mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-28 04:25:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add "save-parameters" encoder parameter

Browse Source 
The parameter makes the dsa key encoder to skip saving the DSA
key parameters similarly to what the legacy dsa key encoder did.

Fixes #14362

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14746)
This commit is contained in:
Tomas Mraz 2021-03-30 17:41:03 +02:00
parent 5050fd5b3b
commit 78043fe898
4 changed files with 45 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/encode_decode/encoder_pkey.c
View File

@ -327,6 +327,14 @@ OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new_for_pkey(const EVP_PKEY *pkey,
&& OSSL_ENCODER_CTX_set_selection(ctx, selection)
&& ossl_encoder_ctx_setup_for_pkey(ctx, pkey, selection, propquery)
&& OSSL_ENCODER_CTX_add_extra(ctx, libctx, propquery)) {
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
int save_parameters = pkey->save_parameters;
params[0] = OSSL_PARAM_construct_int(OSSL_ENCODER_PARAM_SAVE_PARAMETERS,
&save_parameters);
/* ignoring error as this is only auxiliary parameter */
(void)OSSL_ENCODER_CTX_set_params(ctx, params);
OSSL_TRACE_BEGIN(ENCODER) {
BIO_printf(trc_out, "(ctx %p) Got %d encoders\n",
(void *)ctx, OSSL_ENCODER_CTX_get_num_encoders(ctx));

5
doc/man7/provider-encoder.pod
View File

@ -303,6 +303,11 @@ However, it is recommended that implementations that do not handle
property strings return an error on receiving this parameter unless
its value NULL or the empty string.
=item "save-parameters" (B<OSSL_ENCODER_PARAM_SAVE_PARAMETERS>) <integer>
If set to 0 disables saving of key domain parameters. Default is 1.
It currently has an effect only on DSA keys.
=back
Parameters currently recognised by the built-in pass phrase callback:

1
include/openssl/core_names.h
View File

@ -473,6 +473,7 @@ extern "C" {
#define OSSL_ENCODER_PARAM_OUTPUT_STRUCTURE "output-structure"
/* Currently PVK only, but reusable for others as needed */
#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
#define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters" /* integer */
#define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
#define OSSL_DECODER_PARAM_INPUT_TYPE "input-type"

