diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-04-07 19:35:13 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-04-15 09:19:39 +0200 |
commit | 4a9fe33c8e12f4fefae0471c0834f8e674dc7e4e (patch) | |
tree | 479171af7347523257b843893173927cbbc6e572 /providers/implementations/keymgmt | |
parent | b9cd82f95bf99eab4e1b0420918e7139db091c4b (diff) |
Implement provider-side keymgmt_dup function
To avoid mutating key data add OSSL_FUNC_KEYMGMT_DUP function
to the provider API and implement it for all asym-key key
managements.
Use it when copying everything to an empty EVP_PKEY
which is the case with EVP_PKEY_dup().
Fixes #14658
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14793)
Diffstat (limited to 'providers/implementations/keymgmt')
-rw-r--r-- | providers/implementations/keymgmt/dh_kmgmt.c | 12 | ||||
-rw-r--r-- | providers/implementations/keymgmt/dsa_kmgmt.c | 11 | ||||
-rw-r--r-- | providers/implementations/keymgmt/ec_kmgmt.c | 10 | ||||
-rw-r--r-- | providers/implementations/keymgmt/ecx_kmgmt.c | 9 | ||||
-rw-r--r-- | providers/implementations/keymgmt/rsa_kmgmt.c | 10 |
5 files changed, 50 insertions, 2 deletions
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c index ba56abe04a..f7b10a1d00 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -45,6 +45,7 @@ static OSSL_FUNC_keymgmt_import_fn dh_import; static OSSL_FUNC_keymgmt_import_types_fn dh_import_types; static OSSL_FUNC_keymgmt_export_fn dh_export; static OSSL_FUNC_keymgmt_export_types_fn dh_export_types; +static OSSL_FUNC_keymgmt_dup_fn dh_dup; #define DH_POSSIBLE_SELECTIONS \ (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) @@ -707,7 +708,7 @@ static void dh_gen_cleanup(void *genctx) OPENSSL_free(gctx); } -void *dh_load(const void *reference, size_t reference_sz) +static void *dh_load(const void *reference, size_t reference_sz) { DH *dh = NULL; @@ -721,6 +722,13 @@ void *dh_load(const void *reference, size_t reference_sz) return NULL; } +static void *dh_dup(const void *keydata_from) +{ + if (ossl_prov_is_running()) + return ossl_dh_dup(keydata_from); + return NULL; +} + const OSSL_DISPATCH ossl_dh_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dh_newdata }, { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))dh_gen_init }, @@ -743,6 +751,7 @@ const OSSL_DISPATCH ossl_dh_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))dh_import_types }, { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dh_export }, { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))dh_export_types }, + { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))dh_dup }, { 0, NULL } }; @@ -776,5 +785,6 @@ const OSSL_DISPATCH ossl_dhx_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))dh_export_types }, { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, (void (*)(void))dhx_query_operation_name }, + { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))dh_dup }, { 0, NULL } }; diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c index 15a40df260..0d3b6ae36c 100644 --- a/providers/implementations/keymgmt/dsa_kmgmt.c +++ b/providers/implementations/keymgmt/dsa_kmgmt.c @@ -44,6 +44,7 @@ static OSSL_FUNC_keymgmt_import_fn dsa_import; static OSSL_FUNC_keymgmt_import_types_fn dsa_import_types; static OSSL_FUNC_keymgmt_export_fn dsa_export; static OSSL_FUNC_keymgmt_export_types_fn dsa_export_types; +static OSSL_FUNC_keymgmt_dup_fn dsa_dup; #define DSA_DEFAULT_MD "SHA256" #define DSA_POSSIBLE_SELECTIONS \ @@ -597,7 +598,7 @@ static void dsa_gen_cleanup(void *genctx) OPENSSL_free(gctx); } -void *dsa_load(const void *reference, size_t reference_sz) +static void *dsa_load(const void *reference, size_t reference_sz) { DSA *dsa = NULL; @@ -611,6 +612,13 @@ void *dsa_load(const void *reference, size_t reference_sz) return NULL; } +static void *dsa_dup(const void *keydata_from) +{ + if (ossl_prov_is_running()) + return ossl_dsa_dup(keydata_from); + return NULL; +} + const OSSL_DISPATCH ossl_dsa_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dsa_newdata }, { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))dsa_gen_init }, @@ -631,5 +639,6 @@ const OSSL_DISPATCH ossl_dsa_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))dsa_import_types }, { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dsa_export }, { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))dsa_export_types }, + { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))dsa_dup }, { 0, NULL } }; diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index fe5bd7a28a..c525ffc81a 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -55,6 +55,7 @@ static OSSL_FUNC_keymgmt_import_types_fn ec_import_types; static OSSL_FUNC_keymgmt_export_fn ec_export; static OSSL_FUNC_keymgmt_export_types_fn ec_export_types; static OSSL_FUNC_keymgmt_query_operation_name_fn ec_query_operation_name; +static OSSL_FUNC_keymgmt_dup_fn ec_dup; #ifndef FIPS_MODULE # ifndef OPENSSL_NO_SM2 static OSSL_FUNC_keymgmt_new_fn sm2_newdata; @@ -1361,6 +1362,13 @@ static void *sm2_load(const void *reference, size_t reference_sz) # endif #endif +static void *ec_dup(const void *keydata_from) +{ + if (ossl_prov_is_running()) + return EC_KEY_dup(keydata_from); + return NULL; +} + const OSSL_DISPATCH ossl_ec_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))ec_newdata }, { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))ec_gen_init }, @@ -1386,6 +1394,7 @@ const OSSL_DISPATCH ossl_ec_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ec_export_types }, { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, (void (*)(void))ec_query_operation_name }, + { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))ec_dup }, { 0, NULL } }; @@ -1416,6 +1425,7 @@ const OSSL_DISPATCH ossl_sm2_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ec_export_types }, { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, (void (*)(void))sm2_query_operation_name }, + { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))ec_dup }, { 0, NULL } }; # endif diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c index a0284325cc..e072cdc851 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/providers/implementations/keymgmt/ecx_kmgmt.c @@ -71,6 +71,7 @@ static OSSL_FUNC_keymgmt_import_fn ecx_import; static OSSL_FUNC_keymgmt_import_types_fn ecx_imexport_types; static OSSL_FUNC_keymgmt_export_fn ecx_export; static OSSL_FUNC_keymgmt_export_types_fn ecx_imexport_types; +static OSSL_FUNC_keymgmt_dup_fn ecx_dup; #define ECX_POSSIBLE_SELECTIONS (OSSL_KEYMGMT_SELECT_KEYPAIR) @@ -691,6 +692,13 @@ void *ecx_load(const void *reference, size_t reference_sz) return NULL; } +static void *ecx_dup(const void *keydata_from) +{ + if (ossl_prov_is_running()) + return ossl_ecx_key_dup(keydata_from); + return NULL; +} + static int ecx_key_pairwise_check(const ECX_KEY *ecx, int type) { uint8_t pub[64]; @@ -788,6 +796,7 @@ static int ed448_validate(const void *keydata, int selection, int checktype) { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))alg##_gen }, \ { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))ecx_gen_cleanup }, \ { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))ecx_load }, \ + { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))ecx_dup }, \ { 0, NULL } \ }; diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c index fbd99e3dc8..5760d7650f 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -49,6 +49,7 @@ static OSSL_FUNC_keymgmt_import_types_fn rsa_import_types; static OSSL_FUNC_keymgmt_export_fn rsa_export; static OSSL_FUNC_keymgmt_export_types_fn rsa_export_types; static OSSL_FUNC_keymgmt_query_operation_name_fn rsa_query_operation_name; +static OSSL_FUNC_keymgmt_dup_fn rsa_dup; #define RSA_DEFAULT_MD "SHA256" #define RSA_PSS_DEFAULT_MD OSSL_DIGEST_NAME_SHA1 @@ -645,6 +646,13 @@ static void *rsapss_load(const void *reference, size_t reference_sz) return common_load(reference, reference_sz, RSA_FLAG_TYPE_RSASSAPSS); } +static void *rsa_dup(const void *keydata_from) +{ + if (ossl_prov_is_running()) + return ossl_rsa_dup(keydata_from); + return NULL; +} + /* For any RSA key, we use the "RSA" algorithms regardless of sub-type. */ static const char *rsa_query_operation_name(int operation_id) { @@ -671,6 +679,7 @@ const OSSL_DISPATCH ossl_rsa_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types }, { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))rsa_export }, { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types }, + { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))rsa_dup }, { 0, NULL } }; @@ -695,5 +704,6 @@ const OSSL_DISPATCH ossl_rsapss_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types }, { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, (void (*)(void))rsa_query_operation_name }, + { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))rsa_dup }, { 0, NULL } }; |