mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-30 21:44:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add selection support to the provider keymgmt_dup function

Browse Source 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14793)
This commit is contained in:
Tomas Mraz 2021-04-08 18:25:26 +02:00
parent 4a9fe33c8e
commit b4f447c038
25 changed files with 176 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/dh/dh_ameth.c
View File

@ -543,7 +543,7 @@ static int dh_pkey_copy(EVP_PKEY *to, EVP_PKEY *from)
int ret;
if (dh != NULL) {
dupkey = ossl_dh_dup(dh);
dupkey = ossl_dh_dup(dh, OSSL_KEYMGMT_SELECT_ALL);
if (dupkey == NULL)
return 0;
}

15
crypto/dh/dh_backend.c
View File

@ -125,7 +125,7 @@ static ossl_inline int dh_bn_dup_check(BIGNUM **out, const BIGNUM *f)
return 1;
}
DH *ossl_dh_dup(const DH *dh)
DH *ossl_dh_dup(const DH *dh, int selection)
{
DH *dupkey = NULL;
@ -139,14 +139,20 @@ DH *ossl_dh_dup(const DH *dh)
return NULL;
dupkey->length = DH_get_length(dh);
if (!ossl_ffc_params_copy(&dupkey->params, &dh->params))
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0
&& !ossl_ffc_params_copy(&dupkey->params, &dh->params))
goto err;
dupkey->flags = dh->flags;
if (!dh_bn_dup_check(&dupkey->pub_key, dh->pub_key))
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0
&& ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0
|| !dh_bn_dup_check(&dupkey->pub_key, dh->pub_key)))
goto err;
if (!dh_bn_dup_check(&dupkey->priv_key, dh->priv_key))
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
&& ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0
|| !dh_bn_dup_check(&dupkey->priv_key, dh->priv_key)))
goto err;
#ifndef FIPS_MODULE
@ -161,6 +167,7 @@ DH *ossl_dh_dup(const DH *dh)
DH_free(dupkey);
return NULL;
}
#ifndef FIPS_MODULE
DH *ossl_dh_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
OSSL_LIB_CTX *libctx, const char *propq)

2
crypto/dsa/dsa_ameth.c
View File

@ -507,7 +507,7 @@ static int dsa_pkey_copy(EVP_PKEY *to, EVP_PKEY *from)
int ret;
if (dsa != NULL) {
dupkey = ossl_dsa_dup(dsa);
dupkey = ossl_dsa_dup(dsa, OSSL_KEYMGMT_SELECT_ALL);
if (dupkey == NULL)
return 0;
}

14
crypto/dsa/dsa_backend.c
View File

@ -64,7 +64,7 @@ static ossl_inline int dsa_bn_dup_check(BIGNUM **out, const BIGNUM *f)
return 1;
}
DSA *ossl_dsa_dup(const DSA *dsa)
DSA *ossl_dsa_dup(const DSA *dsa, int selection)
{
DSA *dupkey = NULL;
@ -77,14 +77,20 @@ DSA *ossl_dsa_dup(const DSA *dsa)
if ((dupkey = ossl_dsa_new(dsa->libctx)) == NULL)
return NULL;
if (!ossl_ffc_params_copy(&dupkey->params, &dsa->params))
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0
&& !ossl_ffc_params_copy(&dupkey->params, &dsa->params))
goto err;
dupkey->flags = dsa->flags;
if (!dsa_bn_dup_check(&dupkey->pub_key, dsa->pub_key))
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0
&& ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0
|| !dsa_bn_dup_check(&dupkey->pub_key, dsa->pub_key)))
goto err;
if (!dsa_bn_dup_check(&dupkey->priv_key, dsa->priv_key))
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
&& ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0
|| !dsa_bn_dup_check(&dupkey->priv_key, dsa->priv_key)))
goto err;
#ifndef FIPS_MODULE

