root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Fix incorrect selection flags for ec serializer. 

Fixes #12630

ec_import requires domain parameters to be part of the selection.
The public and private serialisers were not selecting the correct flags so the import was failing.
Added a test that uses the base provider so that a export/import happens for serialization.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12681)
This commit is contained in:
Shane Lontis 2020-08-19 19:38:03 +10:00
parent 8ca6c6669f
commit be63e58732
3 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
providers/implementations/serializers/serializer_ec_priv.c
View File

@ -128,7 +128,7 @@ static int ec_priv_der_data(void *vctx, const OSSL_PARAM params[],
EC_KEY *eckey; EC_KEY *eckey;
if ((eckey = ec_new(ctx->provctx)) != NULL if ((eckey = ec_new(ctx->provctx)) != NULL
&& ec_import(eckey, OSSL_KEYMGMT_SELECT_KEYPAIR, params) && ec_import(eckey, OSSL_KEYMGMT_SELECT_ALL, params)
&& ec_priv_der(ctx, eckey, out, cb, cbarg)) && ec_priv_der(ctx, eckey, out, cb, cbarg))
ok = 1; ok = 1;
ec_free(eckey); ec_free(eckey);
@ -175,7 +175,7 @@ static int ec_pem_priv_data(void *vctx, const OSSL_PARAM params[],
EC_KEY *eckey; EC_KEY *eckey;
if ((eckey = ec_new(ctx->provctx)) != NULL if ((eckey = ec_new(ctx->provctx)) != NULL
&& ec_import(eckey, OSSL_KEYMGMT_SELECT_KEYPAIR, params) && ec_import(eckey, OSSL_KEYMGMT_SELECT_ALL, params)
&& ec_pem_priv(ctx, eckey, out, cb, cbarg)) && ec_pem_priv(ctx, eckey, out, cb, cbarg))
ok = 1; ok = 1;
ec_free(eckey); ec_free(eckey);
@ -233,7 +233,7 @@ static int ec_priv_print_data(void *vctx, const OSSL_PARAM params[],
EC_KEY *eckey; EC_KEY *eckey;
if ((eckey = ec_new(ctx->provctx)) != NULL if ((eckey = ec_new(ctx->provctx)) != NULL
&& ec_import(eckey, OSSL_KEYMGMT_SELECT_KEYPAIR, params) && ec_import(eckey, OSSL_KEYMGMT_SELECT_ALL, params)
&& ec_priv_print(ctx, eckey, out, cb, cbarg)) && ec_priv_print(ctx, eckey, out, cb, cbarg))
ok = 1; ok = 1;
ec_free(eckey); ec_free(eckey);

9
providers/implementations/serializers/serializer_ec_pub.c
View File

@ -17,6 +17,9 @@
#include "prov/provider_ctx.h" #include "prov/provider_ctx.h"
#include "serializer_local.h" #include "serializer_local.h"
#define EC_SELECT_PUBLIC_IMPORTABLE \
OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
static OSSL_FUNC_serializer_newctx_fn ec_pub_newctx; static OSSL_FUNC_serializer_newctx_fn ec_pub_newctx;
static OSSL_FUNC_serializer_freectx_fn ec_pub_freectx; static OSSL_FUNC_serializer_freectx_fn ec_pub_freectx;
static OSSL_FUNC_serializer_serialize_data_fn ec_pub_der_data; static OSSL_FUNC_serializer_serialize_data_fn ec_pub_der_data;
@ -58,7 +61,7 @@ static int ec_pub_der_data(void *vctx, const OSSL_PARAM params[],
/* vctx == provctx */ /* vctx == provctx */
if ((eckey = ec_new(vctx)) != NULL if ((eckey = ec_new(vctx)) != NULL
&& ec_import(eckey, OSSL_KEYMGMT_SELECT_KEYPAIR, params) && ec_import(eckey, EC_SELECT_PUBLIC_IMPORTABLE, params)
&& ec_pub_der(vctx, eckey, out, cb, cbarg)) && ec_pub_der(vctx, eckey, out, cb, cbarg))
ok = 1; ok = 1;
ec_free(eckey); ec_free(eckey);
@ -100,7 +103,7 @@ static int ec_pub_pem_data(void *vctx, const OSSL_PARAM params[],
/* ctx == provctx */ /* ctx == provctx */
if ((eckey = ec_new(vctx)) != NULL if ((eckey = ec_new(vctx)) != NULL
&& ec_import(eckey, OSSL_KEYMGMT_SELECT_KEYPAIR, params) && ec_import(eckey, EC_SELECT_PUBLIC_IMPORTABLE, params)
&& ec_pub_pem(vctx, eckey, out, cb, cbarg)) && ec_pub_pem(vctx, eckey, out, cb, cbarg))
ok = 1; ok = 1;
ec_free(eckey); ec_free(eckey);
@ -141,7 +144,7 @@ static int ec_pub_print_data(void *vctx, const OSSL_PARAM params[],
/* ctx == provctx */ /* ctx == provctx */
if ((eckey = ec_new(vctx)) != NULL if ((eckey = ec_new(vctx)) != NULL
&& ec_import(eckey, OSSL_KEYMGMT_SELECT_KEYPAIR, params) && ec_import(eckey, EC_SELECT_PUBLIC_IMPORTABLE, params)
&& ec_pub_print(vctx, eckey, out, cb, cbarg)) && ec_pub_print(vctx, eckey, out, cb, cbarg))
ok = 1; ok = 1;
ec_free(eckey); ec_free(eckey);

10
test/recipes/15-test_genec.t
View File

@ -194,6 +194,7 @@ plan tests => scalar(@curve_list) * scalar(keys %params_encodings)
+ 1 # Checking that with no curve it fails + 1 # Checking that with no curve it fails
+ 1 # Checking that with unknown curve it fails + 1 # Checking that with unknown curve it fails
+ 1 # Subtest for explicit only curves + 1 # Subtest for explicit only curves
+ 1 # base serializer test
; ;
ok(!run(app([ 'openssl', 'genpkey', ok(!run(app([ 'openssl', 'genpkey',
@ -205,6 +206,15 @@ ok(!run(app([ 'openssl', 'genpkey',
'-pkeyopt', 'ec_paramgen_curve:bogus_foobar_curve'])), '-pkeyopt', 'ec_paramgen_curve:bogus_foobar_curve'])),
"genpkey EC with unknown curve name should fail"); "genpkey EC with unknown curve name should fail");
ok(run(app([ 'openssl', 'genpkey',
'-provider-path', 'providers',
'-provider', 'base',
'-config', srctop_file("test", "default.cnf"),
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:prime256v1',
'-text'])),
"generate a private key and serialize it using the base provider");
foreach my $curvename (@curve_list) { foreach my $curvename (@curve_list) {
foreach my $paramenc (sort keys %params_encodings) { foreach my $paramenc (sort keys %params_encodings) {
my $fn = $params_encodings{$paramenc}; my $fn = $params_encodings{$paramenc};