diff options
author | Richard Levitte <levitte@openssl.org> | 2020-03-23 05:40:47 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-03-25 17:01:32 +0100 |
commit | 0abae1636d7054266dd20724c0d5e06617d9f679 (patch) | |
tree | 2237cb7a395a335ba4da5a530d2116b3e5f0e3aa /crypto/dsa | |
parent | ff7262b4f4dfade7d2d6e05dcd3727ecc2bc7a5c (diff) | |
download | openssl-0abae1636d7054266dd20724c0d5e06617d9f679.zip openssl-0abae1636d7054266dd20724c0d5e06617d9f679.tar.gz openssl-0abae1636d7054266dd20724c0d5e06617d9f679.tar.bz2 |
EVP: Implement support for key downgrading in backends
Downgrading EVP_PKEYs from containing provider side internal keys to
containing legacy keys demands support in the EVP_PKEY_ASN1_METHOD.
This became a bit elaborate because the code would be almost exactly
the same as the import functions int EVP_KEYMGMT. Therefore, we end
up moving most of the code to common backend support files that can be
used both by legacy backend code and by our providers.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11375)
Diffstat (limited to 'crypto/dsa')
-rw-r--r-- | crypto/dsa/build.info | 2 | ||||
-rw-r--r-- | crypto/dsa/dsa_ameth.c | 24 | ||||
-rw-r--r-- | crypto/dsa/dsa_backend.c | 57 |
3 files changed, 81 insertions, 2 deletions
diff --git a/crypto/dsa/build.info b/crypto/dsa/build.info index 35a95a2..d8f0350 100644 --- a/crypto/dsa/build.info +++ b/crypto/dsa/build.info @@ -1,7 +1,7 @@ LIBS=../../libcrypto $COMMON=dsa_sign.c dsa_vrf.c dsa_lib.c dsa_ossl.c dsa_aid.c dsa_check.c \ - dsa_key.c + dsa_key.c dsa_backend.c SOURCE[../../libcrypto]=$COMMON\ dsa_gen.c dsa_asn1.c \ diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 92134f9..53daf33 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -21,8 +21,10 @@ #include <openssl/core_names.h> #include "internal/cryptlib.h" #include "crypto/asn1.h" +#include "crypto/dsa.h" #include "crypto/evp.h" #include "internal/param_build.h" +#include "internal/ffc.h" #include "dsa_local.h" static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) @@ -569,6 +571,25 @@ static int dsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata, return rv; } +static int dsa_pkey_import_from(const OSSL_PARAM params[], void *key) +{ + EVP_PKEY *pkey = key; + DSA *dsa = DSA_new(); + + if (dsa == NULL) { + ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE); + return 0; + } + + if (!ffc_fromdata(dsa_get0_params(dsa), params) + || !dsa_key_fromdata(dsa, params) + || !EVP_PKEY_assign_DSA(pkey, dsa)) { + DSA_free(dsa); + return 0; + } + return 1; +} + /* NB these are sorted in pkey_id order, lowest first */ const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = { @@ -632,6 +653,7 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = { NULL, NULL, NULL, NULL, dsa_pkey_dirty_cnt, - dsa_pkey_export_to + dsa_pkey_export_to, + dsa_pkey_import_from } }; diff --git a/crypto/dsa/dsa_backend.c b/crypto/dsa/dsa_backend.c new file mode 100644 index 0000000..b927465 --- /dev/null +++ b/crypto/dsa/dsa_backend.c @@ -0,0 +1,57 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/core_names.h> +#include "crypto/dsa.h" + +/* + * The intention with the "backend" source file is to offer backend support + * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider + * implementations alike. + */ + +int dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *param_priv_key, *param_pub_key; + BIGNUM *priv_key = NULL, *pub_key = NULL; + + if (dsa == NULL) + return 0; + + param_priv_key = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); + param_pub_key = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); + + /* It's ok if neither half is present */ + if (param_priv_key == NULL && param_pub_key == NULL) + return 1; + + /* + * DH documentation says that a public key must be present if a + * private key is present. + */ + if (param_priv_key != NULL && param_pub_key == NULL) + return 0; + + if (param_pub_key != NULL && !OSSL_PARAM_get_BN(param_pub_key, &pub_key)) + goto err; + if (param_priv_key != NULL && !OSSL_PARAM_get_BN(param_priv_key, &priv_key)) + goto err; + + if (!DSA_set0_key(dsa, pub_key, priv_key)) + goto err; + + return 1; + + err: + BN_clear_free(priv_key); + BN_free(pub_key); + return 0; +} |