[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-cvs
Subject: [openssl] master update
From: Richard Levitte <levitte () openssl ! org>
Date: 2021-06-29 11:50:55
Message-ID: 1624967455.385193.16544.nullmailer () dev ! openssl ! org
[Download RAW message or body]
The branch master has been updated
via 69e14a546d5455de39222d1553ad18a1631e5fe9 (commit)
via 398f8fe1c48e19e29f099a55bb49d601911f463d (commit)
from 6eaf139f62001b958861f25c5cebc41c76c579bd (commit)
- Log -----------------------------------------------------------------
commit 69e14a546d5455de39222d1553ad18a1631e5fe9
Author: Richard Levitte <levitte@openssl.org>
Date: Mon Jun 28 07:08:51 2021 +0200
EVP: Have EVP_PKCS82PKEY_ex() pass a correct selection to OSSL_DECODER
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15934)
commit 398f8fe1c48e19e29f099a55bb49d601911f463d
Author: Richard Levitte <levitte@openssl.org>
Date: Mon Jun 28 05:52:42 2021 +0200
DECODER & ENCODER: Make sure to pass around the original selection bits
When decoding a key and asking the keymgmt to import the key data, it
was told that the key data includes everything. This may not be true,
since the user may have specified a different selection, and some
keymgmts may want to be informed.
Our key decoders' export function, on the other hand, didn't care
either, and simply export anything they could, regardless.
In both cases, the selection that was specified by the user is now
passed all the way.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15934)
-----------------------------------------------------------------------
Summary of changes:
crypto/encode_decode/decoder_pkey.c | 4 +++-
crypto/evp/evp_pkey.c | 4 +++-
providers/implementations/encode_decode/decode_der2key.c | 13 +++++++------
providers/implementations/encode_decode/decode_msblob2key.c | 6 ++++--
providers/implementations/encode_decode/decode_pvk2key.c | 7 +++++--
5 files changed, 22 insertions(+), 12 deletions(-)
diff --git a/crypto/encode_decode/decoder_pkey.c \
b/crypto/encode_decode/decoder_pkey.c index 0270ba2e70..719bd17b2f 100644
--- a/crypto/encode_decode/decoder_pkey.c
+++ b/crypto/encode_decode/decoder_pkey.c
@@ -57,6 +57,7 @@ DEFINE_STACK_OF(EVP_KEYMGMT)
struct decoder_pkey_data_st {
OSSL_LIB_CTX *libctx;
char *propq;
+ int selection;
STACK_OF(EVP_KEYMGMT) *keymgmts;
char *object_type; /* recorded object data type, may be NULL */
@@ -150,7 +151,7 @@ static int decoder_construct_pkey(OSSL_DECODER_INSTANCE \
*decoder_inst,
import_data.keymgmt = keymgmt;
import_data.keydata = NULL;
- import_data.selection = OSSL_KEYMGMT_SELECT_ALL;
+ import_data.selection = data->selection;
/*
* No need to check for errors here, the value of
@@ -375,6 +376,7 @@ int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx,
process_data->object = (void **)pkey;
process_data->libctx = libctx;
+ process_data->selection = ctx->selection;
/* First, find all keymgmts to form goals */
EVP_KEYMGMT_do_all_provided(libctx, collect_keymgmt,
diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
index 683f4bec54..6f0b3dbda9 100644
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@@ -70,6 +70,7 @@ EVP_PKEY *EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO *p8, \
OSSL_LIB_CTX *libctx, const unsigned char *p8_data = NULL;
unsigned char *encoded_data = NULL;
int encoded_len;
+ int selection;
size_t len;
OSSL_DECODER_CTX *dctx = NULL;
@@ -79,8 +80,9 @@ EVP_PKEY *EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO *p8, \
OSSL_LIB_CTX *libctx,
p8_data = encoded_data;
len = encoded_len;
+ selection = EVP_PKEY_KEYPAIR | EVP_PKEY_KEY_PARAMETERS;
dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", "PrivateKeyInfo",
- EVP_PKEY_NONE, 0, libctx, propq);
+ NULL, selection, libctx, propq);
if (dctx == NULL
|| !OSSL_DECODER_from_data(dctx, &p8_data, &len))
/* try legacy */
diff --git a/providers/implementations/encode_decode/decode_der2key.c \
b/providers/implementations/encode_decode/decode_der2key.c index \
fd4a7c6e2a..356e65b403 100644
--- a/providers/implementations/encode_decode/decode_der2key.c
+++ b/providers/implementations/encode_decode/decode_der2key.c
@@ -89,6 +89,8 @@ struct keytype_desc_st {
