diff options
| author | Tomas Mraz <tomas@openssl.org> | 2021-04-13 17:31:08 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-04-19 11:36:16 +0200 |
| commit | b247113c053903ebb61a54ba5324847ba883ed70 (patch) | |
| tree | d01dfc99a0b4f52ba94b186ff1e476f1b1916e2f /crypto/evp | |
| parent | 5ae52001e115452ca285713feb1c2feaf07902ad (diff) | |
Detect low-level engine and app method based keys
The low-level engine and app method based keys have to be treated
as foreign and must be used with old legacy pmeths.
Fixes #14632
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14859)
Diffstat (limited to 'crypto/evp')
| -rw-r--r-- | crypto/evp/p_lib.c | 41 | ||||
| -rw-r--r-- | crypto/evp/pmeth_lib.c | 4 |
2 files changed, 41 insertions, 4 deletions
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 407ef22154..db334fb1ef 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -37,14 +37,15 @@ #include "internal/ffc.h" #include "crypto/asn1.h" #include "crypto/evp.h" +#include "crypto/dh.h" +#include "crypto/dsa.h" #include "crypto/ec.h" #include "crypto/ecx.h" +#include "crypto/rsa.h" #include "crypto/x509.h" #include "internal/provider.h" #include "evp_local.h" -#include "crypto/ec.h" - #include "e_os.h" /* strcasecmp on Windows */ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, @@ -691,6 +692,38 @@ ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey) # endif # ifndef OPENSSL_NO_DEPRECATED_3_0 +static void detect_foreign_key(EVP_PKEY *pkey) +{ + switch (pkey->type) { + case EVP_PKEY_RSA: + pkey->foreign = pkey->pkey.rsa != NULL + && ossl_rsa_is_foreign(pkey->pkey.rsa); + break; +# ifndef OPENSSL_NO_EC + case EVP_PKEY_SM2: + case EVP_PKEY_EC: + pkey->foreign = pkey->pkey.ec != NULL + && ossl_ec_key_is_foreign(pkey->pkey.ec); + break; +# endif +# ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: + pkey->foreign = pkey->pkey.dsa != NULL + && ossl_dsa_is_foreign(pkey->pkey.dsa); + break; +#endif +# ifndef OPENSSL_NO_DH + case EVP_PKEY_DH: + pkey->foreign = pkey->pkey.dh != NULL + && ossl_dh_is_foreign(pkey->pkey.dh); + break; +#endif + default: + pkey->foreign = 0; + break; + } +} + int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) { # ifndef OPENSSL_NO_EC @@ -719,6 +752,8 @@ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) return 0; pkey->pkey.ptr = key; + detect_foreign_key(pkey); + return (key != NULL); } # endif @@ -1354,7 +1389,6 @@ EVP_PKEY *EVP_PKEY_new(void) ret->type = EVP_PKEY_NONE; ret->save_type = EVP_PKEY_NONE; ret->references = 1; - ret->save_parameters = 1; ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { @@ -1363,6 +1397,7 @@ EVP_PKEY *EVP_PKEY_new(void) } #ifndef FIPS_MODULE + ret->save_parameters = 1; if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EVP_PKEY, ret, &ret->ex_data)) { ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); goto err; diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index f145bdfdc6..f00394e081 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -224,7 +224,7 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, */ if (!ossl_assert(e == NULL || keytype == NULL)) return NULL; - if (e == NULL) + if (e == NULL && (pkey == NULL || pkey->foreign == 0)) keytype = OBJ_nid2sn(id); # ifndef OPENSSL_NO_ENGINE @@ -246,6 +246,8 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, */ if (e != NULL) pmeth = ENGINE_get_pkey_meth(e, id); + else if (pkey != NULL && pkey->foreign) + pmeth = EVP_PKEY_meth_find(id); else # endif pmeth = evp_pkey_meth_find_added_by_application(id); |