[openssl] master update
Richard Levitte
levitte at openssl.org
Tue Jun 29 11:50:55 UTC 2021
The branch master has been updated
via 69e14a546d5455de39222d1553ad18a1631e5fe9 (commit)
via 398f8fe1c48e19e29f099a55bb49d601911f463d (commit)
from 6eaf139f62001b958861f25c5cebc41c76c579bd (commit)
- Log -----------------------------------------------------------------
commit 69e14a546d5455de39222d1553ad18a1631e5fe9
Author: Richard Levitte <levitte at openssl.org>
Date: Mon Jun 28 07:08:51 2021 +0200
EVP: Have EVP_PKCS82PKEY_ex() pass a correct selection to OSSL_DECODER
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15934)
commit 398f8fe1c48e19e29f099a55bb49d601911f463d
Author: Richard Levitte <levitte at openssl.org>
Date: Mon Jun 28 05:52:42 2021 +0200
DECODER & ENCODER: Make sure to pass around the original selection bits
When decoding a key and asking the keymgmt to import the key data, it
was told that the key data includes everything. This may not be true,
since the user may have specified a different selection, and some
keymgmts may want to be informed.
Our key decoders' export function, on the other hand, didn't care
either, and simply export anything they could, regardless.
In both cases, the selection that was specified by the user is now
passed all the way.
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15934)
-----------------------------------------------------------------------
Summary of changes:
crypto/encode_decode/decoder_pkey.c | 4 +++-
crypto/evp/evp_pkey.c | 4 +++-
providers/implementations/encode_decode/decode_der2key.c | 13 +++++++------
providers/implementations/encode_decode/decode_msblob2key.c | 6 ++++--
providers/implementations/encode_decode/decode_pvk2key.c | 7 +++++--
5 files changed, 22 insertions(+), 12 deletions(-)
diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c
index 0270ba2e70..719bd17b2f 100644
--- a/crypto/encode_decode/decoder_pkey.c
+++ b/crypto/encode_decode/decoder_pkey.c
@@ -57,6 +57,7 @@ DEFINE_STACK_OF(EVP_KEYMGMT)
struct decoder_pkey_data_st {
OSSL_LIB_CTX *libctx;
char *propq;
+ int selection;
STACK_OF(EVP_KEYMGMT) *keymgmts;
char *object_type; /* recorded object data type, may be NULL */
@@ -150,7 +151,7 @@ static int decoder_construct_pkey(OSSL_DECODER_INSTANCE *decoder_inst,
import_data.keymgmt = keymgmt;
import_data.keydata = NULL;
- import_data.selection = OSSL_KEYMGMT_SELECT_ALL;
+ import_data.selection = data->selection;
/*
* No need to check for errors here, the value of
@@ -375,6 +376,7 @@ int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx,
process_data->object = (void **)pkey;
process_data->libctx = libctx;
+ process_data->selection = ctx->selection;
/* First, find all keymgmts to form goals */
EVP_KEYMGMT_do_all_provided(libctx, collect_keymgmt,
diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
index 683f4bec54..6f0b3dbda9 100644
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@@ -70,6 +70,7 @@ EVP_PKEY *EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO *p8, OSSL_LIB_CTX *libctx,
const unsigned char *p8_data = NULL;
unsigned char *encoded_data = NULL;
int encoded_len;
+ int selection;
size_t len;
OSSL_DECODER_CTX *dctx = NULL;
@@ -79,8 +80,9 @@ EVP_PKEY *EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO *p8, OSSL_LIB_CTX *libctx,
p8_data = encoded_data;
len = encoded_len;
+ selection = EVP_PKEY_KEYPAIR | EVP_PKEY_KEY_PARAMETERS;
dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", "PrivateKeyInfo",
- EVP_PKEY_NONE, 0, libctx, propq);
+ NULL, selection, libctx, propq);
if (dctx == NULL
|| !OSSL_DECODER_from_data(dctx, &p8_data, &len))
/* try legacy */
diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c
index fd4a7c6e2a..356e65b403 100644
--- a/providers/implementations/encode_decode/decode_der2key.c
+++ b/providers/implementations/encode_decode/decode_der2key.c
@@ -89,6 +89,8 @@ struct keytype_desc_st {
struct der2key_ctx_st {
PROV_CTX *provctx;
const struct keytype_desc_st *desc;
