diff options
| author | Tomas Mraz <tomas@openssl.org> | 2021-04-07 19:35:13 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-04-15 09:19:39 +0200 |
| commit | 4a9fe33c8e12f4fefae0471c0834f8e674dc7e4e (patch) | |
| tree | 479171af7347523257b843893173927cbbc6e572 /crypto/dsa/dsa_backend.c | |
| parent | b9cd82f95bf99eab4e1b0420918e7139db091c4b (diff) | |
Implement provider-side keymgmt_dup function
To avoid mutating key data add OSSL_FUNC_KEYMGMT_DUP function
to the provider API and implement it for all asym-key key
managements.
Use it when copying everything to an empty EVP_PKEY
which is the case with EVP_PKEY_dup().
Fixes #14658
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14793)
Diffstat (limited to 'crypto/dsa/dsa_backend.c')
| -rw-r--r-- | crypto/dsa/dsa_backend.c | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/crypto/dsa/dsa_backend.c b/crypto/dsa/dsa_backend.c index f3e54aeb13..856203a200 100644 --- a/crypto/dsa/dsa_backend.c +++ b/crypto/dsa/dsa_backend.c @@ -16,6 +16,7 @@ #include <openssl/core_names.h> #include <openssl/err.h> #include "crypto/dsa.h" +#include "dsa_local.h" /* * The intention with the "backend" source file is to offer backend support @@ -56,6 +57,49 @@ int ossl_dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[]) return 0; } +static ossl_inline int dsa_bn_dup_check(BIGNUM **out, const BIGNUM *f) +{ + if (f != NULL && (*out = BN_dup(f)) == NULL) + return 0; + return 1; +} + +DSA *ossl_dsa_dup(const DSA *dsa) +{ + DSA *dupkey = NULL; + +#ifndef FIPS_MODULE + /* Do not try to duplicate foreign DSA keys */ + if (DSA_get_method((DSA *)dsa) != DSA_OpenSSL()) + return NULL; +#endif + + if ((dupkey = ossl_dsa_new(dsa->libctx)) == NULL) + return NULL; + + if (!ossl_ffc_params_copy(&dupkey->params, &dsa->params)) + goto err; + + dupkey->flags = dsa->flags; + + if (!dsa_bn_dup_check(&dupkey->pub_key, dsa->pub_key)) + goto err; + if (!dsa_bn_dup_check(&dupkey->priv_key, dsa->priv_key)) + goto err; + +#ifndef FIPS_MODULE + if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_DSA, + &dupkey->ex_data, &dsa->ex_data)) + goto err; +#endif + + return dupkey; + + err: + DSA_free(dupkey); + return NULL; +} + #ifndef FIPS_MODULE DSA *ossl_dsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, OSSL_LIB_CTX *libctx, const char *propq) |