[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Fri Feb 19 09:25:12 UTC 2021
The branch master has been updated
via 576892d78f80cf9a169e7f766319c843e430f378 (commit)
from ef33889e1878739a8355e8ba027b3ed21a917898 (commit)
- Log -----------------------------------------------------------------
commit 576892d78f80cf9a169e7f766319c843e430f378
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Wed Dec 2 17:52:24 2020 +1000
Fix d2i_AutoPrivateKey_ex so that is uses the new decoder (and produces
non legacy keys).
Fixes #13522
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13591)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/d2i_pr.c | 100 +++++++++++----------
include/crypto/evp.h | 4 +
.../implementations/encode_decode/decode_der2key.c | 5 +-
.../implementations/encode_decode/encode_key2any.c | 24 ++++-
test/evp_extra_test2.c | 84 ++++++++++++++++-
5 files changed, 162 insertions(+), 55 deletions(-)
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index dfe770cb7f..21ae90e8e2 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -15,15 +15,60 @@
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
+#include <openssl/decoder.h>
#include <openssl/engine.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
#include "crypto/asn1.h"
#include "crypto/evp.h"
+#include "internal/asn1.h"
-EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const unsigned char **pp,
+EVP_PKEY *d2i_PrivateKey_ex(int keytype, EVP_PKEY **a, const unsigned char **pp,
long length, OSSL_LIB_CTX *libctx,
const char *propq)
+{
+ OSSL_DECODER_CTX *dctx = NULL;
+ size_t len = length;
+ EVP_PKEY *pkey = NULL;
+ EVP_PKEY **ppkey = &pkey;
+ const char *key_name = NULL;
+ const char *input_structures[] = { "type-specific", "pkcs8", NULL };
+ int i, ret;
+
+ if (keytype != EVP_PKEY_NONE) {
+ key_name = evp_pkey_type2name(keytype);
+ if (key_name == NULL)
+ return NULL;
+ }
+ if (a != NULL && *a != NULL)
+ ppkey = a;
+
+ for (i = 0; i < (int)OSSL_NELEM(input_structures); ++i) {
+ dctx = OSSL_DECODER_CTX_new_by_EVP_PKEY(ppkey, "DER",
+ input_structures[i], key_name,
+ EVP_PKEY_KEYPAIR, libctx, propq);
+ if (dctx == NULL)
+ return NULL;
+
+ ret = OSSL_DECODER_from_data(dctx, pp, &len);
+ OSSL_DECODER_CTX_free(dctx);
+ if (ret) {
+ if (*ppkey != NULL
+ && evp_keymgmt_util_has(*ppkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
+ return *ppkey;
+ goto err;
+ }
+ }
+ /* Fall through to error if all decodes failed */
+err:
+ if (ppkey != a)
+ EVP_PKEY_free(*ppkey);
+ return NULL;
+}
+
+EVP_PKEY *evp_privatekey_from_binary(int keytype, EVP_PKEY **a,
+ const unsigned char **pp, long length,
+ OSSL_LIB_CTX *libctx, const char *propq)
{
EVP_PKEY *ret;
const unsigned char *p = *pp;
@@ -41,7 +86,7 @@ EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const unsigned char **pp,
#endif
}
- if (!EVP_PKEY_set_type(ret, type)) {
+ if (!EVP_PKEY_set_type(ret, keytype)) {
ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
goto err;
}
@@ -67,7 +112,7 @@ EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const unsigned char **pp,
EVP_PKEY_free(ret);
ret = tmp;
ERR_pop_to_mark();
- if (EVP_PKEY_type(type) != EVP_PKEY_base_id(ret))
+ if (EVP_PKEY_type(keytype) != EVP_PKEY_base_id(ret))
goto err;
} else {
ERR_clear_last_mark();
@@ -94,57 +139,14 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
}
/*
- * This works like d2i_PrivateKey() except it automatically works out the
- * type
+ * This works like d2i_PrivateKey() except it passes the keytype as
+ * EVP_PKEY_NONE, which then figures out the type during decoding.