88
crypto/ec/ec_backend.c
View File

@ -17,6 +17,7 @@
#include <openssl/objects.h>
#include <openssl/params.h>
#include <openssl/err.h>
#include <openssl/engine.h>
#include "crypto/bn.h"
#include "crypto/ec.h"
#include "ec_local.h"
@ -519,6 +520,93 @@ int ossl_ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[])
return 1;
}
EC_KEY *ossl_ec_key_dup(const EC_KEY *src, int selection)
{
EC_KEY *ret = ossl_ec_key_new_method_int(src->libctx, src->propq,
src->engine);
if (ret == NULL)
return NULL;
if (src == NULL) {
ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER);
goto err;
}
/* copy the parameters */
if (src->group != NULL
&& (selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
ret->group = ossl_ec_group_new_ex(src->libctx, src->propq,
src->group->meth);
if (ret->group == NULL
|| !EC_GROUP_copy(ret->group, src->group))
goto err;
if (src->meth != NULL) {
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
if (src->engine != NULL && ENGINE_init(src->engine) == 0)
goto err;
ret->engine = src->engine;
#endif
ret->meth = src->meth;
}
}
/* copy the public key */
if (src->pub_key != NULL
&& (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
if (ret->group == NULL)
/* no parameter-less keys allowed */
goto err;
ret->pub_key = EC_POINT_new(ret->group);
if (ret->pub_key == NULL
|| !EC_POINT_copy(ret->pub_key, src->pub_key))
goto err;
}
/* copy the private key */
if (src->priv_key != NULL
&& (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
if (ret->group == NULL)
/* no parameter-less keys allowed */
goto err;
ret->priv_key = BN_new();
if (ret->priv_key == NULL || !BN_copy(ret->priv_key, src->priv_key))
goto err;
if (ret->group->meth->keycopy
&& ret->group->meth->keycopy(ret, src) == 0)
goto err;
}
/* copy the rest */
if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) {
ret->enc_flag = src->enc_flag;
ret->conv_form = src->conv_form;
}
ret->version = src->version;
ret->flags = src->flags;
#ifndef FIPS_MODULE
if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY,
&ret->ex_data, &src->ex_data))
goto err;
#endif
if (ret->meth != NULL && ret->meth->copy != NULL) {
if ((selection
& OSSL_KEYMGMT_SELECT_KEYPAIR) != OSSL_KEYMGMT_SELECT_KEYPAIR)
goto err;
if (ret->meth->copy(ret, src) == 0)
goto err;
}
return ret;
err:
EC_KEY_free(ret);
return NULL;
}
int ossl_ec_encoding_param2id(const OSSL_PARAM *p, int *id)
{
const char *name = NULL;

12
crypto/ec/ec_key.c
View File

@ -184,17 +184,7 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
EC_KEY *EC_KEY_dup(const EC_KEY *ec_key)
{
EC_KEY *ret = ossl_ec_key_new_method_int(ec_key->libctx, ec_key->propq,
ec_key->engine);
if (ret == NULL)
return NULL;
if (EC_KEY_copy(ret, ec_key) == NULL) {
EC_KEY_free(ret);
return NULL;
}
return ret;
return ossl_ec_key_dup(ec_key, OSSL_KEYMGMT_SELECT_ALL);
}
int EC_KEY_up_ref(EC_KEY *r)

8
crypto/ec/ecx_backend.c
View File

@ -92,7 +92,7 @@ int ossl_ecx_key_fromdata(ECX_KEY *ecx, const OSSL_PARAM params[],
return 1;
}
ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key)
ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key, int selection)
{
ECX_KEY *ret = OPENSSL_zalloc(sizeof(*ret));
@ -119,9 +119,11 @@ ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key)
goto err;
}
memcpy(ret->pubkey, key->pubkey, sizeof(ret->pubkey));
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
memcpy(ret->pubkey, key->pubkey, sizeof(ret->pubkey));
if (key->privkey != NULL) {
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
&& key->privkey != NULL) {
if (ossl_ecx_key_allocate_privkey(ret) == NULL)
goto err;
memcpy(ret->privkey, key->privkey, ret->keylen);