60
providers/implementations/encode_decode/encode_key2any.c
View File

@ -43,6 +43,9 @@
struct key2any_ctx_st {
PROV_CTX *provctx;
/* Set to 0 if parameters should not be saved (dsa only) */
int save_parameters;
/* Set to 1 if intending to encrypt/decrypt, otherwise 0 */
int cipher_intent;
@ -52,7 +55,7 @@ struct key2any_ctx_st {
};
typedef int check_key_type_fn(const void *key, int nid);
typedef int key_to_paramstring_fn(const void *key, int nid,
typedef int key_to_paramstring_fn(const void *key, int nid, int save,
void **str, int *strtype);
typedef int key_to_der_fn(BIO *out, const void *key,
int key_nid, const char *pemname,
@ -174,7 +177,8 @@ static int key_to_pkcs8_der_priv_bio(BIO *out, const void *key,
void *str = NULL;
int strtype = V_ASN1_UNDEF;
if (p2s != NULL && !p2s(key, key_nid, &str, &strtype))
if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
&str, &strtype))
return 0;
if (ctx->cipher_intent) {
@ -210,7 +214,8 @@ static int key_to_pkcs8_pem_priv_bio(BIO *out, const void *key,
void *str = NULL;
int strtype = V_ASN1_UNDEF;
if (p2s != NULL && !p2s(key, key_nid, &str, &strtype))
if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
&str, &strtype))
return 0;
if (ctx->cipher_intent) {
@ -247,7 +252,8 @@ static int key_to_spki_der_pub_bio(BIO *out, const void *key,
int strtype = V_ASN1_UNDEF;
X509_PUBKEY *xpk = NULL;
if (p2s != NULL && !p2s(key, key_nid, &str, &strtype))
if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
&str, &strtype))
return 0;
xpk = key_to_pubkey(key, key_nid, str, strtype, k2d);
@ -272,7 +278,8 @@ static int key_to_spki_pem_pub_bio(BIO *out, const void *key,
int strtype = V_ASN1_UNDEF;
X509_PUBKEY *xpk = NULL;
if (p2s != NULL && !p2s(key, key_nid, &str, &strtype))
if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
&str, &strtype))
return 0;
xpk = key_to_pubkey(key, key_nid, str, strtype, k2d);
@ -374,7 +381,7 @@ static int key_to_type_specific_pem_param_bio(BIO *out, const void *key,
/* ---------------------------------------------------------------------- */
#ifndef OPENSSL_NO_DH
static int prepare_dh_params(const void *dh, int nid,
static int prepare_dh_params(const void *dh, int nid, int save,
void **pstr, int *pstrtype)
{
ASN1_STRING *params = ASN1_STRING_new();
@ -476,8 +483,8 @@ static int dh_check_key_type(const void *dh, int expected_type)
/* ---------------------------------------------------------------------- */
#ifndef OPENSSL_NO_DSA
static int prepare_some_dsa_params(const void *dsa, int nid,
void **pstr, int *pstrtype)
static int encode_dsa_params(const void *dsa, int nid,
void **pstr, int *pstrtype)
{
ASN1_STRING *params = ASN1_STRING_new();
@ -499,35 +506,21 @@ static int prepare_some_dsa_params(const void *dsa, int nid,
return 1;
}
static int prepare_all_dsa_params(const void *dsa, int nid,
void **pstr, int *pstrtype)
static int prepare_dsa_params(const void *dsa, int nid, int save,
void **pstr, int *pstrtype)
{
const BIGNUM *p = DSA_get0_p(dsa);
const BIGNUM *q = DSA_get0_q(dsa);
const BIGNUM *g = DSA_get0_g(dsa);
if (p != NULL && q != NULL && g != NULL)
return prepare_some_dsa_params(dsa, nid, pstr, pstrtype);
if (save && p != NULL && q != NULL && g != NULL)
return encode_dsa_params(dsa, nid, pstr, pstrtype);
*pstr = NULL;
*pstrtype = V_ASN1_UNDEF;
return 1;
}
static int prepare_dsa_params(const void *dsa, int nid,
void **pstr, int *pstrtype)
{
/*
* TODO(v3.0) implement setting save_parameters, see dsa_pub_encode()
* in crypto/dsa/dsa_ameth.c
*/
int save_parameters = 1;
return save_parameters
? prepare_all_dsa_params(dsa, nid, pstr, pstrtype)
: prepare_some_dsa_params(dsa, nid, pstr, pstrtype);
}
static int dsa_spki_pub_to_der(const void *dsa, unsigned char **pder)
{
const BIGNUM *bn = NULL;
@ -610,7 +603,7 @@ static int prepare_ec_explicit_params(const void *eckey,
* is a curve name (curve nid) to be found or not. See RFC 3279 for details.
* TODO: shouldn't we use i2d_ECPKParameters()?
*/
static int prepare_ec_params(const void *eckey, int nid,
static int prepare_ec_params(const void *eckey, int nid, int save,
void **pstr, int *pstrtype)
{
int curve_nid;
@ -763,7 +756,7 @@ static int ecx_pkcs8_priv_to_der(const void *vecxkey, unsigned char **pder)
* functionality doesn't allow that.
*/
static int prepare_rsa_params(const void *rsa, int nid,
static int prepare_rsa_params(const void *rsa, int nid, int save,
void **pstr, int *pstrtype)
{
const RSA_PSS_PARAMS_30 *pss = ossl_rsa_get0_pss_params_30((RSA *)rsa);
@ -871,8 +864,10 @@ static void *key2any_newctx(void *provctx)
{
struct key2any_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
if (ctx != NULL)
if (ctx != NULL) {
ctx->provctx = provctx;
ctx->save_parameters = 1;
}
return ctx;
}
@ -946,6 +941,8 @@ static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[])
OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER);
const OSSL_PARAM *propsp =
OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES);
const OSSL_PARAM *save_paramsp =
OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_SAVE_PARAMETERS);
if (cipherp != NULL) {
const char *ciphername = NULL;
@ -964,6 +961,11 @@ static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[])
EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL))
return 0;
}
if (save_paramsp != NULL) {
if (!OSSL_PARAM_get_int(save_paramsp, &ctx->save_parameters))
return 0;
}
return 1;
}