[openssl] master update

Richard Levitte levitte at openssl.org
Sat Nov 7 11:32:28 UTC 2020


The branch master has been updated
       via  e6774a7289707061fb19bf5f32996147dcc9a860 (commit)
       via  dc56deddeea301f9a496c1565398d7ec1fb8dac0 (commit)
      from  914079d1c33cd775f15801663c36ee31c66554fa (commit)


- Log -----------------------------------------------------------------
commit e6774a7289707061fb19bf5f32996147dcc9a860
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Nov 6 10:37:43 2020 +0100

    test/evp_extra_test.c: Modify to reflect provider support in test_EVP_PKEY_check
    
    With our providers, RSA now supports public key check and key parameter check.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/13334)

commit dc56deddeea301f9a496c1565398d7ec1fb8dac0
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Nov 6 08:04:59 2020 +0100

    EVP: Have all EVP_PKEY check functions export to provider if possible
    
    Fixes #13322
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/13334)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/pmeth_check.c | 77 ++++++++++++++++++++++++++----------------------
 test/evp_extra_test.c    |  4 +--
 2 files changed, 43 insertions(+), 38 deletions(-)

diff --git a/crypto/evp/pmeth_check.c b/crypto/evp/pmeth_check.c
index b99d5b1abd..449ff88095 100644
--- a/crypto/evp/pmeth_check.c
+++ b/crypto/evp/pmeth_check.c
@@ -17,23 +17,43 @@
 #include "crypto/evp.h"
 #include "evp_local.h"
 
+/*
+ * Returns:
+ *  1   True
+ *  0   False
+ * -1   Unsupported (use legacy path)
+ */
+static int try_provided_check(EVP_PKEY_CTX *ctx, int selection)
+{
+    EVP_KEYMGMT *keymgmt;
+    void *keydata;
+
+    if (evp_pkey_ctx_is_legacy(ctx))
+        return -1;
+
+    keymgmt = ctx->keymgmt;
+    keydata = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
+                                          &keymgmt, ctx->propquery);
+    if (keydata == NULL) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+        return 0;
+    }
+
+    return evp_keymgmt_validate(keymgmt, keydata, selection);
+}
+
 int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
 {
     EVP_PKEY *pkey = ctx->pkey;
-    void *key;
-    EVP_KEYMGMT *keymgmt;
+    int ok;
 
     if (pkey == NULL) {
         EVPerr(EVP_F_EVP_PKEY_PUBLIC_CHECK, EVP_R_NO_KEY_SET);
         return 0;
     }
 
-    keymgmt = pkey->keymgmt;
-    key = pkey->keydata;
-
-    if (key != NULL && keymgmt != NULL)
-        return evp_keymgmt_validate(keymgmt, key,
-                                    OSSL_KEYMGMT_SELECT_PUBLIC_KEY);
+    if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) != -1)
+        return ok;
 
     if (pkey->type == EVP_PKEY_NONE)
         goto not_supported;
@@ -58,20 +78,16 @@ int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
 int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
 {
     EVP_PKEY *pkey = ctx->pkey;
-    void *key;
-    EVP_KEYMGMT *keymgmt;
+    int ok;
 
     if (pkey == NULL) {
         EVPerr(EVP_F_EVP_PKEY_PARAM_CHECK, EVP_R_NO_KEY_SET);
         return 0;
     }
 
-    keymgmt = pkey->keymgmt;
-    key = pkey->keydata;
-
-    if (key != NULL && keymgmt != NULL)
-        return evp_keymgmt_validate(keymgmt, key,
-                                    OSSL_KEYMGMT_SELECT_ALL_PARAMETERS);
+    if ((ok = try_provided_check(ctx,
+                                 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)) != -1)
+        return ok;
 
     if (pkey->type == EVP_PKEY_NONE)
         goto not_supported;
@@ -96,20 +112,16 @@ int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
 int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx)
 {
     EVP_PKEY *pkey = ctx->pkey;
-    void *key;
-    EVP_KEYMGMT *keymgmt;
+    int ok;
 
     if (pkey == NULL) {
         EVPerr(0, EVP_R_NO_KEY_SET);
         return 0;
     }
 
-    keymgmt = pkey->keymgmt;
-    key = pkey->keydata;
+    if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) != -1)
+        return ok;
 
-    if (key != NULL && keymgmt != NULL)
-        return evp_keymgmt_validate(keymgmt, key,
-                                    OSSL_KEYMGMT_SELECT_PRIVATE_KEY);
     /* not supported for legacy keys */
     EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
     return -2;
@@ -118,19 +130,16 @@ int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx)
 int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx)
 {
     EVP_PKEY *pkey = ctx->pkey;
-    void *key;
-    EVP_KEYMGMT *keymgmt;
+    int ok;
 
     if (pkey == NULL) {
         EVPerr(0, EVP_R_NO_KEY_SET);
         return 0;
     }
 
-    keymgmt = pkey->keymgmt;
-    key = pkey->keydata;
+    if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR)) != -1)
+        return ok;
 
-    if (key != NULL && keymgmt != NULL)
-        return evp_keymgmt_validate(keymgmt, key, OSSL_KEYMGMT_SELECT_KEYPAIR);
     /* not supported for legacy keys */
     EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
     return -2;
@@ -139,19 +148,15 @@ int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx)
 int EVP_PKEY_check(EVP_PKEY_CTX *ctx)
 {
     EVP_PKEY *pkey = ctx->pkey;
-    void *key;
-    EVP_KEYMGMT *keymgmt;
+    int ok;
 
     if (pkey == NULL) {
         EVPerr(EVP_F_EVP_PKEY_CHECK, EVP_R_NO_KEY_SET);
         return 0;
     }
 
-    keymgmt = pkey->keymgmt;
-    key = pkey->keydata;
-
-    if (key != NULL && keymgmt != NULL)
-        return evp_keymgmt_validate(keymgmt, key, OSSL_KEYMGMT_SELECT_ALL);
+    if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR)) != -1)
+        return ok;
 
     if (pkey->type == EVP_PKEY_NONE)
         goto not_supported;
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 8ee41ab5ce..e0f6af1f06 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -399,9 +399,9 @@ static APK_DATA keydata[] = {
 };
 
 static APK_DATA keycheckdata[] = {
-    {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
+    {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, 1, 1, 0},
     {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
-     0, -2, -2, 0},
+     0, 1, 1, 0},
 #ifndef OPENSSL_NO_EC
     {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
     /* group is also associated in our pub key */


More information about the openssl-commits mailing list