[openssl] master update
Richard Levitte
levitte at openssl.org
Sat Nov 7 11:32:28 UTC 2020
The branch master has been updated
via e6774a7289707061fb19bf5f32996147dcc9a860 (commit)
via dc56deddeea301f9a496c1565398d7ec1fb8dac0 (commit)
from 914079d1c33cd775f15801663c36ee31c66554fa (commit)
- Log -----------------------------------------------------------------
commit e6774a7289707061fb19bf5f32996147dcc9a860
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Nov 6 10:37:43 2020 +0100
test/evp_extra_test.c: Modify to reflect provider support in test_EVP_PKEY_check
With our providers, RSA now supports public key check and key parameter check.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13334)
commit dc56deddeea301f9a496c1565398d7ec1fb8dac0
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Nov 6 08:04:59 2020 +0100
EVP: Have all EVP_PKEY check functions export to provider if possible
Fixes #13322
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13334)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/pmeth_check.c | 77 ++++++++++++++++++++++++++----------------------
test/evp_extra_test.c | 4 +--
2 files changed, 43 insertions(+), 38 deletions(-)
diff --git a/crypto/evp/pmeth_check.c b/crypto/evp/pmeth_check.c
index b99d5b1abd..449ff88095 100644
--- a/crypto/evp/pmeth_check.c
+++ b/crypto/evp/pmeth_check.c
@@ -17,23 +17,43 @@
#include "crypto/evp.h"
#include "evp_local.h"
+/*
+ * Returns:
+ * 1 True
+ * 0 False
+ * -1 Unsupported (use legacy path)
+ */
+static int try_provided_check(EVP_PKEY_CTX *ctx, int selection)
+{
+ EVP_KEYMGMT *keymgmt;
+ void *keydata;
+
+ if (evp_pkey_ctx_is_legacy(ctx))
+ return -1;
+
+ keymgmt = ctx->keymgmt;
+ keydata = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
+ &keymgmt, ctx->propquery);
+ if (keydata == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+ return 0;
+ }
+
+ return evp_keymgmt_validate(keymgmt, keydata, selection);
+}
+
int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
{
EVP_PKEY *pkey = ctx->pkey;
- void *key;
- EVP_KEYMGMT *keymgmt;
+ int ok;
if (pkey == NULL) {
EVPerr(EVP_F_EVP_PKEY_PUBLIC_CHECK, EVP_R_NO_KEY_SET);
return 0;
}
- keymgmt = pkey->keymgmt;
- key = pkey->keydata;
-
- if (key != NULL && keymgmt != NULL)
- return evp_keymgmt_validate(keymgmt, key,
- OSSL_KEYMGMT_SELECT_PUBLIC_KEY);
+ if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) != -1)
+ return ok;
if (pkey->type == EVP_PKEY_NONE)
goto not_supported;
@@ -58,20 +78,16 @@ int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
{
EVP_PKEY *pkey = ctx->pkey;
- void *key;
- EVP_KEYMGMT *keymgmt;
+ int ok;
if (pkey == NULL) {
EVPerr(EVP_F_EVP_PKEY_PARAM_CHECK, EVP_R_NO_KEY_SET);
return 0;
}
- keymgmt = pkey->keymgmt;
- key = pkey->keydata;
-
- if (key != NULL && keymgmt != NULL)
- return evp_keymgmt_validate(keymgmt, key,
- OSSL_KEYMGMT_SELECT_ALL_PARAMETERS);
+ if ((ok = try_provided_check(ctx,
+ OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)) != -1)
+ return ok;
if (pkey->type == EVP_PKEY_NONE)
goto not_supported;
@@ -96,20 +112,16 @@ int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx)
{
EVP_PKEY *pkey = ctx->pkey;
- void *key;
- EVP_KEYMGMT *keymgmt;
+ int ok;
if (pkey == NULL) {
EVPerr(0, EVP_R_NO_KEY_SET);
return 0;
}
- keymgmt = pkey->keymgmt;
- key = pkey->keydata;
+ if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) != -1)
+ return ok;
- if (key != NULL && keymgmt != NULL)
- return evp_keymgmt_validate(keymgmt, key,
- OSSL_KEYMGMT_SELECT_PRIVATE_KEY);
/* not supported for legacy keys */
EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
@@ -118,19 +130,16 @@ int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx)
int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx)
{
EVP_PKEY *pkey = ctx->pkey;
- void *key;
- EVP_KEYMGMT *keymgmt;
+ int ok;
if (pkey == NULL) {
EVPerr(0, EVP_R_NO_KEY_SET);
return 0;
}
- keymgmt = pkey->keymgmt;
- key = pkey->keydata;
+ if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR)) != -1)
+ return ok;
- if (key != NULL && keymgmt != NULL)
- return evp_keymgmt_validate(keymgmt, key, OSSL_KEYMGMT_SELECT_KEYPAIR);
/* not supported for legacy keys */
EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
@@ -139,19 +148,15 @@ int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx)
int EVP_PKEY_check(EVP_PKEY_CTX *ctx)
{
EVP_PKEY *pkey = ctx->pkey;
- void *key;
- EVP_KEYMGMT *keymgmt;
+ int ok;
if (pkey == NULL) {
EVPerr(EVP_F_EVP_PKEY_CHECK, EVP_R_NO_KEY_SET);
return 0;
}
- keymgmt = pkey->keymgmt;
- key = pkey->keydata;
-
- if (key != NULL && keymgmt != NULL)
- return evp_keymgmt_validate(keymgmt, key, OSSL_KEYMGMT_SELECT_ALL);
+ if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR)) != -1)
+ return ok;
if (pkey->type == EVP_PKEY_NONE)
goto not_supported;
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 8ee41ab5ce..e0f6af1f06 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -399,9 +399,9 @@ static APK_DATA keydata[] = {
};
static APK_DATA keycheckdata[] = {
- {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
+ {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, 1, 1, 0},
{kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
- 0, -2, -2, 0},
+ 0, 1, 1, 0},
#ifndef OPENSSL_NO_EC
{kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
/* group is also associated in our pub key */
More information about the openssl-commits
mailing list