2
crypto/ec/ecx_meth.c
View File

@ -410,7 +410,7 @@ static int ecx_pkey_copy(EVP_PKEY *to, EVP_PKEY *from)
int ret;
if (ecx != NULL) {
dupkey = ossl_ecx_key_dup(ecx);
dupkey = ossl_ecx_key_dup(ecx, OSSL_KEYMGMT_SELECT_ALL);
if (dupkey == NULL)
return 0;
}

7
crypto/evp/keymgmt_lib.c
View File

@ -460,9 +460,10 @@ int evp_keymgmt_util_copy(EVP_PKEY *to, EVP_PKEY *from, int selection)
return 0;
}
} else if (to_keymgmt == from->keymgmt && to_keymgmt->dup != NULL
&& to_keydata == NULL
&& selection == OSSL_KEYMGMT_SELECT_ALL) {
to_keydata = alloc_keydata = evp_keymgmt_dup(to_keymgmt, from->keydata);
&& to_keydata == NULL) {
to_keydata = alloc_keydata = evp_keymgmt_dup(to_keymgmt,
from->keydata,
selection);
if (to_keydata == NULL)
return 0;
} else if (match_type(to_keymgmt, from->keymgmt)) {

5
crypto/evp/keymgmt_meth.c
View File

@ -477,10 +477,11 @@ int evp_keymgmt_copy(const EVP_KEYMGMT *keymgmt,
return keymgmt->copy(keydata_to, keydata_from, selection);
}
void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt, const void *keydata_from)
void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt, const void *keydata_from,
int selection)
{
/* We assume no dup if the implementation doesn't have a function */
if (keymgmt->dup == NULL)
return NULL;
return keymgmt->dup(keydata_from);
return keymgmt->dup(keydata_from, selection);
}

2
crypto/rsa/rsa_ameth.c
View File

@ -891,7 +891,7 @@ static int rsa_pkey_copy(EVP_PKEY *to, EVP_PKEY *from)
int ret;
if (rsa != NULL) {
dupkey = ossl_rsa_dup(rsa);
dupkey = ossl_rsa_dup(rsa, OSSL_KEYMGMT_SELECT_ALL);
if (dupkey == NULL)
return 0;
}

50
crypto/rsa/rsa_backend.c
View File

@ -330,7 +330,7 @@ static ossl_inline int rsa_bn_dup_check(BIGNUM **out, const BIGNUM *f)
return 1;
}
RSA *ossl_rsa_dup(const RSA *rsa)
RSA *ossl_rsa_dup(const RSA *rsa, int selection)
{
RSA *dupkey = NULL;
#ifndef FIPS_MODULE
@ -344,34 +344,42 @@ RSA *ossl_rsa_dup(const RSA *rsa)
if ((dupkey = ossl_rsa_new_with_ctx(rsa->libctx)) == NULL)
return NULL;
/* private and public key */
if (!rsa_bn_dup_check(&dupkey->n, rsa->n))
goto err;
if (!rsa_bn_dup_check(&dupkey->e, rsa->e))
goto err;
if (!rsa_bn_dup_check(&dupkey->d, rsa->d))
goto err;
/* public key */
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
if (!rsa_bn_dup_check(&dupkey->n, rsa->n))
goto err;
if (!rsa_bn_dup_check(&dupkey->e, rsa->e))
goto err;
}
/* factors and crt params */
if (!rsa_bn_dup_check(&dupkey->p, rsa->p))
goto err;
if (!rsa_bn_dup_check(&dupkey->q, rsa->q))
goto err;
if (!rsa_bn_dup_check(&dupkey->dmp1, rsa->dmp1))
goto err;
if (!rsa_bn_dup_check(&dupkey->dmq1, rsa->dmq1))
goto err;
if (!rsa_bn_dup_check(&dupkey->iqmp, rsa->iqmp))
goto err;
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
/* private key */
if (!rsa_bn_dup_check(&dupkey->d, rsa->d))
goto err;
/* factors and crt params */
if (!rsa_bn_dup_check(&dupkey->p, rsa->p))
goto err;
if (!rsa_bn_dup_check(&dupkey->q, rsa->q))
goto err;
if (!rsa_bn_dup_check(&dupkey->dmp1, rsa->dmp1))
goto err;
if (!rsa_bn_dup_check(&dupkey->dmq1, rsa->dmq1))
goto err;
if (!rsa_bn_dup_check(&dupkey->iqmp, rsa->iqmp))
goto err;
}
dupkey->version = rsa->version;
dupkey->flags = rsa->flags;
/* we always copy the PSS parameters regardless of selection */
dupkey->pss_params = rsa->pss_params;
#ifndef FIPS_MODULE
/* multiprime */
pnum = sk_RSA_PRIME_INFO_num(rsa->prime_infos);
if (pnum > 0) {
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
&& (pnum = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) > 0) {
dupkey->prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum);
for (i = 0; i < pnum; i++) {
const RSA_PRIME_INFO *pinfo = NULL;

