diff options
author | slontis <shane.lontis@oracle.com> | 2023-02-17 09:54:58 +1000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-12-29 10:42:39 +0100 |
commit | 2e078bbef8677a08fe0a02bc506043314732538a (patch) | |
tree | f4ef0d4da0e8ee0817ac1e3ac9b5b8a441344c16 | |
parent | 7e3f84b41984442dae698bf4d7e593d2eed1c3c4 (diff) |
Limit RSA-OAEP related functions to RSA keys only
Make EVP_PKEY_CTX_set_rsa_oaep_md() and
EVP_PKEY_CTX_get_rsa_oaep_md_name() only work for RSA keys.
Since these calls use "digest" as a OSSL_PARAM, they should not
work for other key types.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20319)
(cherry picked from commit 0c3eb31b55d3c1544e4e044c2e3c939655bac93d)
-rw-r--r-- | crypto/rsa/rsa_lib.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 71a17a9234..c9c661b1ed 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -999,6 +999,10 @@ int EVP_PKEY_CTX_set_rsa_pss_keygen_md_name(EVP_PKEY_CTX *ctx, */ int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) { + /* If key type not RSA return error */ + if (!EVP_PKEY_CTX_is_a(ctx, "RSA")) + return -1; + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md)); } @@ -1026,6 +1030,10 @@ int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name, */ int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md) { + /* If key type not RSA return error */ + if (!EVP_PKEY_CTX_is_a(ctx, "RSA")) + return -1; + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)md); } |