diff options
| author | Richard Levitte <levitte@openssl.org> | 2021-01-29 04:47:47 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2021-03-19 16:46:39 +0100 |
| commit | e0be34beee9ef8ebab49c51581f796e013600b77 (patch) | |
| tree | 8c90feaa7c2e74ce966e22b1a70cdf3146fec43a /providers/implementations/keymgmt | |
| parent | 06f6761280285401f3aaa31502614f7c8dd0c4fb (diff) | |
PROV: Add RSA-PSS specific OSSL_FUNC_KEYMGMT_LOAD function
The OSSL_FUNC_KEYMGMT_LOAD function for both plain RSA and RSA-PSS
keys now also check that the key to be loaded is the correct type,
and refuse to load it if it's not.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14314)
Diffstat (limited to 'providers/implementations/keymgmt')
| -rw-r--r-- | providers/implementations/keymgmt/rsa_kmgmt.c | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c index 1c4fb3bcd5..394f3836dd 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -36,6 +36,7 @@ static OSSL_FUNC_keymgmt_gen_settable_params_fn rsapss_gen_settable_params; static OSSL_FUNC_keymgmt_gen_fn rsa_gen; static OSSL_FUNC_keymgmt_gen_cleanup_fn rsa_gen_cleanup; static OSSL_FUNC_keymgmt_load_fn rsa_load; +static OSSL_FUNC_keymgmt_load_fn rsapss_load; static OSSL_FUNC_keymgmt_free_fn rsa_freedata; static OSSL_FUNC_keymgmt_get_params_fn rsa_get_params; static OSSL_FUNC_keymgmt_gettable_params_fn rsa_gettable_params; @@ -610,13 +611,18 @@ static void rsa_gen_cleanup(void *genctx) OPENSSL_free(gctx); } -void *rsa_load(const void *reference, size_t reference_sz) +static void *common_load(const void *reference, size_t reference_sz, + int expected_rsa_type) { RSA *rsa = NULL; if (ossl_prov_is_running() && reference_sz == sizeof(rsa)) { /* The contents of the reference is the address to our object */ rsa = *(RSA **)reference; + + if (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK) != expected_rsa_type) + return NULL; + /* We grabbed, so we detach it */ *(RSA **)reference = NULL; return rsa; @@ -624,6 +630,16 @@ void *rsa_load(const void *reference, size_t reference_sz) return NULL; } +static void *rsa_load(const void *reference, size_t reference_sz) +{ + return common_load(reference, reference_sz, RSA_FLAG_TYPE_RSA); +} + +static void *rsapss_load(const void *reference, size_t reference_sz) +{ + return common_load(reference, reference_sz, RSA_FLAG_TYPE_RSASSAPSS); +} + /* For any RSA key, we use the "RSA" algorithms regardless of sub-type. */ static const char *rsa_query_operation_name(int operation_id) { @@ -661,7 +677,7 @@ const OSSL_DISPATCH ossl_rsapss_keymgmt_functions[] = { (void (*)(void))rsapss_gen_settable_params }, { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen }, { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup }, - { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsa_load }, + { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsapss_load }, { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata }, { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params }, { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))rsa_gettable_params }, |