diff options
author | Richard Levitte <levitte@openssl.org> | 2020-03-19 22:29:10 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-03-23 10:07:38 +0100 |
commit | 0996cff91fe9d6ed7c37830debdf585119dcc067 (patch) | |
tree | 64bfae0bbb313c8f827958ec6206b84be8174c80 /crypto/dsa | |
parent | 8cc86b81ac20ff3e933ea7fd107a5a6066032330 (diff) | |
download | openssl-0996cff91fe9d6ed7c37830debdf585119dcc067.zip openssl-0996cff91fe9d6ed7c37830debdf585119dcc067.tar.gz openssl-0996cff91fe9d6ed7c37830debdf585119dcc067.tar.bz2 |
DH, DSA, EC_KEY: Fix exporters to allow domain parameter keys
The export-to-provider functions for DH, DSA and EC_KEY assumed that a
public key is always present, and would fail if not. This blocks any
attempt to export a key structure with only domain parameters.
While fixing this, we also modify the selection declaration to
evp_keymgmt_import() to be more adaptive, the diverse selection bits
are now added when the corresponding data is added to the OSSL_PARAM
array.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11374)
Diffstat (limited to 'crypto/dsa')
-rw-r--r-- | crypto/dsa/dsa_ameth.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 94f3f43..92134f9 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -526,6 +526,7 @@ static int dsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata, const BIGNUM *q = DSA_get0_q(dsa), *pub_key = DSA_get0_pub_key(dsa); const BIGNUM *priv_key = DSA_get0_priv_key(dsa); OSSL_PARAM *params; + int selection = 0; int rv; /* @@ -543,21 +544,25 @@ static int dsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata, || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_Q, q) || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_G, g)) return 0; - if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_PUB_KEY, - pub_key)) - return 0; + selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS; + if (pub_key != NULL) { + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_PUB_KEY, + pub_key)) + return 0; + selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY; + } if (priv_key != NULL) { if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_PRIV_KEY, priv_key)) return 0; + selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY; } if ((params = ossl_param_bld_to_param(&tmpl)) == NULL) return 0; /* We export, the provider imports */ - rv = evp_keymgmt_import(to_keymgmt, to_keydata, OSSL_KEYMGMT_SELECT_ALL, - params); + rv = evp_keymgmt_import(to_keymgmt, to_keydata, selection, params); ossl_param_bld_free(params); |