diff --git a/oqsprov/oqs_hyb_kem.c b/oqsprov/oqs_hyb_kem.c index 6f9c9d94..73a42290 100644 --- a/oqsprov/oqs_hyb_kem.c +++ b/oqsprov/oqs_hyb_kem.c @@ -51,7 +51,7 @@ static int oqs_evp_kem_encaps_keyslot(void *vpkemctx, unsigned char *ct, ret2 = EVP_PKEY_set1_encoded_public_key(peerpk, pubkey_kex, pubkey_kexlen); ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, err); - kgctx = EVP_PKEY_CTX_new(evp_ctx->keyParam, NULL); + kgctx = EVP_PKEY_CTX_new_from_pkey(pkemctx->libctx, evp_ctx->keyParam, NULL); ON_ERR_SET_GOTO(!kgctx, ret, -1, err); ret2 = EVP_PKEY_keygen_init(kgctx); @@ -60,7 +60,7 @@ static int oqs_evp_kem_encaps_keyslot(void *vpkemctx, unsigned char *ct, ret2 = EVP_PKEY_keygen(kgctx, &pkey); ON_ERR_SET_GOTO(ret2 != 1, ret, -1, err); - ctx = EVP_PKEY_CTX_new(pkey, NULL); + ctx = EVP_PKEY_CTX_new_from_pkey(pkemctx->libctx, pkey, NULL); ON_ERR_SET_GOTO(!ctx, ret, -1, err); ret = EVP_PKEY_derive_init(ctx); @@ -129,7 +129,7 @@ static int oqs_evp_kem_decaps_keyslot(void *vpkemctx, unsigned char *secret, ret2 = EVP_PKEY_set1_encoded_public_key(peerpkey, ct, pubkey_kexlen); ON_ERR_SET_GOTO(ret2 <= 0 || !peerpkey, ret, -5, err); - ctx = EVP_PKEY_CTX_new(pkey, NULL); + ctx = EVP_PKEY_CTX_new_from_pkey(pkemctx->libctx, pkey, NULL); ON_ERR_SET_GOTO(!ctx, ret, -6, err); ret = EVP_PKEY_derive_init(ctx); diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index b6f07a70..c769e870 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -373,7 +373,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, } if (is_hybrid) { - if ((classical_ctx_sign = EVP_PKEY_CTX_new(evpkey, NULL)) == NULL || + if ((classical_ctx_sign = EVP_PKEY_CTX_new_from_pkey(poqs_sigctx->libctx, evpkey, NULL)) == NULL || EVP_PKEY_sign_init(classical_ctx_sign) <= 0) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); goto endsign; @@ -551,8 +551,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, if (name[0] == 'e') { // ed25519 or ed448 EVP_MD_CTX *evp_ctx = EVP_MD_CTX_new(); - if ((EVP_DigestSignInit(evp_ctx, NULL, NULL, NULL, - oqs_key_classic) <= 0) || + if ((EVP_DigestSignInit_ex(evp_ctx, NULL, NULL, poqs_sigctx->libctx, NULL, + oqs_key_classic, NULL) <= 0) || (EVP_DigestSign(evp_ctx, buf, &oqs_sig_len, (const unsigned char *)final_tbs, final_tbslen) <= 0)) { @@ -567,7 +567,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, EVP_MD_CTX_free(evp_ctx); } else { if ((classical_ctx_sign = - EVP_PKEY_CTX_new(oqs_key_classic, NULL)) == NULL || + EVP_PKEY_CTX_new_from_pkey(poqs_sigctx->libctx, oqs_key_classic, NULL)) == NULL || (EVP_PKEY_sign_init(classical_ctx_sign) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); CompositeSignature_free(compsig); @@ -741,7 +741,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, size_t max_classical_sig_len = oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature; - if ((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->classical_pkey, NULL)) == + if ((ctx_verify = EVP_PKEY_CTX_new_from_pkey(poqs_sigctx->libctx, oqsxkey->classical_pkey, NULL)) == NULL || EVP_PKEY_verify_init(ctx_verify) <= 0) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); @@ -925,8 +925,8 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, if (name[0] == 'e') { // ed25519 or ed448 EVP_MD_CTX *evp_ctx = EVP_MD_CTX_new(); - if ((EVP_DigestVerifyInit(evp_ctx, NULL, NULL, NULL, - oqsxkey->classical_pkey) <= 0) || + if ((EVP_DigestVerifyInit_ex(evp_ctx, NULL, NULL, poqs_sigctx->libctx, NULL, + oqsxkey->classical_pkey, NULL) <= 0) || (EVP_DigestVerify(evp_ctx, buf, buf_len, (const unsigned char *)final_tbs, final_tbslen) <= 0)) { @@ -939,7 +939,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, } EVP_MD_CTX_free(evp_ctx); } else { - if (((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->classical_pkey, + if (((ctx_verify = EVP_PKEY_CTX_new_from_pkey(poqs_sigctx->libctx, oqsxkey->classical_pkey, NULL)) == NULL) || (EVP_PKEY_verify_init(ctx_verify) <= 0)) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 6b8bfd25..0db04ccd 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -567,7 +567,7 @@ static const OQSX_EVP_INFO nids_ecx[] = { {0, 0, 0, 0, 0, 0, 0} // 256 bit }; -static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, +static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, OSSL_LIB_CTX *libctx, char *algname) { int ret = 1; int idx = (bit_security - 128) / 64; @@ -600,12 +600,12 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, ret = EVP_PKEY_set_type(evp_ctx->keyParam, evp_ctx->evp_info->keytype); ON_ERR_SET_GOTO(ret <= 0, ret, -1, err_init); - evp_ctx->ctx = EVP_PKEY_CTX_new(evp_ctx->keyParam, NULL); + evp_ctx->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, evp_ctx->keyParam, NULL); ON_ERR_SET_GOTO(!evp_ctx->ctx, ret, -1, err_init); } else { evp_ctx->evp_info = &nids_sig[idx]; - evp_ctx->ctx = EVP_PKEY_CTX_new_id(evp_ctx->evp_info->keytype, NULL); + evp_ctx->ctx = EVP_PKEY_CTX_new_from_name(libctx, OBJ_nid2sn(evp_ctx->evp_info->keytype), NULL); ON_ERR_GOTO(!evp_ctx->ctx, err_init); if (idx < 5) { // EC @@ -631,7 +631,7 @@ static int oqsx_hybsig_init(int bit_security, OQSX_EVP_CTX *evp_ctx, return ret; } -static const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) { +static const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx, OSSL_LIB_CTX *libctx) { int ret = 1; int idx = 0; @@ -644,7 +644,7 @@ static const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) { evp_ctx->evp_info = &nids_ecp[idx]; - evp_ctx->ctx = EVP_PKEY_CTX_new_id(evp_ctx->evp_info->keytype, NULL); + evp_ctx->ctx = EVP_PKEY_CTX_new_from_name(libctx, OBJ_nid2sn(evp_ctx->evp_info->keytype), NULL); ON_ERR_GOTO(!evp_ctx->ctx, err_init_ecp); ret = EVP_PKEY_paramgen_init(evp_ctx->ctx); @@ -661,7 +661,7 @@ static const int oqshybkem_init_ecp(char *tls_name, OQSX_EVP_CTX *evp_ctx) { return ret; } -static const int oqshybkem_init_ecx(char *tls_name, OQSX_EVP_CTX *evp_ctx) { +static const int oqshybkem_init_ecx(char *tls_name, OQSX_EVP_CTX *evp_ctx, OSSL_LIB_CTX *libctx) { int ret = 1; int idx = 0; @@ -680,7 +680,7 @@ static const int oqshybkem_init_ecx(char *tls_name, OQSX_EVP_CTX *evp_ctx) { ret = EVP_PKEY_set_type(evp_ctx->keyParam, evp_ctx->evp_info->keytype); ON_ERR_SET_GOTO(ret <= 0, ret, -1, err_init_ecx); - evp_ctx->ctx = EVP_PKEY_CTX_new(evp_ctx->keyParam, NULL); + evp_ctx->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, evp_ctx->keyParam, NULL); ON_ERR_SET_GOTO(!evp_ctx->ctx, ret, -1, err_init_ecx); err_init_ecx: @@ -1419,7 +1419,7 @@ OQSX_KEY *oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, return oqsx; } -static const int (*init_kex_fun[])(char *, OQSX_EVP_CTX *) = { +static const int (*init_kex_fun[])(char *, OQSX_EVP_CTX *, OSSL_LIB_CTX *) = { oqshybkem_init_ecp, oqshybkem_init_ecx}; extern