struct der2key_ctx_st {
PROV_CTX *provctx;
const struct keytype_desc_st *desc;
+ /* The selection that is passed to der2key_decode() */
+ int selection;
/* Flag used to signal that a failure is fatal */
unsigned int flag_fatal : 1;
};
@@ -180,9 +182,9 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int \
selection, const unsigned char *derp;
long der_len = 0;
void *key = NULL;
- int orig_selection = selection;
int ok = 0;
+ ctx->selection = selection;
/*
* The caller is allowed to specify 0 as a selection mark, to have the
* structure and key type guessed. For type-specific structures, this
@@ -213,7 +215,7 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int \
selection, } else if (ctx->desc->d2i_private_key != NULL) {
key = ctx->desc->d2i_private_key(NULL, &derp, der_len);
}
- if (key == NULL && orig_selection != 0)
+ if (key == NULL && ctx->selection != 0)
goto next;
}
if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
@@ -222,14 +224,14 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int \
selection, key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len);
else
key = ctx->desc->d2i_public_key(NULL, &derp, der_len);
- if (key == NULL && orig_selection != 0)
+ if (key == NULL && ctx->selection != 0)
goto next;
}
if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {
derp = der;
if (ctx->desc->d2i_key_params != NULL)
key = ctx->desc->d2i_key_params(NULL, &derp, der_len);
- if (key == NULL && orig_selection != 0)
+ if (key == NULL && ctx->selection != 0)
goto next;
}
@@ -304,8 +306,7 @@ static int der2key_export_object(void *vctx,
/* The contents of the reference is the address to our object */
keydata = *(void **)reference;
- return export(keydata, OSSL_KEYMGMT_SELECT_ALL,
- export_cb, export_cbarg);
+ return export(keydata, ctx->selection, export_cb, export_cbarg);
}
return 0;
}
diff --git a/providers/implementations/encode_decode/decode_msblob2key.c \
b/providers/implementations/encode_decode/decode_msblob2key.c index \
15dc8b05a7..0508e68b32 100644
--- a/providers/implementations/encode_decode/decode_msblob2key.c
+++ b/providers/implementations/encode_decode/decode_msblob2key.c
@@ -56,6 +56,8 @@ static OSSL_FUNC_decoder_export_object_fn msblob2key_export_object;
struct msblob2key_ctx_st {
PROV_CTX *provctx;
const struct keytype_desc_st *desc;
+ /* The selection that is passed to msblob2key_decode() */
+ int selection;
};
static struct msblob2key_ctx_st *
@@ -102,6 +104,7 @@ static int msblob2key_decode(void *vctx, OSSL_CORE_BIO *cin, int \
selection, if (!ok)
goto next;
+ ctx->selection = selection;
ok = 0; /* Assume that we fail */
if ((isdss && ctx->desc->type != EVP_PKEY_DSA)
@@ -208,8 +211,7 @@ msblob2key_export_object(void *vctx,
/* The contents of the reference is the address to our object */
keydata = *(void **)reference;
- return export(keydata, OSSL_KEYMGMT_SELECT_ALL,
- export_cb, export_cbarg);
+ return export(keydata, ctx->selection, export_cb, export_cbarg);
}
return 0;
}
diff --git a/providers/implementations/encode_decode/decode_pvk2key.c \
b/providers/implementations/encode_decode/decode_pvk2key.c index \
5c26bfb908..30b42d2097 100644
--- a/providers/implementations/encode_decode/decode_pvk2key.c
+++ b/providers/implementations/encode_decode/decode_pvk2key.c
@@ -56,6 +56,8 @@ static OSSL_FUNC_decoder_export_object_fn pvk2key_export_object;
struct pvk2key_ctx_st {
PROV_CTX *provctx;
const struct keytype_desc_st *desc;
+ /* The selection that is passed to der2key_decode() */
+ int selection;
};
static struct pvk2key_ctx_st *
@@ -86,6 +88,8 @@ static int pvk2key_decode(void *vctx, OSSL_CORE_BIO *cin, int \
selection, void *key = NULL;
int ok = 0;
+ ctx->selection = selection;
+
if ((selection == 0
|| (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
&& ctx->desc->read_private_key != NULL) {
@@ -175,8 +179,7 @@ static int pvk2key_export_object(void *vctx,
/* The contents of the reference is the address to our object */
keydata = *(void **)reference;
- return export(keydata, OSSL_KEYMGMT_SELECT_ALL,
- export_cb, export_cbarg);
+ return export(keydata, ctx->selection, export_cb, export_cbarg);
}
return 0;
}
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic