[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Fri Aug 21 00:03:30 UTC 2020
The branch master has been updated
via be63e58732cedc0bbc39777d1cf7556e55f146ef (commit)
from 8ca6c6669fb6ebd4412be7e243eefdaa6b88aec6 (commit)
- Log -----------------------------------------------------------------
commit be63e58732cedc0bbc39777d1cf7556e55f146ef
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Wed Aug 19 19:38:03 2020 +1000
Fix incorrect selection flags for ec serializer.
Fixes #12630
ec_import requires domain parameters to be part of the selection.
The public and private serialisers were not selecting the correct flags so the import was failing.
Added a test that uses the base provider so that a export/import happens for serialization.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12681)
-----------------------------------------------------------------------
Summary of changes:
providers/implementations/serializers/serializer_ec_priv.c | 6 +++---
providers/implementations/serializers/serializer_ec_pub.c | 9 ++++++---
test/recipes/15-test_genec.t | 10 ++++++++++
3 files changed, 19 insertions(+), 6 deletions(-)
diff --git a/providers/implementations/serializers/serializer_ec_priv.c b/providers/implementations/serializers/serializer_ec_priv.c
index acc6cf7081..25dc8dbcca 100644
--- a/providers/implementations/serializers/serializer_ec_priv.c
+++ b/providers/implementations/serializers/serializer_ec_priv.c
@@ -128,7 +128,7 @@ static int ec_priv_der_data(void *vctx, const OSSL_PARAM params[],
EC_KEY *eckey;
if ((eckey = ec_new(ctx->provctx)) != NULL
- && ec_import(eckey, OSSL_KEYMGMT_SELECT_KEYPAIR, params)
+ && ec_import(eckey, OSSL_KEYMGMT_SELECT_ALL, params)
&& ec_priv_der(ctx, eckey, out, cb, cbarg))
ok = 1;
ec_free(eckey);
@@ -175,7 +175,7 @@ static int ec_pem_priv_data(void *vctx, const OSSL_PARAM params[],
EC_KEY *eckey;
if ((eckey = ec_new(ctx->provctx)) != NULL
- && ec_import(eckey, OSSL_KEYMGMT_SELECT_KEYPAIR, params)
+ && ec_import(eckey, OSSL_KEYMGMT_SELECT_ALL, params)
&& ec_pem_priv(ctx, eckey, out, cb, cbarg))
ok = 1;
ec_free(eckey);
@@ -233,7 +233,7 @@ static int ec_priv_print_data(void *vctx, const OSSL_PARAM params[],
EC_KEY *eckey;
if ((eckey = ec_new(ctx->provctx)) != NULL
- && ec_import(eckey, OSSL_KEYMGMT_SELECT_KEYPAIR, params)
+ && ec_import(eckey, OSSL_KEYMGMT_SELECT_ALL, params)
&& ec_priv_print(ctx, eckey, out, cb, cbarg))
ok = 1;
ec_free(eckey);
diff --git a/providers/implementations/serializers/serializer_ec_pub.c b/providers/implementations/serializers/serializer_ec_pub.c
index d3f67fd762..42fb4f96f2 100644
--- a/providers/implementations/serializers/serializer_ec_pub.c
+++ b/providers/implementations/serializers/serializer_ec_pub.c
@@ -17,6 +17,9 @@
#include "prov/provider_ctx.h"
#include "serializer_local.h"
+#define EC_SELECT_PUBLIC_IMPORTABLE \
+ OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
+
static OSSL_FUNC_serializer_newctx_fn ec_pub_newctx;
static OSSL_FUNC_serializer_freectx_fn ec_pub_freectx;
static OSSL_FUNC_serializer_serialize_data_fn ec_pub_der_data;
@@ -58,7 +61,7 @@ static int ec_pub_der_data(void *vctx, const OSSL_PARAM params[],
/* vctx == provctx */
if ((eckey = ec_new(vctx)) != NULL
- && ec_import(eckey, OSSL_KEYMGMT_SELECT_KEYPAIR, params)
+ && ec_import(eckey, EC_SELECT_PUBLIC_IMPORTABLE, params)
&& ec_pub_der(vctx, eckey, out, cb, cbarg))
ok = 1;
ec_free(eckey);
@@ -100,7 +103,7 @@ static int ec_pub_pem_data(void *vctx, const OSSL_PARAM params[],
/* ctx == provctx */
if ((eckey = ec_new(vctx)) != NULL
- && ec_import(eckey, OSSL_KEYMGMT_SELECT_KEYPAIR, params)
+ && ec_import(eckey, EC_SELECT_PUBLIC_IMPORTABLE, params)
&& ec_pub_pem(vctx, eckey, out, cb, cbarg))
ok = 1;
ec_free(eckey);
@@ -141,7 +144,7 @@ static int ec_pub_print_data(void *vctx, const OSSL_PARAM params[],
/* ctx == provctx */
if ((eckey = ec_new(vctx)) != NULL
- && ec_import(eckey, OSSL_KEYMGMT_SELECT_KEYPAIR, params)
+ && ec_import(eckey, EC_SELECT_PUBLIC_IMPORTABLE, params)
&& ec_pub_print(vctx, eckey, out, cb, cbarg))
ok = 1;
ec_free(eckey);
diff --git a/test/recipes/15-test_genec.t b/test/recipes/15-test_genec.t
index b46147ca10..20ddd4026d 100644
--- a/test/recipes/15-test_genec.t
+++ b/test/recipes/15-test_genec.t
@@ -194,6 +194,7 @@ plan tests => scalar(@curve_list) * scalar(keys %params_encodings)
+ 1 # Checking that with no curve it fails
+ 1 # Checking that with unknown curve it fails
+ 1 # Subtest for explicit only curves
+ + 1 # base serializer test
;
ok(!run(app([ 'openssl', 'genpkey',
@@ -205,6 +206,15 @@ ok(!run(app([ 'openssl', 'genpkey',
'-pkeyopt', 'ec_paramgen_curve:bogus_foobar_curve'])),
"genpkey EC with unknown curve name should fail");
+ok(run(app([ 'openssl', 'genpkey',
+ '-provider-path', 'providers',
+ '-provider', 'base',
+ '-config', srctop_file("test", "default.cnf"),
+ '-algorithm', 'EC',
+ '-pkeyopt', 'ec_paramgen_curve:prime256v1',
+ '-text'])),
+ "generate a private key and serialize it using the base provider");
+
foreach my $curvename (@curve_list) {
foreach my $paramenc (sort keys %params_encodings) {
my $fn = $params_encodings{$paramenc};
More information about the openssl-commits
mailing list