mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

DECODER & ENCODER: Make sure to pass around the original selection bits

Browse Source 
When decoding a key and asking the keymgmt to import the key data, it
was told that the key data includes everything.  This may not be true,
since the user may have specified a different selection, and some
keymgmts may want to be informed.

Our key decoders' export function, on the other hand, didn't care
either, and simply export anything they could, regardless.

In both cases, the selection that was specified by the user is now
passed all the way.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15934)
This commit is contained in:
Richard Levitte 2021-06-28 05:52:42 +02:00
parent 6eaf139f62
commit 398f8fe1c4
4 changed files with 19 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/encode_decode/decoder_pkey.c
View File

@ -57,6 +57,7 @@ DEFINE_STACK_OF(EVP_KEYMGMT)
struct decoder_pkey_data_st {
OSSL_LIB_CTX *libctx;
char *propq;
int selection;
STACK_OF(EVP_KEYMGMT) *keymgmts;
char *object_type; /* recorded object data type, may be NULL */
@ -150,7 +151,7 @@ static int decoder_construct_pkey(OSSL_DECODER_INSTANCE *decoder_inst,
import_data.keymgmt = keymgmt;
import_data.keydata = NULL;
import_data.selection = OSSL_KEYMGMT_SELECT_ALL;
import_data.selection = data->selection;
/*
* No need to check for errors here, the value of
@ -375,6 +376,7 @@ int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx,
process_data->object = (void **)pkey;
process_data->libctx = libctx;
process_data->selection = ctx->selection;
/* First, find all keymgmts to form goals */
EVP_KEYMGMT_do_all_provided(libctx, collect_keymgmt,

13
providers/implementations/encode_decode/decode_der2key.c
View File

@ -89,6 +89,8 @@ struct keytype_desc_st {
struct der2key_ctx_st {
PROV_CTX *provctx;
const struct keytype_desc_st *desc;
/* The selection that is passed to der2key_decode() */
int selection;
/* Flag used to signal that a failure is fatal */
unsigned int flag_fatal : 1;
};
@ -180,9 +182,9 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
const unsigned char *derp;
long der_len = 0;
void *key = NULL;
int orig_selection = selection;
int ok = 0;
ctx->selection = selection;
/*
* The caller is allowed to specify 0 as a selection mark, to have the
* structure and key type guessed. For type-specific structures, this
@ -213,7 +215,7 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
} else if (ctx->desc->d2i_private_key != NULL) {
key = ctx->desc->d2i_private_key(NULL, &derp, der_len);
}
if (key == NULL && orig_selection != 0)
if (key == NULL && ctx->selection != 0)
goto next;
}
if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
@ -222,14 +224,14 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len);
else
key = ctx->desc->d2i_public_key(NULL, &derp, der_len);
if (key == NULL && orig_selection != 0)
if (key == NULL && ctx->selection != 0)
goto next;
}
if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {
derp = der;
if (ctx->desc->d2i_key_params != NULL)
key = ctx->desc->d2i_key_params(NULL, &derp, der_len);
if (key == NULL && orig_selection != 0)
if (key == NULL && ctx->selection != 0)
goto next;
}
@ -304,8 +306,7 @@ static int der2key_export_object(void *vctx,
/* The contents of the reference is the address to our object */
keydata = *(void **)reference;
return export(keydata, OSSL_KEYMGMT_SELECT_ALL,
export_cb, export_cbarg);
return export(keydata, ctx->selection, export_cb, export_cbarg);
}
return 0;
}

6
providers/implementations/encode_decode/decode_msblob2key.c
View File

@ -56,6 +56,8 @@ static OSSL_FUNC_decoder_export_object_fn msblob2key_export_object;
struct msblob2key_ctx_st {
PROV_CTX *provctx;
const struct keytype_desc_st *desc;
/* The selection that is passed to msblob2key_decode() */
int selection;
};
static struct msblob2key_ctx_st *
@ -102,6 +104,7 @@ static int msblob2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
if (!ok)
goto next;
ctx->selection = selection;
ok = 0; /* Assume that we fail */
if ((isdss && ctx->desc->type != EVP_PKEY_DSA)
@ -208,8 +211,7 @@ msblob2key_export_object(void *vctx,
/* The contents of the reference is the address to our object */
keydata = *(void **)reference;
return export(keydata, OSSL_KEYMGMT_SELECT_ALL,
export_cb, export_cbarg);
return export(keydata, ctx->selection, export_cb, export_cbarg);
}
return 0;
}

7
providers/implementations/encode_decode/decode_pvk2key.c
View File

@ -56,6 +56,8 @@ static OSSL_FUNC_decoder_export_object_fn pvk2key_export_object;
struct pvk2key_ctx_st {
PROV_CTX *provctx;
const struct keytype_desc_st *desc;
/* The selection that is passed to der2key_decode() */
int selection;
};
static struct pvk2key_ctx_st *
@ -86,6 +88,8 @@ static int pvk2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
void *key = NULL;
int ok = 0;
ctx->selection = selection;
if ((selection == 0
|| (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
&& ctx->desc->read_private_key != NULL) {
@ -175,8 +179,7 @@ static int pvk2key_export_object(void *vctx,
/* The contents of the reference is the address to our object */
keydata = *(void **)reference;
return export(keydata, OSSL_KEYMGMT_SELECT_ALL,
export_cb, export_cbarg);
return export(keydata, ctx->selection, export_cb, export_cbarg);
}
return 0;
}