EVP: Have all EVP_PKEY check functions export to provider if possible

Fixes #13322 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13334)
author: Richard Levitte <levitte@openssl.org> 2020-11-06 08:04:59 +0100
committer: Richard Levitte <levitte@openssl.org> 2020-11-07 12:31:24 +0100
commit: dc56deddeea301f9a496c1565398d7ec1fb8dac0 (patch)
tree: c4af8b12f3ba382709e2a3896c5506baea05ab5f /crypto/evp
parent: 914079d1c33cd775f15801663c36ee31c66554fa (diff)
1 files changed, 41 insertions, 36 deletions
diff --git a/crypto/evp/pmeth_check.c b/crypto/evp/pmeth_check.c
index b99d5b1abd..449ff88095 100644
--- a/crypto/evp/pmeth_check.c
+++ b/crypto/evp/pmeth_check.c
@@ -17,23 +17,43 @@
 #include "crypto/evp.h"
 #include "evp_local.h"
 
+/*
+ * Returns:
+ *  1   True
+ *  0   False
+ * -1   Unsupported (use legacy path)
+ */
+static int try_provided_check(EVP_PKEY_CTX *ctx, int selection)
+{
+    EVP_KEYMGMT *keymgmt;
+    void *keydata;
+
+    if (evp_pkey_ctx_is_legacy(ctx))
+        return -1;
+
+    keymgmt = ctx->keymgmt;
+    keydata = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
+                                          &keymgmt, ctx->propquery);
+    if (keydata == NULL) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+        return 0;
+    }
+
+    return evp_keymgmt_validate(keymgmt, keydata, selection);
+}
+
 int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
 {
     EVP_PKEY *pkey = ctx->pkey;
-    void *key;
-    EVP_KEYMGMT *keymgmt;
+    int ok;
 
     if (pkey == NULL) {
         EVPerr(EVP_F_EVP_PKEY_PUBLIC_CHECK, EVP_R_NO_KEY_SET);
         return 0;
     }
 
-    keymgmt = pkey->keymgmt;
-    key = pkey->keydata;
-
-    if (key != NULL && keymgmt != NULL)
-        return evp_keymgmt_validate(keymgmt, key,
-                                    OSSL_KEYMGMT_SELECT_PUBLIC_KEY);
+    if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) != -1)
+        return ok;
 
     if (pkey->type == EVP_PKEY_NONE)
         goto not_supported;
@@ -58,20 +78,16 @@ int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
 int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
 {
     EVP_PKEY *pkey = ctx->pkey;
-    void *key;
-    EVP_KEYMGMT *keymgmt;
+    int ok;
 
     if (pkey == NULL) {
         EVPerr(EVP_F_EVP_PKEY_PARAM_CHECK, EVP_R_NO_KEY_SET);
         return 0;
     }
 
-    keymgmt = pkey->keymgmt;
-    key = pkey->keydata;
-
-    if (key != NULL && keymgmt != NULL)
-        return evp_keymgmt_validate(keymgmt, key,
-                                    OSSL_KEYMGMT_SELECT_ALL_PARAMETERS);
+    if ((ok = try_provided_check(ctx,
+                                 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)) != -1)
+        return ok;
 
     if (pkey->type == EVP_PKEY_NONE)
         goto not_supported;
@@ -96,20 +112,16 @@ int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
 int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx)
 {
     EVP_PKEY *pkey = ctx->pkey;
-    void *key;
-    EVP_KEYMGMT *keymgmt;
+    int ok;
 
     if (pkey == NULL) {
         EVPerr(0, EVP_R_NO_KEY_SET);
         return 0;
     }
 
-    keymgmt = pkey->keymgmt;
-    key = pkey->keydata;
+    if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) != -1)
+        return ok;
 
-    if (key != NULL && keymgmt != NULL)
-        return evp_keymgmt_validate(keymgmt, key,
-                                    OSSL_KEYMGMT_SELECT_PRIVATE_KEY);
     /* not supported for legacy keys */
     EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
     return -2;
@@ -118,19 +130,16 @@ int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx)
 int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx)
 {
     EVP_PKEY *pkey = ctx->pkey;
-    void *key;
-    EVP_KEYMGMT *keymgmt;
+    int ok;
 
     if (pkey == NULL) {
         EVPerr(0, EVP_R_NO_KEY_SET);
         return 0;
     }
 
-    keymgmt = pkey->keymgmt;
-    key = pkey->keydata;
+    if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR)) != -1)
+        return ok;
 
-    if (key != NULL && keymgmt != NULL)
-        return evp_keymgmt_validate(keymgmt, key, OSSL_KEYMGMT_SELECT_KEYPAIR);
     /* not supported for legacy keys */
     EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
     return -2;
@@ -139,19 +148,15 @@ int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx)
 int EVP_PKEY_check(EVP_PKEY_CTX *ctx)
 {
     EVP_PKEY *pkey = ctx->pkey;
-    void *key;
-    EVP_KEYMGMT *keymgmt;
+    int ok;
 
     if (pkey == NULL) {
         EVPerr(EVP_F_EVP_PKEY_CHECK, EVP_R_NO_KEY_SET);
         return 0;
     }
 
-    keymgmt = pkey->keymgmt;
-    key = pkey->keydata;
-
-    if (key != NULL && keymgmt != NULL)
-        return evp_keymgmt_validate(keymgmt, key, OSSL_KEYMGMT_SELECT_ALL);
+    if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR)) != -1)
+        return ok;
 
     if (pkey->type == EVP_PKEY_NONE)
         goto not_supported;
author	Richard Levitte <levitte@openssl.org>	2020-11-06 08:04:59 +0100
committer	Richard Levitte <levitte@openssl.org>	2020-11-07 12:31:24 +0100
commit	dc56deddeea301f9a496c1565398d7ec1fb8dac0 (patch)
tree	c4af8b12f3ba382709e2a3896c5506baea05ab5f /crypto/evp
parent	914079d1c33cd775f15801663c36ee31c66554fa (diff)