Don't add the msblob/pvk decoders if they're not suitable

msblob only decodes public/private keys (not just params). pvk only decodes private keys. If the requested selection doesn't intersect with the above then don't consider those decoders. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21603)
2025-02-17 14:32:04 +08:00 · 2023-07-31 12:28:37 +01:00 · 2023-07-31 12:28:37 +01:00 · 6207f2b657
commit 6207f2b657
parent 780ce3849f
2 changed files with 27 additions and 0 deletions
--- a/providers/implementations/encode_decode/decode_msblob2key.c
+++ b/providers/implementations/encode_decode/decode_msblob2key.c
@ -79,6 +79,18 @@ static void msblob2key_freectx(void *vctx)
    OPENSSL_free(ctx);
 }

+static int msblob2key_does_selection(void *provctx, int selection)
+{
+    if (selection == 0)
+        return 1;
+
+    if ((selection & (OSSL_KEYMGMT_SELECT_PRIVATE_KEY
+                      | OSSL_KEYMGMT_SELECT_PUBLIC_KEY))  != 0)
+        return 1;
+
+    return 0;
+}
+
 static int msblob2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
                             OSSL_CALLBACK *data_cb, void *data_cbarg,
                             OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
@ -258,6 +270,8 @@ static void rsa_adjust(void *key, struct msblob2key_ctx_st *ctx)
          (void (*)(void))msblob2##keytype##_newctx },                  \
        { OSSL_FUNC_DECODER_FREECTX,                                    \
          (void (*)(void))msblob2key_freectx },                         \
+        { OSSL_FUNC_DECODER_DOES_SELECTION,                             \
+          (void (*)(void))msblob2key_does_selection },                  \
        { OSSL_FUNC_DECODER_DECODE,                                     \
          (void (*)(void))msblob2key_decode },                          \
        { OSSL_FUNC_DECODER_EXPORT_OBJECT,                              \
--- a/providers/implementations/encode_decode/decode_pvk2key.c
+++ b/providers/implementations/encode_decode/decode_pvk2key.c
@ -79,6 +79,17 @@ static void pvk2key_freectx(void *vctx)
    OPENSSL_free(ctx);
 }

+static int pvk2key_does_selection(void *provctx, int selection)
+{
+    if (selection == 0)
+        return 1;
+
+    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY)  != 0)
+        return 1;
+
+    return 0;
+}
+
 static int pvk2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
                         OSSL_CALLBACK *data_cb, void *data_cbarg,
                         OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
@ -226,6 +237,8 @@ static void rsa_adjust(void *key, struct pvk2key_ctx_st *ctx)
          (void (*)(void))pvk2##keytype##_newctx },                     \
        { OSSL_FUNC_DECODER_FREECTX,                                    \
          (void (*)(void))pvk2key_freectx },                            \
+        { OSSL_FUNC_DECODER_DOES_SELECTION,                             \
+          (void (*)(void))pvk2key_does_selection },                     \
        { OSSL_FUNC_DECODER_DECODE,                                     \
          (void (*)(void))pvk2key_decode },                             \
        { OSSL_FUNC_DECODER_EXPORT_OBJECT,                              \