[openssl] master update
Richard Levitte
levitte at openssl.org
Wed Jul 7 13:39:20 UTC 2021
The branch master has been updated
via d101700dffa710f3de0ab6465dff688f55214bcc (commit)
from 105c83150f15af3f78ea0758859062842bdbe30e (commit)
- Log -----------------------------------------------------------------
commit d101700dffa710f3de0ab6465dff688f55214bcc
Author: Richard Levitte <levitte at openssl.org>
Date: Tue Jul 6 08:44:37 2021 +0200
CRYPTO: Remove the check for built-in methods in the export_to function
That check was seen as necessary at the time, but other changes have
been made since, so we now have better control on when we're handling
legacy structures and methods, making it safe to run the export_to
function on keys with foreign methods.
The basic message is that foreign methods must set key structure
values according to our standards no matter what, or not set them at
all. This has really always been the case, but was harder to see at
the time because of interaction with other bugs.
Fixes #15927
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15996)
-----------------------------------------------------------------------
Summary of changes:
crypto/dh/dh_ameth.c | 7 -------
crypto/dsa/dsa_ameth.c | 7 -------
crypto/ec/ec_ameth.c | 7 -------
crypto/rsa/rsa_ameth.c | 7 -------
4 files changed, 28 deletions(-)
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 3d23321b59..0e577177ec 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -453,13 +453,6 @@ static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
int selection = 0;
int rv = 0;
- /*
- * If the DH method is foreign, then we can't be sure of anything, and
- * can therefore not export or pretend to export.
- */
- if (ossl_dh_get_method(dh) != DH_OpenSSL())
- return 0;
-
if (p == NULL || g == NULL)
return 0;
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index ea9f839955..53417bff6a 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -436,13 +436,6 @@ static int dsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
int selection = 0;
int rv = 0;
- /*
- * If the DSA method is foreign, then we can't be sure of anything, and
- * can therefore not export or pretend to export.
- */
- if (DSA_get_method(dsa) != DSA_OpenSSL())
- return 0;
-
if (p == NULL || q == NULL || g == NULL)
return 0;
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index c7fbaeab5e..9ca023bbe3 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -498,13 +498,6 @@ int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
|| (ecg = EC_KEY_get0_group(eckey)) == NULL)
return 0;
- /*
- * If the EC_KEY method is foreign, then we can't be sure of anything,
- * and can therefore not export or pretend to export.
- */
- if (EC_KEY_get_method(eckey) != EC_KEY_OpenSSL())
- return 0;
-
tmpl = OSSL_PARAM_BLD_new();
if (tmpl == NULL)
return 0;
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 1d3b8685bd..b1580ca48c 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -738,13 +738,6 @@ static int rsa_int_export_to(const EVP_PKEY *from, int rsa_type,
if (tmpl == NULL)
return 0;
- /*
- * If the RSA method is foreign, then we can't be sure of anything, and
- * can therefore not export or pretend to export.
- */
- if (RSA_get_method(rsa) != RSA_PKCS1_OpenSSL())
- goto err;
-
/* Public parameters must always be present */
if (RSA_get0_n(rsa) == NULL || RSA_get0_e(rsa) == NULL)
goto err;
More information about the openssl-commits
mailing list