const char *oqs_oid_alg_list[]; @@ -1507,7 +1507,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, ON_ERR_GOTO(!evp_ctx, err); ret2 = - (init_kex_fun[primitive - KEY_TYPE_ECP_HYB_KEM])(tls_name, evp_ctx); + (init_kex_fun[primitive - KEY_TYPE_ECP_HYB_KEM])(tls_name, evp_ctx, libctx); ON_ERR_GOTO(ret2 <= 0 || !evp_ctx->keyParam || !evp_ctx->ctx, err); ret->numkeys = 2; @@ -1539,7 +1539,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, evp_ctx = OPENSSL_zalloc(sizeof(OQSX_EVP_CTX)); ON_ERR_GOTO(!evp_ctx, err); - ret2 = oqsx_hybsig_init(bit_security, evp_ctx, tls_name); + ret2 = oqsx_hybsig_init(bit_security, evp_ctx, libctx, tls_name); ON_ERR_GOTO(ret2 <= 0 || !evp_ctx->ctx, err); ret->numkeys = 2; @@ -1593,7 +1593,7 @@ OQSX_KEY *oqsx_key_new(OSSL_LIB_CTX *libctx, char *oqs_name, char *tls_name, evp_ctx = OPENSSL_zalloc(sizeof(OQSX_EVP_CTX)); ON_ERR_GOTO(!evp_ctx, err); - ret2 = oqsx_hybsig_init(bit_security, evp_ctx, name); + ret2 = oqsx_hybsig_init(bit_security, evp_ctx, libctx, name); ON_ERR_GOTO(ret2 <= 0 || !evp_ctx->ctx, err); ret->oqsx_provider_ctx.oqsx_evp_ctx = evp_ctx; ret->privkeylen_cmp[i] = ret->oqsx_provider_ctx.oqsx_evp_ctx @@ -1808,7 +1808,7 @@ static int oqsx_key_gen_oqs(OQSX_KEY *key, int gen_kem) { /* Generate classic keys, store length in leading SIZE_OF_UINT32 bytes of * pubkey/privkey buffers; returned EVP_PKEY must be freed if not used */ -static EVP_PKEY *oqsx_key_gen_evp_key_sig(OQSX_EVP_CTX *ctx, +static EVP_PKEY *oqsx_key_gen_evp_key_sig(OQSX_EVP_CTX *ctx, OSSL_LIB_CTX *libctx, unsigned char *pubkey, unsigned char *privkey, int encode) { int ret = 0, ret2 = 0, aux = 0; @@ -1825,9 +1825,9 @@ static EVP_PKEY *oqsx_key_gen_evp_key_sig(OQSX_EVP_CTX *ctx, } if (ctx->keyParam) - kgctx = EVP_PKEY_CTX_new(ctx->keyParam, NULL); + kgctx = EVP_PKEY_CTX_new_from_pkey(libctx, ctx->keyParam, NULL); else - kgctx = EVP_PKEY_CTX_new_id(ctx->evp_info->nid, NULL); + kgctx = EVP_PKEY_CTX_new_from_name(libctx, OBJ_nid2sn(ctx->evp_info->nid), NULL); ON_ERR_SET_GOTO(!kgctx, ret, -1, errhyb); ret2 = EVP_PKEY_keygen_init(kgctx); @@ -1923,9 +1923,9 @@ static EVP_PKEY *oqsx_key_gen_evp_key_kem(OQSX_KEY *key, unsigned char *pubkey, unsigned char *privkey_sizeenc = key->privkey; if (ctx->keyParam) - kgctx = EVP_PKEY_CTX_new(ctx->keyParam, NULL); + kgctx = EVP_PKEY_CTX_new_from_pkey(key->libctx, ctx->keyParam, NULL); else - kgctx = EVP_PKEY_CTX_new_id(ctx->evp_info->nid, NULL); + kgctx = EVP_PKEY_CTX_new_from_name(key->libctx, OBJ_nid2sn(ctx->evp_info->nid), NULL); ON_ERR_SET_GOTO(!kgctx, ret, -1, errhyb); ret2 = EVP_PKEY_keygen_init(kgctx); @@ -2009,7 +2009,7 @@ int oqsx_key_gen(OQSX_KEY *key) { ON_ERR_GOTO(ret, err_gen); ret = oqsx_key_gen_oqs(key, 1); } else if (key->keytype == KEY_TYPE_HYB_SIG) { - pkey = oqsx_key_gen_evp_key_sig(key->oqsx_provider_ctx.oqsx_evp_ctx, + pkey = oqsx_key_gen_evp_key_sig(key->oqsx_provider_ctx.oqsx_evp_ctx, key->libctx, key->pubkey, key->privkey, 1); ON_ERR_GOTO(pkey == NULL, err_gen); ret = !oqsx_key_set_composites(key, 0); @@ -2046,7 +2046,7 @@ int oqsx_key_gen(OQSX_KEY *key) { } if (get_oqsname_fromtls(name) == 0) { pkey = oqsx_key_gen_evp_key_sig( - key->oqsx_provider_ctx.oqsx_evp_ctx, key->comp_pubkey[i], + key->oqsx_provider_ctx.oqsx_evp_ctx, key->libctx, key->comp_pubkey[i], key->comp_privkey[i], 0); OPENSSL_free(name); ON_ERR_GOTO(pkey == NULL, err_gen);