diff options
author | Richard Levitte <levitte@openssl.org> | 2020-11-06 08:04:59 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-11-07 12:31:24 +0100 |
commit | dc56deddeea301f9a496c1565398d7ec1fb8dac0 (patch) | |
tree | c4af8b12f3ba382709e2a3896c5506baea05ab5f /crypto/evp | |
parent | 914079d1c33cd775f15801663c36ee31c66554fa (diff) |
EVP: Have all EVP_PKEY check functions export to provider if possible
Fixes #13322
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13334)
Diffstat (limited to 'crypto/evp')
-rw-r--r-- | crypto/evp/pmeth_check.c | 77 |
1 files changed, 41 insertions, 36 deletions
diff --git a/crypto/evp/pmeth_check.c b/crypto/evp/pmeth_check.c index b99d5b1abd..449ff88095 100644 --- a/crypto/evp/pmeth_check.c +++ b/crypto/evp/pmeth_check.c @@ -17,23 +17,43 @@ #include "crypto/evp.h" #include "evp_local.h" +/* + * Returns: + * 1 True + * 0 False + * -1 Unsupported (use legacy path) + */ +static int try_provided_check(EVP_PKEY_CTX *ctx, int selection) +{ + EVP_KEYMGMT *keymgmt; + void *keydata; + + if (evp_pkey_ctx_is_legacy(ctx)) + return -1; + + keymgmt = ctx->keymgmt; + keydata = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx, + &keymgmt, ctx->propquery); + if (keydata == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + return 0; + } + + return evp_keymgmt_validate(keymgmt, keydata, selection); +} + int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx) { EVP_PKEY *pkey = ctx->pkey; - void *key; - EVP_KEYMGMT *keymgmt; + int ok; if (pkey == NULL) { EVPerr(EVP_F_EVP_PKEY_PUBLIC_CHECK, EVP_R_NO_KEY_SET); return 0; } - keymgmt = pkey->keymgmt; - key = pkey->keydata; - - if (key != NULL && keymgmt != NULL) - return evp_keymgmt_validate(keymgmt, key, - OSSL_KEYMGMT_SELECT_PUBLIC_KEY); + if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) != -1) + return ok; if (pkey->type == EVP_PKEY_NONE) goto not_supported; @@ -58,20 +78,16 @@ int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx) int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx) { EVP_PKEY *pkey = ctx->pkey; - void *key; - EVP_KEYMGMT *keymgmt; + int ok; if (pkey == NULL) { EVPerr(EVP_F_EVP_PKEY_PARAM_CHECK, EVP_R_NO_KEY_SET); return 0; } - keymgmt = pkey->keymgmt; - key = pkey->keydata; - - if (key != NULL && keymgmt != NULL) - return evp_keymgmt_validate(keymgmt, key, - OSSL_KEYMGMT_SELECT_ALL_PARAMETERS); + if ((ok = try_provided_check(ctx, + OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)) != -1) + return ok; if (pkey->type == EVP_PKEY_NONE) goto not_supported; @@ -96,20 +112,16 @@ int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx) int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx) { EVP_PKEY *pkey = ctx->pkey; - void *key; - EVP_KEYMGMT *keymgmt; + int ok; if (pkey == NULL) { EVPerr(0, EVP_R_NO_KEY_SET); return 0; } - keymgmt = pkey->keymgmt; - key = pkey->keydata; + if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) != -1) + return ok; - if (key != NULL && keymgmt != NULL) - return evp_keymgmt_validate(keymgmt, key, - OSSL_KEYMGMT_SELECT_PRIVATE_KEY); /* not supported for legacy keys */ EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; @@ -118,19 +130,16 @@ int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx) int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx) { EVP_PKEY *pkey = ctx->pkey; - void *key; - EVP_KEYMGMT *keymgmt; + int ok; if (pkey == NULL) { EVPerr(0, EVP_R_NO_KEY_SET); return 0; } - keymgmt = pkey->keymgmt; - key = pkey->keydata; + if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR)) != -1) + return ok; - if (key != NULL && keymgmt != NULL) - return evp_keymgmt_validate(keymgmt, key, OSSL_KEYMGMT_SELECT_KEYPAIR); /* not supported for legacy keys */ EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; @@ -139,19 +148,15 @@ int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx) int EVP_PKEY_check(EVP_PKEY_CTX *ctx) { EVP_PKEY *pkey = ctx->pkey; - void *key; - EVP_KEYMGMT *keymgmt; + int ok; if (pkey == NULL) { EVPerr(EVP_F_EVP_PKEY_CHECK, EVP_R_NO_KEY_SET); return 0; } - keymgmt = pkey->keymgmt; - key = pkey->keydata; - - if (key != NULL && keymgmt != NULL) - return evp_keymgmt_validate(keymgmt, key, OSSL_KEYMGMT_SELECT_ALL); + if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR)) != -1) + return ok; if (pkey->type == EVP_PKEY_NONE) goto not_supported; |