*/
-
EVP_PKEY *d2i_AutoPrivateKey_ex(EVP_PKEY **a, const unsigned char **pp,
long length, OSSL_LIB_CTX *libctx,
const char *propq)
{
- STACK_OF(ASN1_TYPE) *inkey;
- const unsigned char *p;
- int keytype;
- p = *pp;
- /*
- * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
- * analyzing it we can determine the passed structure: this assumes the
- * input is surrounded by an ASN1 SEQUENCE.
- */
- inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
- p = *pp;
- /*
- * Since we only need to discern "traditional format" RSA and DSA keys we
- * can just count the elements.
- */
- if (sk_ASN1_TYPE_num(inkey) == 6) {
- keytype = EVP_PKEY_DSA;
- } else if (sk_ASN1_TYPE_num(inkey) == 4) {
- keytype = EVP_PKEY_EC;
- } else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
- * traditional format */
- PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
- EVP_PKEY *ret;
-
- sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
- if (p8 == NULL) {
- ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
- return NULL;
- }
- ret = EVP_PKCS82PKEY_ex(p8, libctx, propq);
- PKCS8_PRIV_KEY_INFO_free(p8);
- if (ret == NULL)
- return NULL;
- *pp = p;
- if (a) {
- *a = ret;
- }
- return ret;
- } else {
- keytype = EVP_PKEY_RSA;
- }
- sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
- return d2i_PrivateKey_ex(keytype, a, pp, length, libctx, propq);
+ return d2i_PrivateKey_ex(EVP_PKEY_NONE, a, pp, length, libctx, propq);
}
EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 0269d8da5a..7f28edd6c2 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -854,4 +854,8 @@ int evp_set_default_properties_int(OSSL_LIB_CTX *libctx, const char *propq,
void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force);
+EVP_PKEY *evp_privatekey_from_binary(int keytype, EVP_PKEY **a,
+ const unsigned char **pp, long length,
+ OSSL_LIB_CTX *libctx, const char *propq);
+
#endif /* OSSL_CRYPTO_EVP_H */
diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c
index 4018d2021b..466a73f908 100644
--- a/providers/implementations/encode_decode/decode_der2key.c
+++ b/providers/implementations/encode_decode/decode_der2key.c
@@ -28,6 +28,7 @@
#include "crypto/dh.h"
#include "crypto/dsa.h"
#include "crypto/ec.h"
+#include "crypto/evp.h"
#include "crypto/ecx.h"
#include "crypto/rsa.h"
#include "prov/bio.h"
@@ -321,8 +322,8 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
derp = der;
- pkey = d2i_PrivateKey_ex(ctx->desc->evp_type, NULL, &derp, der_len,
- libctx, NULL);
+ pkey = evp_privatekey_from_binary(ctx->desc->evp_type, NULL,
