Include use of loaded 'libctx' context in KEM and SIG procedures (#557)…

… (#614)

* Include use of loaded 'libctx' context in KEM and SIG procedures (#557)

Signed-off-by: RodriM11 <62776780+RodriM11@users.noreply.github.com>

* better error checks oqs_test_libctx MSVC

Signed-off-by: RodriM11 <62776780+RodriM11@users.noreply.github.com>

---------

Signed-off-by: RodriM11 <62776780+RodriM11@users.noreply.github.com>

oqs-template/generate.py

@@ -247,7 +247,7 @@ def load_config(include_disabled_sigs=False):
 populate('oqsprov/oqs_decode_der2key.c', config, '/////')
 populate('oqsprov/oqsprov_keys.c', config, '/////')
 populate('scripts/common.py', config, '#####')
-populate('test/oqs_test_evp_pkey_params.c', config, '/////')
+populate('test/test_common.c', config, '/////')
 
 config2 = load_config(include_disabled_sigs=True)
 config2 = complete_config(config2)

oqsprov/oqs_hyb_kem.c

@@ -19,6 +19,7 @@ static int oqs_evp_kem_encaps_keyslot(void *vpkemctx, unsigned char *ct,
 
     const PROV_OQSKEM_CTX *pkemctx = (PROV_OQSKEM_CTX *)vpkemctx;
     const OQSX_EVP_CTX *evp_ctx = pkemctx->kem->oqsx_provider_ctx.oqsx_evp_ctx;
+    OSSL_LIB_CTX *libctx = pkemctx->libctx;
 
     size_t pubkey_kexlen = 0;
     size_t kexDeriveLen = 0, pkeylen = 0;
@@ -51,7 +52,7 @@ static int oqs_evp_kem_encaps_keyslot(void *vpkemctx, unsigned char *ct,
     ret2 = EVP_PKEY_set1_encoded_public_key(peerpk, pubkey_kex, pubkey_kexlen);
     ON_ERR_SET_GOTO(ret2 <= 0, ret, -1, err);
 
-    kgctx = EVP_PKEY_CTX_new(evp_ctx->keyParam, NULL);
+    kgctx = EVP_PKEY_CTX_new_from_pkey(libctx, evp_ctx->keyParam, NULL);
     ON_ERR_SET_GOTO(!kgctx, ret, -1, err);
 
     ret2 = EVP_PKEY_keygen_init(kgctx);
@@ -60,7 +61,7 @@ static int oqs_evp_kem_encaps_keyslot(void *vpkemctx, unsigned char *ct,
     ret2 = EVP_PKEY_keygen(kgctx, &pkey);
     ON_ERR_SET_GOTO(ret2 != 1, ret, -1, err);
 
-    ctx = EVP_PKEY_CTX_new(pkey, NULL);
+    ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
     ON_ERR_SET_GOTO(!ctx, ret, -1, err);
 
     ret = EVP_PKEY_derive_init(ctx);
@@ -96,6 +97,7 @@ static int oqs_evp_kem_decaps_keyslot(void *vpkemctx, unsigned char *secret,
     int ret = OQS_SUCCESS, ret2 = 0;
     const PROV_OQSKEM_CTX *pkemctx = (PROV_OQSKEM_CTX *)vpkemctx;
     const OQSX_EVP_CTX *evp_ctx = pkemctx->kem->oqsx_provider_ctx.oqsx_evp_ctx;
+    OSSL_LIB_CTX *libctx = pkemctx->libctx;
 
     size_t pubkey_kexlen = evp_ctx->evp_info->length_public_key;
     size_t kexDeriveLen = evp_ctx->evp_info->kex_length_secret;
@@ -111,12 +113,14 @@ static int oqs_evp_kem_decaps_keyslot(void *vpkemctx, unsigned char *secret,
         return 1;
 
     if (evp_ctx->evp_info->raw_key_support) {
-        pkey = EVP_PKEY_new_raw_private_key(evp_ctx->evp_info->keytype, NULL,
-                                            privkey_kex, privkey_kexlen);
+        pkey = EVP_PKEY_new_raw_private_key_ex(
+            libctx, OBJ_nid2sn(evp_ctx->evp_info->keytype), NULL, privkey_kex,
+            privkey_kexlen);
         ON_ERR_SET_GOTO(!pkey, ret, -10, err);
     } else {
-        pkey = d2i_AutoPrivateKey(&pkey, (const unsigned char **)&privkey_kex,
-                                  privkey_kexlen);
+        pkey =
+            d2i_AutoPrivateKey_ex(&pkey, (const unsigned char **)&privkey_kex,
+                                  privkey_kexlen, libctx, NULL);
         ON_ERR_SET_GOTO(!pkey, ret, -2, err);
     }
 
@@ -129,7 +133,7 @@ static int oqs_evp_kem_decaps_keyslot(void *vpkemctx, unsigned char *secret,
     ret2 = EVP_PKEY_set1_encoded_public_key(peerpkey, ct, pubkey_kexlen);
     ON_ERR_SET_GOTO(ret2 <= 0 || !peerpkey, ret, -5, err);
 
