root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

EVP: Have all EVP_PKEY check functions export to provider if possible 

Fixes #13322

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13334)
This commit is contained in:
Richard Levitte 2020-11-06 08:04:59 +01:00
parent 914079d1c3
commit dc56deddee
1 changed files with 41 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
crypto/evp/pmeth_check.c
View File

@ -17,23 +17,43 @@
#include "crypto/evp.h"
#include "evp_local.h"
/*
* Returns:
* 1 True
* 0 False
* -1 Unsupported (use legacy path)
*/
static int try_provided_check(EVP_PKEY_CTX *ctx, int selection)
{
EVP_KEYMGMT *keymgmt;
void *keydata;
if (evp_pkey_ctx_is_legacy(ctx))
return -1;
keymgmt = ctx->keymgmt;
keydata = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
&keymgmt, ctx->propquery);
if (keydata == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
return 0;
}
return evp_keymgmt_validate(keymgmt, keydata, selection);
}
int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
{
EVP_PKEY *pkey = ctx->pkey;
void *key;
EVP_KEYMGMT *keymgmt;
int ok;
if (pkey == NULL) {
EVPerr(EVP_F_EVP_PKEY_PUBLIC_CHECK, EVP_R_NO_KEY_SET);
return 0;
}
keymgmt = pkey->keymgmt;
key = pkey->keydata;
if (key != NULL && keymgmt != NULL)
return evp_keymgmt_validate(keymgmt, key,
OSSL_KEYMGMT_SELECT_PUBLIC_KEY);
if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) != -1)
return ok;
if (pkey->type == EVP_PKEY_NONE)
goto not_supported;
@ -58,20 +78,16 @@ int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
{
EVP_PKEY *pkey = ctx->pkey;
void *key;
EVP_KEYMGMT *keymgmt;
int ok;
if (pkey == NULL) {
EVPerr(EVP_F_EVP_PKEY_PARAM_CHECK, EVP_R_NO_KEY_SET);
return 0;
}
keymgmt = pkey->keymgmt;
key = pkey->keydata;
if (key != NULL && keymgmt != NULL)
return evp_keymgmt_validate(keymgmt, key,
OSSL_KEYMGMT_SELECT_ALL_PARAMETERS);
if ((ok = try_provided_check(ctx,
OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)) != -1)
return ok;
if (pkey->type == EVP_PKEY_NONE)
goto not_supported;
@ -96,20 +112,16 @@ int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx)
{
EVP_PKEY *pkey = ctx->pkey;
void *key;
EVP_KEYMGMT *keymgmt;
int ok;
if (pkey == NULL) {
EVPerr(0, EVP_R_NO_KEY_SET);
return 0;
}
keymgmt = pkey->keymgmt;
key = pkey->keydata;
if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) != -1)
return ok;
if (key != NULL && keymgmt != NULL)
return evp_keymgmt_validate(keymgmt, key,
OSSL_KEYMGMT_SELECT_PRIVATE_KEY);
/* not supported for legacy keys */
EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
@ -118,19 +130,16 @@ int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx)
int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx)
{
EVP_PKEY *pkey = ctx->pkey;
void *key;
EVP_KEYMGMT *keymgmt;
int ok;
if (pkey == NULL) {
EVPerr(0, EVP_R_NO_KEY_SET);
return 0;
}
keymgmt = pkey->keymgmt;
key = pkey->keydata;
if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR)) != -1)
return ok;
if (key != NULL && keymgmt != NULL)
return evp_keymgmt_validate(keymgmt, key, OSSL_KEYMGMT_SELECT_KEYPAIR);
/* not supported for legacy keys */
EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
@ -139,19 +148,15 @@ int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx)
int EVP_PKEY_check(EVP_PKEY_CTX *ctx)
{
EVP_PKEY *pkey = ctx->pkey;
void *key;
EVP_KEYMGMT *keymgmt;
int ok;
if (pkey == NULL) {
EVPerr(EVP_F_EVP_PKEY_CHECK, EVP_R_NO_KEY_SET);
return 0;
}
keymgmt = pkey->keymgmt;
key = pkey->keydata;
if (key != NULL && keymgmt != NULL)
return evp_keymgmt_validate(keymgmt, key, OSSL_KEYMGMT_SELECT_ALL);
if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR)) != -1)
return ok;
if (pkey->type == EVP_PKEY_NONE)
goto not_supported;