+ /* The selection that is passed to der2key_decode() */
+ int selection;
/* Flag used to signal that a failure is fatal */
unsigned int flag_fatal : 1;
};
@@ -180,9 +182,9 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
const unsigned char *derp;
long der_len = 0;
void *key = NULL;
- int orig_selection = selection;
int ok = 0;
+ ctx->selection = selection;
/*
* The caller is allowed to specify 0 as a selection mark, to have the
* structure and key type guessed. For type-specific structures, this
@@ -213,7 +215,7 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
} else if (ctx->desc->d2i_private_key != NULL) {
key = ctx->desc->d2i_private_key(NULL, &derp, der_len);
}
- if (key == NULL && orig_selection != 0)
+ if (key == NULL && ctx->selection != 0)
goto next;
}
if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
@@ -222,14 +224,14 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len);
else
key = ctx->desc->d2i_public_key(NULL, &derp, der_len);
- if (key == NULL && orig_selection != 0)
+ if (key == NULL && ctx->selection != 0)
goto next;
}
if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {
derp = der;
if (ctx->desc->d2i_key_params != NULL)
key = ctx->desc->d2i_key_params(NULL, &derp, der_len);
- if (key == NULL && orig_selection != 0)
+ if (key == NULL && ctx->selection != 0)
goto next;
}
@@ -304,8 +306,7 @@ static int der2key_export_object(void *vctx,
/* The contents of the reference is the address to our object */
keydata = *(void **)reference;
- return export(keydata, OSSL_KEYMGMT_SELECT_ALL,
- export_cb, export_cbarg);
+ return export(keydata, ctx->selection, export_cb, export_cbarg);
}
return 0;
}
diff --git a/providers/implementations/encode_decode/decode_msblob2key.c b/providers/implementations/encode_decode/decode_msblob2key.c
index 15dc8b05a7..0508e68b32 100644
--- a/providers/implementations/encode_decode/decode_msblob2key.c
+++ b/providers/implementations/encode_decode/decode_msblob2key.c
@@ -56,6 +56,8 @@ static OSSL_FUNC_decoder_export_object_fn msblob2key_export_object;
struct msblob2key_ctx_st {
PROV_CTX *provctx;
const struct keytype_desc_st *desc;
+ /* The selection that is passed to msblob2key_decode() */
+ int selection;
};
static struct msblob2key_ctx_st *
@@ -102,6 +104,7 @@ static int msblob2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
if (!ok)
goto next;
+ ctx->selection = selection;
ok = 0; /* Assume that we fail */
if ((isdss && ctx->desc->type != EVP_PKEY_DSA)
@@ -208,8 +211,7 @@ msblob2key_export_object(void *vctx,
/* The contents of the reference is the address to our object */
keydata = *(void **)reference;
- return export(keydata, OSSL_KEYMGMT_SELECT_ALL,
- export_cb, export_cbarg);
+ return export(keydata, ctx->selection, export_cb, export_cbarg);
}
return 0;
}
diff --git a/providers/implementations/encode_decode/decode_pvk2key.c b/providers/implementations/encode_decode/decode_pvk2key.c
index 5c26bfb908..30b42d2097 100644
--- a/providers/implementations/encode_decode/decode_pvk2key.c
+++ b/providers/implementations/encode_decode/decode_pvk2key.c
@@ -56,6 +56,8 @@ static OSSL_FUNC_decoder_export_object_fn pvk2key_export_object;
struct pvk2key_ctx_st {
PROV_CTX *provctx;
const struct keytype_desc_st *desc;
+ /* The selection that is passed to der2key_decode() */
+ int selection;
};
static struct pvk2key_ctx_st *
@@ -86,6 +88,8 @@ static int pvk2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
void *key = NULL;
int ok = 0;
+ ctx->selection = selection;
+
if ((selection == 0
|| (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
&& ctx->desc->read_private_key != NULL) {
@@ -175,8 +179,7 @@ static int pvk2key_export_object(void *vctx,
/* The contents of the reference is the address to our object */
keydata = *(void **)reference;
- return export(keydata, OSSL_KEYMGMT_SELECT_ALL,
- export_cb, export_cbarg);
+ return export(keydata, ctx->selection, export_cb, export_cbarg);
}
return 0;
}
More information about the openssl-commits
mailing list