diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-04-27 16:01:13 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-05-13 13:30:07 +0200 |
commit | b4c4a2c68817ea0b2df8012673fa4e0712681704 (patch) | |
tree | 0e9ef2698c96e048dda681af0aadc9f7daac384a /providers/implementations | |
parent | e9fe0f7e9df7e0909ca52a024b889e48616a29d9 (diff) |
Implement pem_read_key directly through OSSL_DECODER
Using OSSL_STORE is too heavy and breaks things.
There were also needed various fixes mainly for missing proper
handling of the SM2 keys in the OSSL_DECODER.
Fixes #14788
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15045)
Diffstat (limited to 'providers/implementations')
-rw-r--r-- | providers/implementations/keymgmt/ec_kmgmt.c | 8 | ||||
-rw-r--r-- | providers/implementations/keymgmt/rsa_kmgmt.c | 4 |
2 files changed, 2 insertions, 10 deletions
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index f563d920c4..2673619ef4 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -1288,14 +1288,8 @@ static void *sm2_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) ret = ec_gen_assign_group(ec, gctx->gen_group); /* Whether you want it or not, you get a keypair, not just one half */ - if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { - /* - * For SM2, we need a new flag to indicate the 'generate' function - * to use a new range - */ - EC_KEY_set_flags(ec, EC_FLAG_SM2_RANGE); + if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) ret = ret && EC_KEY_generate_key(ec); - } if (ret) return ec; diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c index a075c54487..34871629ba 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -122,9 +122,7 @@ static int rsa_has(const void *keydata, int selection) if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) return 1; /* the selection is not missing */ - if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) - /* This will change with OAEP */ - ok = ok && (RSA_test_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS) != 0); + /* OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS are always available even if empty */ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) ok = ok && (RSA_get0_e(rsa) != NULL); if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) |