7
doc/man7/provider-keymgmt.pod
View File

@ -56,7 +56,7 @@ provider-keymgmt - The KEYMGMT library E<lt>-E<gt> provider functions
int OSSL_FUNC_keymgmt_copy(void *keydata_to, const void *keydata_from, int selection);
/* Key object duplication, a constructor */
void *OSSL_FUNC_keymgmt_dup(const void *keydata_from);
void *OSSL_FUNC_keymgmt_dup(const void *keydata_from, int selection);
/* Key object validation */
int OSSL_FUNC_keymgmt_validate(const void *keydata, int selection, int checktype);
@ -346,8 +346,9 @@ from I<keydata_from> to I<keydata_to>. It is assumed that the caller
has ensured that I<keydata_to> and I<keydata_from> are both owned by
the implementation of this function.
OSSL_FUNC_keymgmt_dup() should duplicate the key data I<keydata_from> and
create a new provider side key object with the data.
OSSL_FUNC_keymgmt_dup() should duplicate data subsets indicated by
I<selection> or the whole key data I<keydata_from> and create a new
provider side key object with the data.
=head2 Common Information Parameters

2
include/crypto/dh.h
View File

@ -56,6 +56,6 @@ int ossl_dh_kdf_X9_42_asn1(unsigned char *out, size_t outlen,
const unsigned char *ukm, size_t ukmlen,
const EVP_MD *md,
OSSL_LIB_CTX *libctx, const char *propq);
DH *ossl_dh_dup(const DH *dh);
DH *ossl_dh_dup(const DH *dh, int selection);
#endif /* OSSL_CRYPTO_DH_H */

2
include/crypto/dsa.h
View File

@ -43,6 +43,6 @@ int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key,
int *ret);
int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret);
int ossl_dsa_check_pairwise(const DSA *dsa);
DSA *ossl_dsa_dup(const DSA *dsa);
DSA *ossl_dsa_dup(const DSA *dsa, int selection);
#endif

1
include/crypto/ec.h
View File

@ -79,6 +79,7 @@ int ossl_ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[]);
int ossl_ec_key_fromdata(EC_KEY *ecx, const OSSL_PARAM params[],
int include_private);
int ossl_ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]);
EC_KEY *ossl_ec_key_dup(const EC_KEY *key, int selection);
EC_KEY *ossl_ec_key_param_from_x509_algor(const X509_ALGOR *palg,
OSSL_LIB_CTX *libctx,
const char *propq);