-    ctx = EVP_PKEY_CTX_new(pkey, NULL);
+    ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
     ON_ERR_SET_GOTO(!ctx, ret, -6, err);
 
     ret = EVP_PKEY_derive_init(ctx);

oqsprov/oqs_sig.c

@@ -330,6 +330,7 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen,
     PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx;
     OQSX_KEY *oqsxkey = poqs_sigctx->sig;
     OQS_SIG *oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig;
+    OSSL_LIB_CTX *libctx = poqs_sigctx->libctx;
     EVP_PKEY *oqs_key_classic = NULL;
     EVP_PKEY *cmp_key_classic = NULL;
     EVP_PKEY *evpkey = oqsxkey->classical_pkey;
@@ -373,7 +374,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen,
     }
 
     if (is_hybrid) {
-        if ((classical_ctx_sign = EVP_PKEY_CTX_new(evpkey, NULL)) == NULL ||
+        if ((classical_ctx_sign =
+                 EVP_PKEY_CTX_new_from_pkey(libctx, evpkey, NULL)) == NULL ||
             EVP_PKEY_sign_init(classical_ctx_sign) <= 0) {
             ERR_raise(ERR_LIB_USER, ERR_R_FATAL);
             goto endsign;
@@ -551,8 +553,9 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen,
 
                 if (name[0] == 'e') { // ed25519 or ed448
                     EVP_MD_CTX *evp_ctx = EVP_MD_CTX_new();
-                    if ((EVP_DigestSignInit(evp_ctx, NULL, NULL, NULL,
-                                            oqs_key_classic) <= 0) ||
+                    if ((EVP_DigestSignInit_ex(evp_ctx, NULL, NULL, libctx,
+                                               NULL, oqs_key_classic,
+                                               NULL) <= 0) ||
                         (EVP_DigestSign(evp_ctx, buf, &oqs_sig_len,
                                         (const unsigned char *)final_tbs,
                                         final_tbslen) <= 0)) {
@@ -566,8 +569,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen,
                     }
                     EVP_MD_CTX_free(evp_ctx);
                 } else {
-                    if ((classical_ctx_sign =
-                             EVP_PKEY_CTX_new(oqs_key_classic, NULL)) == NULL ||
+                    if ((classical_ctx_sign = EVP_PKEY_CTX_new_from_pkey(
+                             libctx, oqs_key_classic, NULL)) == NULL ||
                         (EVP_PKEY_sign_init(classical_ctx_sign) <= 0)) {
                         ERR_raise(ERR_LIB_USER, ERR_R_FATAL);
                         CompositeSignature_free(compsig);
@@ -711,6 +714,7 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig,
     PROV_OQSSIG_CTX *poqs_sigctx = (PROV_OQSSIG_CTX *)vpoqs_sigctx;
     OQSX_KEY *oqsxkey = poqs_sigctx->sig;
     OQS_SIG *oqs_key = poqs_sigctx->sig->oqsx_provider_ctx.oqsx_qs_ctx.sig;
+    OSSL_LIB_CTX *libctx = poqs_sigctx->libctx;
     EVP_PKEY *evpkey = oqsxkey->classical_pkey;
     EVP_PKEY_CTX *classical_ctx_sign = NULL;
     EVP_PKEY_CTX *ctx_verify = NULL;
@@ -741,8 +745,8 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig,
         size_t max_classical_sig_len =
             oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->length_signature;
 
-        if ((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->classical_pkey, NULL)) ==
-                NULL ||
+        if ((ctx_verify = EVP_PKEY_CTX_new_from_pkey(
+                 libctx, oqsxkey->classical_pkey, NULL)) == NULL ||
             EVP_PKEY_verify_init(ctx_verify) <= 0) {
             ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR);
             goto endverify;
@@ -925,8 +929,9 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig,
 
                 if (name[0] == 'e') { // ed25519 or ed448
                     EVP_MD_CTX *evp_ctx = EVP_MD_CTX_new();
-                    if ((EVP_DigestVerifyInit(evp_ctx, NULL, NULL, NULL,
-                                              oqsxkey->classical_pkey) <= 0) ||
+                    if ((EVP_DigestVerifyInit_ex(evp_ctx, NULL, NULL, libctx,
+                                                 NULL, oqsxkey->classical_pkey,
+                                                 NULL) <= 0) ||
                         (EVP_DigestVerify(evp_ctx, buf, buf_len,
                                           (const unsigned char *)final_tbs,
                                           final_tbslen) <= 0)) {
@@ -939,8 +944,9 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig,
                     }
                     EVP_MD_CTX_free(evp_ctx);
                 } else {
-                    if (((ctx_verify = EVP_PKEY_CTX_new(oqsxkey->classical_pkey,
-                                                        NULL)) == NULL) ||
+                    if (((ctx_verify = EVP_PKEY_CTX_new_from_pkey(
+                              libctx, oqsxkey->classical_pkey, NULL)) ==
+                         NULL) ||
                         (EVP_PKEY_verify_init(ctx_verify) <= 0)) {
                         ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR);
                         OPENSSL_free(name);