+ &derp, der_len, libctx, NULL);
}
if (pkey == NULL
diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c
index 883c33334d..32d99837b2 100644
--- a/providers/implementations/encode_decode/encode_key2any.c
+++ b/providers/implementations/encode_decode/encode_key2any.c
@@ -60,6 +60,20 @@ typedef int key_to_der_fn(BIO *out, const void *key,
struct key2any_ctx_st *ctx);
typedef int write_bio_of_void_fn(BIO *bp, const void *x);
+
+/* Free the blob allocated during key_to_paramstring_fn */
+static void free_asn1_data(int type, void *data)
+{
+ switch(type) {
+ case V_ASN1_OBJECT:
+ ASN1_OBJECT_free(data);
+ break;
+ case V_ASN1_SEQUENCE:
+ ASN1_STRING_free(data);
+ break;
+ }
+}
+
static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid,
void *params, int params_type,
i2d_of_void *k2d)
@@ -70,7 +84,6 @@ static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid,
/* The final PKCS#8 info */
PKCS8_PRIV_KEY_INFO *p8info = NULL;
-
if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL
|| (derlen = k2d(key, &der)) <= 0
|| !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0,
@@ -113,6 +126,9 @@ static X509_SIG *key_to_encp8(const void *key, int key_nid,
key_to_p8info(key, key_nid, params, params_type, k2d);
X509_SIG *p8 = p8info_to_encp8(p8info, ctx);
+ if (p8info == NULL)
+ free_asn1_data(params_type, params);
+
PKCS8_PRIV_KEY_INFO_free(p8info);
return p8;
}
@@ -174,6 +190,8 @@ static int key_to_pkcs8_der_priv_bio(BIO *out, const void *key,
if (p8info != NULL)
ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info);
+ else
+ free_asn1_data(strtype, str);
PKCS8_PRIV_KEY_INFO_free(p8info);
}
@@ -208,6 +226,8 @@ static int key_to_pkcs8_pem_priv_bio(BIO *out, const void *key,
if (p8info != NULL)
ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info);
+ else
+ free_asn1_data(strtype, str);
PKCS8_PRIV_KEY_INFO_free(p8info);
}
@@ -259,6 +279,8 @@ static int key_to_spki_pem_pub_bio(BIO *out, const void *key,
if (xpk != NULL)
ret = PEM_write_bio_X509_PUBKEY(out, xpk);
+ else
+ free_asn1_data(strtype, str);
/* Also frees |str| */
X509_PUBKEY_free(xpk);
diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c
index 9181061247..bb8e897536 100644
--- a/test/evp_extra_test2.c
+++ b/test/evp_extra_test2.c
@@ -17,6 +17,7 @@
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/provider.h>
+#include <openssl/core_names.h>
#include "testutil.h"
#include "internal/nelem.h"
@@ -141,6 +142,58 @@ static const unsigned char kExampleRSAKeyPKCS8[] = {
0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
};
