[openssl/openssl] aeb80f: Propagate selection all the way on key export

Simo Sorce noreply at github.com
Tue Nov 15 11:09:03 UTC 2022 

  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: aeb80f63d4444de4b402e90dfe134b35c25528d9
      https://github.com/openssl/openssl/commit/aeb80f63d4444de4b402e90dfe134b35c25528d9
  Author: Simo Sorce <simo at redhat.com>
  Date:   2022-11-15 (Tue, 15 Nov 2022)

  Changed paths:
    M crypto/evp/keymgmt_lib.c
    M crypto/evp/p_lib.c
    M include/crypto/evp.h

  Log Message:
  -----------
  Propagate selection all the way on key export

EVP_PKEY_eq() is used to check, among other things, if a certificate
public key corresponds to a private key. When the private key belongs to
a provider that does not allow to export private keys this currently
fails as the internal functions used to import/export keys ignored the
selection given (which specifies that only the public key needs to be
considered) and instead tries to export everything.

This patch allows to propagate the selection all the way down including
adding it in the cache so that a following operation actually looking
for other selection parameters does not mistakenly pick up an export
containing only partial information.

Signed-off-by: Simo Sorce <simo at redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19648)

(cherry picked from commit 98642df4ba886818900ab7e6b23703544e6addd4)


  Commit: 38066a07e091bf7f958e793b331ff2695428eb6a
      https://github.com/openssl/openssl/commit/38066a07e091bf7f958e793b331ff2695428eb6a
  Author: Simo Sorce <simo at redhat.com>
  Date:   2022-11-15 (Tue, 15 Nov 2022)

  Changed paths:
    M doc/internal/man3/evp_keymgmt_util_export_to_provider.pod

  Log Message:
  -----------
  Update documentation for keymgmt export utils

Change function prototypes and explain how to use the selection
argument.

Signed-off-by: Simo Sorce <simo at redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19648)

(cherry picked from commit 504427eb5f32108dd64ff7858012863fe47b369b)


  Commit: 17d20f6159a3262da0b5bf5b547b0276ba1cd5da
      https://github.com/openssl/openssl/commit/17d20f6159a3262da0b5bf5b547b0276ba1cd5da
  Author: Simo Sorce <simo at redhat.com>
  Date:   2022-11-15 (Tue, 15 Nov 2022)

  Changed paths:
    M test/fake_rsaprov.c
    M test/fake_rsaprov.h
    M test/provider_pkey_test.c

  Log Message:
  -----------
  Add test for EVP_PKEY_eq

This tests that the comparison work even if a provider can only return
a public key.

Signed-off-by: Simo Sorce <simo at redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19648)

(cherry picked from commit e5202fbd461cb6c067874987998e91c6093e5267)


Compare: https://github.com/openssl/openssl/compare/d163bd08bb94...17d20f6159a3

More information about the openssl-commits mailing list