diff options
author | Jorge Ramirez-Ortiz <jorge@foundries.io> | 2023-03-08 12:50:25 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-03-27 12:06:21 +0200 |
commit | 9adbce74933b87dd4fe776b70fef55f2f468f5f7 (patch) | |
tree | 8e226228a21834638b6ef12a0fad5b190b067ad4 | |
parent | 93370db1fc76ad37bd53cfbeb948d1ded43d3b2a (diff) |
translation: EC legacy keys, handle OSSL_PKEY_PARAM_EC_PUB_X,Y requests
Required by tpm2-tss to load legacy EC keys using the OpenSSL engine.
Fixes: https://github.com/tpm2-software/tpm2-tss/issues/2581
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20535)
-rw-r--r-- | crypto/evp/ctrl_params_translate.c | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index a3db7aed34..21be0d115c 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -1642,6 +1642,60 @@ static int get_payload_public_key(enum state state, return ret; } +static int get_payload_public_key_ec(enum state state, + const struct translation_st *translation, + struct translation_ctx_st *ctx) +{ +#ifndef OPENSSL_NO_EC + EVP_PKEY *pkey = ctx->p2; + const EC_KEY *eckey = EVP_PKEY_get0_EC_KEY(pkey); + BN_CTX *bnctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(eckey)); + const EC_POINT *point = EC_KEY_get0_public_key(eckey); + const EC_GROUP *ecg = EC_KEY_get0_group(eckey); + BIGNUM *x = NULL; + BIGNUM *y = NULL; + int ret = 0; + + if (bnctx == NULL) + return 0; + + ctx->p2 = NULL; + + if (eckey == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE); + goto out; + } + + /* Caller should have requested a BN, fail if not */ + if (ctx->params->data_type != OSSL_PARAM_UNSIGNED_INTEGER) + goto out; + + x = BN_CTX_get(bnctx); + y = BN_CTX_get(bnctx); + if (y == NULL) + goto out; + + if (!EC_POINT_get_affine_coordinates(ecg, point, x, y, bnctx)) + goto out; + + if (strncmp(ctx->params->key, OSSL_PKEY_PARAM_EC_PUB_X, 2) == 0) + ctx->p2 = x; + else if (strncmp(ctx->params->key, OSSL_PKEY_PARAM_EC_PUB_Y, 2) == 0) + ctx->p2 = y; + else + goto out; + + /* Return the payload */ + ret = default_fixup_args(state, translation, ctx); +out: + BN_CTX_free(bnctx); + return ret; +#else + ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE); + return 0; +#endif +} + static int get_payload_bn(enum state state, const struct translation_st *translation, struct translation_ctx_st *ctx, const BIGNUM *bn) @@ -2334,6 +2388,12 @@ static const struct translation_st evp_pkey_translations[] = { OSSL_PKEY_PARAM_PUB_KEY, 0 /* no data type, let get_payload_public_key() handle that */, get_payload_public_key }, + { GET, -1, -1, -1, 0, NULL, NULL, + OSSL_PKEY_PARAM_EC_PUB_X, OSSL_PARAM_UNSIGNED_INTEGER, + get_payload_public_key_ec }, + { GET, -1, -1, -1, 0, NULL, NULL, + OSSL_PKEY_PARAM_EC_PUB_Y, OSSL_PARAM_UNSIGNED_INTEGER, + get_payload_public_key_ec }, /* DH and DSA */ { GET, -1, -1, -1, 0, NULL, NULL, |