+#ifndef OPENSSL_NO_DH
+static const unsigned char kExampleDHPrivateKeyDER[] = {
+ 0x30, 0x82, 0x02, 0x26, 0x02, 0x01, 0x00, 0x30, 0x82, 0x01, 0x17, 0x06,
+ 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x03, 0x01, 0x30, 0x82,
+ 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xD8, 0x4B, 0x0F, 0x0E, 0x6B,
+ 0x79, 0xE9, 0x23, 0x4E, 0xE4, 0xBE, 0x9A, 0x8F, 0x7A, 0x5C, 0xA3, 0x20,
+ 0xD0, 0x86, 0x6B, 0x95, 0x78, 0x39, 0x59, 0x7A, 0x11, 0x2A, 0x5B, 0x87,
+ 0xA4, 0xFB, 0x2F, 0x99, 0xD0, 0x57, 0xF5, 0xE1, 0xA3, 0xAF, 0x41, 0xD1,
+ 0xCD, 0xA3, 0x94, 0xBB, 0xE5, 0x5A, 0x68, 0xE2, 0xEE, 0x69, 0x56, 0x51,
+ 0xB2, 0xEE, 0xF2, 0xFE, 0x10, 0xC9, 0x55, 0xE3, 0x82, 0x3C, 0x50, 0x0D,
+ 0xF5, 0x82, 0x73, 0xE4, 0xD6, 0x3E, 0x45, 0xB4, 0x89, 0x80, 0xE4, 0xF0,
+ 0x99, 0x85, 0x2B, 0x4B, 0xF9, 0xB8, 0xFD, 0x2C, 0x3C, 0x49, 0x2E, 0xB3,
+ 0x56, 0x7E, 0x99, 0x07, 0xD3, 0xF7, 0xD9, 0xE4, 0x0C, 0x64, 0xC5, 0x7D,
+ 0x03, 0x8E, 0x05, 0x3C, 0x0A, 0x40, 0x17, 0xAD, 0xA8, 0x0F, 0x9B, 0xF4,
+ 0x8B, 0xA7, 0xDB, 0x16, 0x4F, 0x4A, 0x57, 0x0B, 0x89, 0x80, 0x0B, 0x9F,
+ 0x26, 0x56, 0x3F, 0x1D, 0xFA, 0x52, 0x2D, 0x1A, 0x9E, 0xDC, 0x42, 0xA3,
+ 0x2E, 0xA9, 0x87, 0xE3, 0x8B, 0x45, 0x5E, 0xEE, 0x99, 0xB8, 0x30, 0x15,
+ 0x58, 0xA3, 0x5F, 0xB5, 0x69, 0xD8, 0x0C, 0xE8, 0x6B, 0x36, 0xD8, 0xAB,
+ 0xD8, 0xE4, 0x77, 0x46, 0x13, 0xA2, 0x15, 0xB3, 0x9C, 0xAD, 0x99, 0x91,
+ 0xE5, 0xA3, 0x30, 0x7D, 0x40, 0x70, 0xB3, 0x32, 0x5E, 0xAF, 0x96, 0x8D,
+ 0xE6, 0x3F, 0x47, 0xA3, 0x18, 0xDA, 0xE1, 0x9A, 0x20, 0x11, 0xE1, 0x49,
+ 0x51, 0x45, 0xE3, 0x8C, 0xA5, 0x56, 0x39, 0x67, 0xCB, 0x9D, 0xCF, 0xBA,
+ 0xF4, 0x46, 0x4E, 0x0A, 0xB6, 0x0B, 0xA9, 0xB4, 0xF6, 0xF1, 0x6A, 0xC8,
+ 0x63, 0xE2, 0xB4, 0xB2, 0x9F, 0x44, 0xAA, 0x0A, 0xDA, 0x53, 0xF7, 0x52,
+ 0x14, 0x57, 0xEE, 0x2C, 0x5D, 0x31, 0x9C, 0x27, 0x03, 0x64, 0x9E, 0xC0,
+ 0x1E, 0x4B, 0x1B, 0x4F, 0xEE, 0xA6, 0x3F, 0xC1, 0x3E, 0x61, 0x93, 0x02,
+ 0x01, 0x02, 0x04, 0x82, 0x01, 0x04, 0x02, 0x82, 0x01, 0x00, 0x7E, 0xC2,
+ 0x04, 0xF9, 0x95, 0xC7, 0xEF, 0x96, 0xBE, 0xA0, 0x9D, 0x2D, 0xC3, 0x0C,
+ 0x3A, 0x67, 0x02, 0x7C, 0x7D, 0x3B, 0xC9, 0xB1, 0xDE, 0x13, 0x97, 0x64,
+ 0xEF, 0x87, 0x80, 0x4F, 0xBF, 0xA2, 0xAC, 0x18, 0x6B, 0xD5, 0xB2, 0x42,
+ 0x0F, 0xDA, 0x28, 0x40, 0x93, 0x40, 0xB2, 0x1E, 0x80, 0xB0, 0x6C, 0xDE,
+ 0x9C, 0x54, 0xA4, 0xB4, 0x68, 0x29, 0xE0, 0x13, 0x57, 0x1D, 0xC9, 0x87,
+ 0xC0, 0xDE, 0x2F, 0x1D, 0x72, 0xF0, 0xC0, 0xE4, 0x4E, 0x04, 0x48, 0xF5,
+ 0x2D, 0x8D, 0x9A, 0x1B, 0xE5, 0xEB, 0x06, 0xAB, 0x7C, 0x74, 0x10, 0x3C,
+ 0xA8, 0x2D, 0x39, 0xBC, 0xE3, 0x15, 0x3E, 0x63, 0x37, 0x8C, 0x1B, 0xF1,
