diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-04-07 19:35:13 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-04-15 09:19:39 +0200 |
commit | 4a9fe33c8e12f4fefae0471c0834f8e674dc7e4e (patch) | |
tree | 479171af7347523257b843893173927cbbc6e572 /crypto/dsa | |
parent | b9cd82f95bf99eab4e1b0420918e7139db091c4b (diff) |
Implement provider-side keymgmt_dup function
To avoid mutating key data add OSSL_FUNC_KEYMGMT_DUP function
to the provider API and implement it for all asym-key key
managements.
Use it when copying everything to an empty EVP_PKEY
which is the case with EVP_PKEY_dup().
Fixes #14658
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14793)
Diffstat (limited to 'crypto/dsa')
-rw-r--r-- | crypto/dsa/dsa_ameth.c | 41 | ||||
-rw-r--r-- | crypto/dsa/dsa_backend.c | 44 | ||||
-rw-r--r-- | crypto/dsa/dsa_lib.c | 1 |
3 files changed, 46 insertions, 40 deletions
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 69964c053c..0844e9be09 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -500,45 +500,6 @@ static int dsa_pkey_import_from(const OSSL_PARAM params[], void *vpctx) return 1; } -static ossl_inline int dsa_bn_dup_check(BIGNUM **out, const BIGNUM *f) -{ - if (f != NULL && (*out = BN_dup(f)) == NULL) - return 0; - return 1; -} - -static DSA *dsa_dup(const DSA *dsa) -{ - DSA *dupkey = NULL; - - /* Do not try to duplicate foreign DSA keys */ - if (DSA_get_method((DSA *)dsa) != DSA_OpenSSL()) - return NULL; - - if ((dupkey = ossl_dsa_new(dsa->libctx)) == NULL) - return NULL; - - if (!ossl_ffc_params_copy(&dupkey->params, &dsa->params)) - goto err; - - dupkey->flags = dsa->flags; - - if (!dsa_bn_dup_check(&dupkey->pub_key, dsa->pub_key)) - goto err; - if (!dsa_bn_dup_check(&dupkey->priv_key, dsa->priv_key)) - goto err; - - if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_DSA, - &dupkey->ex_data, &dsa->ex_data)) - goto err; - - return dupkey; - - err: - DSA_free(dupkey); - return NULL; -} - static int dsa_pkey_copy(EVP_PKEY *to, EVP_PKEY *from) { DSA *dsa = from->pkey.dsa; @@ -546,7 +507,7 @@ static int dsa_pkey_copy(EVP_PKEY *to, EVP_PKEY *from) int ret; if (dsa != NULL) { - dupkey = dsa_dup(dsa); + dupkey = ossl_dsa_dup(dsa); if (dupkey == NULL) return 0; } diff --git a/crypto/dsa/dsa_backend.c b/crypto/dsa/dsa_backend.c index f3e54aeb13..856203a200 100644 --- a/crypto/dsa/dsa_backend.c +++ b/crypto/dsa/dsa_backend.c @@ -16,6 +16,7 @@ #include <openssl/core_names.h> #include <openssl/err.h> #include "crypto/dsa.h" +#include "dsa_local.h" /* * The intention with the "backend" source file is to offer backend support @@ -56,6 +57,49 @@ int ossl_dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[]) return 0; } +static ossl_inline int dsa_bn_dup_check(BIGNUM **out, const BIGNUM *f) +{ + if (f != NULL && (*out = BN_dup(f)) == NULL) + return 0; + return 1; +} + +DSA *ossl_dsa_dup(const DSA *dsa) +{ + DSA *dupkey = NULL; + +#ifndef FIPS_MODULE + /* Do not try to duplicate foreign DSA keys */ + if (DSA_get_method((DSA *)dsa) != DSA_OpenSSL()) + return NULL; +#endif + + if ((dupkey = ossl_dsa_new(dsa->libctx)) == NULL) + return NULL; + + if (!ossl_ffc_params_copy(&dupkey->params, &dsa->params)) + goto err; + + dupkey->flags = dsa->flags; + + if (!dsa_bn_dup_check(&dupkey->pub_key, dsa->pub_key)) + goto err; + if (!dsa_bn_dup_check(&dupkey->priv_key, dsa->priv_key)) + goto err; + +#ifndef FIPS_MODULE + if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_DSA, + &dupkey->ex_data, &dsa->ex_data)) + goto err; +#endif + + return dupkey; + + err: + DSA_free(dupkey); + return NULL; +} + #ifndef FIPS_MODULE DSA *ossl_dsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, OSSL_LIB_CTX *libctx, const char *propq) diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 5512b99ef1..f39c2aa21a 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -358,3 +358,4 @@ int ossl_dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[]) dsa->dirty_cnt++; return ret; } + |