diff options
| author | Tomas Mraz <tomas@openssl.org> | 2023-07-21 17:40:31 +0200 |
|---|---|---|
| committer | Todd Short <todd.short@me.com> | 2023-08-04 10:09:44 -0400 |
| commit | 2acb0d363c0032b5b97c4f6596609f40bd7d842f (patch) | |
| tree | 5ca1bcac26a1b2728d44be79f8253805a850c3e8 | |
| parent | 1ae4678cebaa13604c0f31bdf2c64cd28bdaf287 (diff) | |
When exporting/importing decoded keys do not use 0 as selection
When decoding 0 as the selection means to decode anything
you get.
However when exporting and then importing the key data 0 as
selection is not meaningful.
So we set it to OSSL_KEYMGMT_SELECT_ALL to make the export/import
function export/import everything that we have decoded.
Fixes #21493
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21519)
4 files changed, 20 insertions, 4 deletions
diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c index 49c90a81a6..e3aaa44902 100644 --- a/crypto/encode_decode/decoder_pkey.c +++ b/crypto/encode_decode/decoder_pkey.c @@ -155,7 +155,11 @@ static int decoder_construct_pkey(OSSL_DECODER_INSTANCE *decoder_inst, import_data.keymgmt = keymgmt; import_data.keydata = NULL; - import_data.selection = data->selection; + if (data->selection == 0) + /* import/export functions do not tolerate 0 selection */ + import_data.selection = OSSL_KEYMGMT_SELECT_ALL; + else + import_data.selection = data->selection; /* * No need to check for errors here, the value of diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index 2657760a62..5f094a32dc 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -317,10 +317,14 @@ static int der2key_export_object(void *vctx, void *keydata; if (reference_sz == sizeof(keydata) && export != NULL) { + int selection = ctx->selection; + + if (selection == 0) + selection = OSSL_KEYMGMT_SELECT_ALL; /* The contents of the reference is the address to our object */ keydata = *(void **)reference; - return export(keydata, ctx->selection, export_cb, export_cbarg); + return export(keydata, selection, export_cb, export_cbarg); } return 0; } diff --git a/providers/implementations/encode_decode/decode_msblob2key.c b/providers/implementations/encode_decode/decode_msblob2key.c index 3bf4cf4537..7c4f993b89 100644 --- a/providers/implementations/encode_decode/decode_msblob2key.c +++ b/providers/implementations/encode_decode/decode_msblob2key.c @@ -221,10 +221,14 @@ msblob2key_export_object(void *vctx, void *keydata; if (reference_sz == sizeof(keydata) && export != NULL) { + int selection = ctx->selection; + + if (selection == 0) + selection = OSSL_KEYMGMT_SELECT_ALL; /* The contents of the reference is the address to our object */ keydata = *(void **)reference; - return export(keydata, ctx->selection, export_cb, export_cbarg); + return export(keydata, selection, export_cb, export_cbarg); } return 0; } diff --git a/providers/implementations/encode_decode/decode_pvk2key.c b/providers/implementations/encode_decode/decode_pvk2key.c index 819014231c..cae1d9897a 100644 --- a/providers/implementations/encode_decode/decode_pvk2key.c +++ b/providers/implementations/encode_decode/decode_pvk2key.c @@ -190,10 +190,14 @@ static int pvk2key_export_object(void *vctx, void *keydata; if (reference_sz == sizeof(keydata) && export != NULL) { + int selection = ctx->selection; + + if (selection == 0) + selection = OSSL_KEYMGMT_SELECT_ALL; /* The contents of the reference is the address to our object */ keydata = *(void **)reference; - return export(keydata, ctx->selection, export_cb, export_cbarg); + return export(keydata, selection, export_cb, export_cbarg); } return 0; } |