+ 0xB3, 0x99, 0xB6, 0xAE, 0x5A, 0xEB, 0xB3, 0x3D, 0x30, 0x39, 0x69, 0xDB,
+ 0xF2, 0x4F, 0x94, 0xB7, 0x71, 0xAF, 0xBA, 0x5C, 0x1F, 0xF8, 0x6B, 0xE5,
+ 0xD1, 0xB1, 0x00, 0x81, 0xE2, 0x6D, 0xEC, 0x65, 0xF7, 0x7E, 0xCE, 0x03,
+ 0x84, 0x68, 0x42, 0x6A, 0x8B, 0x47, 0x8E, 0x4A, 0x88, 0xDE, 0x82, 0xDD,
+ 0xAF, 0xA9, 0x6F, 0x18, 0xF7, 0xC6, 0xE2, 0xB9, 0x97, 0xCE, 0x47, 0x8F,
+ 0x85, 0x19, 0x61, 0x42, 0x67, 0x21, 0x7D, 0x13, 0x6E, 0xB5, 0x5A, 0x62,
+ 0xF3, 0x08, 0xE2, 0x70, 0x3B, 0x0E, 0x85, 0x3C, 0xA1, 0xD3, 0xED, 0x7A,
+ 0x43, 0xD6, 0xDE, 0x30, 0x5C, 0x48, 0xB2, 0x99, 0xAB, 0x3E, 0x65, 0xA6,
+ 0x66, 0x80, 0x22, 0xFF, 0x92, 0xC1, 0x42, 0x1C, 0x30, 0x87, 0x74, 0x1E,
+ 0x53, 0x57, 0x7C, 0xF8, 0x77, 0x51, 0xF1, 0x74, 0x16, 0xF4, 0x45, 0x26,
+ 0x77, 0x0A, 0x05, 0x96, 0x13, 0x12, 0x06, 0x86, 0x2B, 0xB8, 0x49, 0x82,
+ 0x69, 0x43, 0x0A, 0x57, 0xA7, 0x30, 0x19, 0x4C, 0xB8, 0x47, 0x82, 0x6E,
+ 0x64, 0x7A, 0x06, 0x13, 0x5A, 0x82, 0x98, 0xD6, 0x7A, 0x09, 0xEC, 0x03,
+ 0x8D, 0x03
+};
+#endif /* OPENSSL_NO_DH */
+
#ifndef OPENSSL_NO_EC
/*
* kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
@@ -183,7 +236,10 @@ static APK_DATA keydata[] = {
{kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
#ifndef OPENSSL_NO_EC
{kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC},
- {kExampleECKey2DER, sizeof(kExampleECKey2DER), EVP_PKEY_EC}
+ {kExampleECKey2DER, sizeof(kExampleECKey2DER), EVP_PKEY_EC},
+#endif
+#ifndef OPENSSL_NO_DH
+ {kExampleDHPrivateKeyDER, sizeof(kExampleDHPrivateKeyDER), EVP_PKEY_DH},
#endif
};
@@ -197,6 +253,9 @@ static int test_d2i_AutoPrivateKey_ex(int i)
const unsigned char *input = ak->kder;
size_t input_len = ak->size;
int expected_id = ak->evptype;
+ BIGNUM *p_bn = NULL;
+ BIGNUM *g_bn = NULL;
+ BIGNUM *priv_bn = NULL;
p = input;
if (!TEST_ptr(pkey = d2i_AutoPrivateKey_ex(NULL, &p, input_len, mainctx,
@@ -205,9 +264,28 @@ static int test_d2i_AutoPrivateKey_ex(int i)
|| !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
goto done;
- ret = 1;
+ if (ak->evptype == EVP_PKEY_RSA) {
+ if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D,
+ &priv_bn)))
+ goto done;
+ } else {
+ if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
+ &priv_bn)))
+ goto done;
+ }
+
+ if (ak->evptype == EVP_PKEY_DH) {
+ if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_P, &p_bn))
+ || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_G,
+ &g_bn)))
+ goto done;
+ }
- done:
+ ret = 1;
+done:
+ BN_free(p_bn);
+ BN_free(g_bn);
+ BN_free(priv_bn);
EVP_PKEY_free(pkey);
return ret;
}
More information about the openssl-commits
mailing list