2
include/crypto/ecx.h
View File

@ -83,7 +83,7 @@ void ossl_ecx_key_set0_libctx(ECX_KEY *key, OSSL_LIB_CTX *libctx);
unsigned char *ossl_ecx_key_allocate_privkey(ECX_KEY *key);
void ossl_ecx_key_free(ECX_KEY *key);
int ossl_ecx_key_up_ref(ECX_KEY *key);
ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key);
ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key, int selection);
int ossl_x25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
const uint8_t peer_public_value[32]);

2
include/crypto/evp.h
View File

@ -814,7 +814,7 @@ int evp_keymgmt_copy(const EVP_KEYMGMT *keymgmt,
void *keydata_to, const void *keydata_from,
int selection);
void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt,
const void *keydata_from);
const void *keydata_from, int selection);
/* Pulling defines out of C source files */

2
include/crypto/rsa.h
View File

@ -63,7 +63,7 @@ int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
int ossl_rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes,
STACK_OF(BIGNUM_const) *exps,
STACK_OF(BIGNUM_const) *coeffs);
RSA *ossl_rsa_dup(const RSA *rsa);
RSA *ossl_rsa_dup(const RSA *rsa, int selection);
int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[]);

2
include/openssl/core_dispatch.h
View File

@ -603,7 +603,7 @@ OSSL_CORE_MAKE_FUNC(int, keymgmt_copy,
/* Dup function, constructor */
# define OSSL_FUNC_KEYMGMT_DUP 45
OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
(const void *keydata_from))
(const void *keydata_from, int selection))
/* Key Exchange */

4
providers/implementations/keymgmt/dh_kmgmt.c
View File

@ -722,10 +722,10 @@ static void *dh_load(const void *reference, size_t reference_sz)
return NULL;
}
static void *dh_dup(const void *keydata_from)
static void *dh_dup(const void *keydata_from, int selection)
{
if (ossl_prov_is_running())
return ossl_dh_dup(keydata_from);
return ossl_dh_dup(keydata_from, selection);
return NULL;
}

4
providers/implementations/keymgmt/dsa_kmgmt.c
View File

@ -612,10 +612,10 @@ static void *dsa_load(const void *reference, size_t reference_sz)
return NULL;
}
static void *dsa_dup(const void *keydata_from)
static void *dsa_dup(const void *keydata_from, int selection)
{
if (ossl_prov_is_running())
return ossl_dsa_dup(keydata_from);
return ossl_dsa_dup(keydata_from, selection);
return NULL;
}

4
providers/implementations/keymgmt/ec_kmgmt.c
View File

@ -1362,10 +1362,10 @@ static void *sm2_load(const void *reference, size_t reference_sz)
# endif
#endif
static void *ec_dup(const void *keydata_from)
static void *ec_dup(const void *keydata_from, int selection)
{
if (ossl_prov_is_running())
return EC_KEY_dup(keydata_from);
return ossl_ec_key_dup(keydata_from, selection);
return NULL;
}

4
providers/implementations/keymgmt/ecx_kmgmt.c
View File

@ -692,10 +692,10 @@ void *ecx_load(const void *reference, size_t reference_sz)
return NULL;
}
static void *ecx_dup(const void *keydata_from)
static void *ecx_dup(const void *keydata_from, int selection)
{
if (ossl_prov_is_running())
return ossl_ecx_key_dup(keydata_from);
return ossl_ecx_key_dup(keydata_from, selection);
return NULL;
}

4
providers/implementations/keymgmt/rsa_kmgmt.c
View File

@ -646,10 +646,10 @@ static void *rsapss_load(const void *reference, size_t reference_sz)
return common_load(reference, reference_sz, RSA_FLAG_TYPE_RSASSAPSS);
}
static void *rsa_dup(const void *keydata_from)
static void *rsa_dup(const void *keydata_from, int selection)
{
if (ossl_prov_is_running())
return ossl_rsa_dup(keydata_from);
return ossl_rsa_dup(keydata_from, selection);
return NULL;
}