Add CCryptoKeyBase_RawBuffer::EnsureRawDataPtrAvailable

zpostfacto · zpostfacto · commit 0a42a43bc164 · 2022-06-08T10:59:36.000-07:00
Remove asserts in OpenSSL EVP implemtnation of CEC25519KeyBase::Wipe.  We
might have a raw copy, and that's OK.

(This change was needed to fix some bugs in code that is not part of the
opensource code.)

P4:7307240
diff --git a/src/common/crypto_25519_openssl.cpp b/src/common/crypto_25519_openssl.cpp
@@ -71,12 +71,14 @@ uint32 CEC25519KeyBase::GetRawData( void *pData ) const
 
 void CEC25519KeyBase::Wipe()
 {
-	// We should never be using the raw buffer
-	Assert( CCryptoKeyBase_RawBuffer::m_pData == nullptr );
-	Assert( CCryptoKeyBase_RawBuffer::m_cbData == 0 );
+	if ( m_evp_pkey )
+	{
+		EVP_PKEY_free( (EVP_PKEY*)m_evp_pkey );
+		m_evp_pkey = nullptr;
+	}
 
-	EVP_PKEY_free( (EVP_PKEY*)m_evp_pkey );
-	m_evp_pkey = nullptr;
+	// Wipe raw buffer if we kept a separate copy
+	CCryptoKeyBase_RawBuffer::Wipe();
 }
 
 bool CEC25519KeyBase::SetRawData( const void *pData, size_t cbData )
diff --git a/src/common/keypair.cpp b/src/common/keypair.cpp
@@ -457,6 +457,26 @@ void CCryptoKeyBase_RawBuffer::InternalWipeRawDataBuffer()
 	m_cbData = 0;
 }
 
+bool CCryptoKeyBase_RawBuffer::EnsureRawDataPtrAvailable()
+{
+	if ( !m_pData )
+	{
+		uint32 cbData = GetRawData(nullptr);
+		if ( cbData == 0 )
+			return false;
+		m_pData = (uint8*)malloc( cbData );
+		if ( !m_pData )
+			return false;
+		m_cbData = cbData;
+		if ( GetRawData( m_pData ) != cbData )
+		{
+			InternalWipeRawDataBuffer();
+			return false;
+		}
+	}
+	return true;
+}
+
 //-----------------------------------------------------------------------------
 // CEC25519PrivateKeyBase
 //-----------------------------------------------------------------------------
diff --git a/src/common/keypair.h b/src/common/keypair.h
@@ -120,9 +120,17 @@ class CCryptoKeyBase_RawBuffer : public CCryptoKeyBase
 	virtual uint32 GetRawData( void *pData ) const override;
 	virtual void Wipe() override;
 
+	// Access the raw data.  This might not be available, depending on the crypto
+	// implementation!  Avoid using this except for very specialized situations.
+	// Instead, prefer the base class functions such as GetRawData, BMatchesRawData, etc
 	const uint8 *GetRawDataPtr() const { return m_pData; }
 	uint32 GetRawDataSize() const { return m_cbData; }
 
+	// Make sure that we can call GetRawDataPtr(), perhaps making a copy
+	// of the key from the crypto provider into our local buffer if necessary.
+	// Returns false if the key is invalid or we fail to alloc memory.
+	bool EnsureRawDataPtrAvailable();
+
 #ifdef DBGFLAG_VALIDATE
 	virtual void Validate( CValidator &validator, const char *pchName ) const;		// Validate our internal structures
 #endif // DBGFLAG_VALIDATE
