6324abe9c91d2ed9aa1e136c9cb3

EVP: Let EVP_PKEY_gen() initialize ctx->keygen_info

In EVP_PKEY_METHOD code, the backend initializes ctx->keygen_info.
With provider side code, it's not possible to reach back into the
EVP_PKEY_CTX in the same manner, so we need to make that
initialization in the central generation function, EVP_PKEY_gen().

This isn't quite compatible with the idea that keygen_info could have
an arbitrary amount of elements, but since all our legacy backends use
exactly two elements, that's what we go for.

Fixes #12047

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12048)
---

diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index fb861d2487..411f270b49 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -144,6 +144,8 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
     int ret = 0;
     OSSL_CALLBACK cb;
     EVP_PKEY *allocated_pkey = NULL;
+    /* Legacy compatible keygen callback info, only used with provider impls */
+    int gentmp[2];
 
     if (ppkey == NULL)
         return -1;
@@ -165,6 +167,18 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
     if (ctx->op.keymgmt.genctx == NULL)
         goto legacy;
 
+    /*
+     * Asssigning gentmp to ctx->keygen_info is something our legacy
+     * implementations do.  Because the provider implementations aren't
+     * allowed to reach into our EVP_PKEY_CTX, we need to provide similar
+     * space for backward compatibility.  It's ok that we attach a local
+     * variable, as it should only be useful in the calls down from here.
+     * This is cleared as soon as it isn't useful any more, i.e. directly
+     * after the evp_keymgmt_util_gen() call.
+     */
+    ctx->keygen_info = gentmp;
+    ctx->keygen_info_count = 2;
+
     ret = 1;
     if (ctx->pkey != NULL) {
         EVP_KEYMGMT *tmp_keymgmt = ctx->keymgmt;
@@ -191,6 +205,8 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
                                  ossl_callback_to_pkey_gencb, ctx)
             != NULL);
 
+    ctx->keygen_info = NULL;
+
 #ifndef FIPS_MODULE
     /* In case |*ppkey| was originally a legacy key */
     if (ret)