diff options
| author | slontis <shane.lontis@oracle.com> | 2023-06-16 16:40:06 +1000 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2023-08-16 18:02:51 +0200 |
| commit | 39ed7636e0d8a90512e7ccb811cd0bfcb7a79650 (patch) | |
| tree | da7067bfcf6d7f78574185a3152db9581a6aaa3c /providers/implementations | |
| parent | a25715be77ff43cd816a2011fff50b68204e9c0e (diff) | |
Fix decoders so that they use the passed in propq.
Fixes #21198
decoder objects were setting propq as NULL.
Added a set_ctx/settable_ctx to all decoders that should supply
a property query parameter to internal functions.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21219)
Diffstat (limited to 'providers/implementations')
4 files changed, 124 insertions, 5 deletions
diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index 5f094a32dc..45b39ed358 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -89,6 +89,7 @@ struct keytype_desc_st { */ struct der2key_ctx_st { PROV_CTX *provctx; + char propq[OSSL_MAX_PROPQUERY_SIZE]; const struct keytype_desc_st *desc; /* The selection that is passed to der2key_decode() */ int selection; @@ -109,7 +110,7 @@ static void *der2key_decode_p8(const unsigned char **input_der, if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf) && OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type) - key = key_from_pkcs8(p8inf, PROV_LIBCTX_OF(ctx->provctx), NULL); + key = key_from_pkcs8(p8inf, PROV_LIBCTX_OF(ctx->provctx), ctx->propq); PKCS8_PRIV_KEY_INFO_free(p8inf); return key; @@ -120,6 +121,8 @@ static void *der2key_decode_p8(const unsigned char **input_der, static OSSL_FUNC_decoder_freectx_fn der2key_freectx; static OSSL_FUNC_decoder_decode_fn der2key_decode; static OSSL_FUNC_decoder_export_object_fn der2key_export_object; +static OSSL_FUNC_decoder_settable_ctx_params_fn der2key_settable_ctx_params; +static OSSL_FUNC_decoder_set_ctx_params_fn der2key_set_ctx_params; static struct der2key_ctx_st * der2key_newctx(void *provctx, const struct keytype_desc_st *desc) @@ -133,6 +136,28 @@ der2key_newctx(void *provctx, const struct keytype_desc_st *desc) return ctx; } +static const OSSL_PARAM *der2key_settable_ctx_params(ossl_unused void *provctx) +{ + static const OSSL_PARAM settables[] = { + OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0), + OSSL_PARAM_END + }; + return settables; +} + +static int der2key_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + struct der2key_ctx_st *ctx = vctx; + const OSSL_PARAM *p; + char *str = ctx->propq; + + p = OSSL_PARAM_locate_const(params, OSSL_DECODER_PARAM_PROPERTIES); + if (p != NULL && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->propq))) + return 0; + + return 1; +} + static void der2key_freectx(void *vctx) { struct der2key_ctx_st *ctx = vctx; @@ -755,6 +780,10 @@ static void rsa_adjust(void *key, struct der2key_ctx_st *ctx) (void (*)(void))der2key_decode }, \ { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ (void (*)(void))der2key_export_object }, \ + { OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))der2key_settable_ctx_params }, \ + { OSSL_FUNC_DECODER_SET_CTX_PARAMS, \ + (void (*)(void))der2key_set_ctx_params }, \ OSSL_DISPATCH_END \ } diff --git a/providers/implementations/encode_decode/decode_epki2pki.c b/providers/implementations/encode_decode/decode_epki2pki.c index 16fdc7945e..5dd13f5a92 100644 --- a/providers/implementations/encode_decode/decode_epki2pki.c +++ b/providers/implementations/encode_decode/decode_epki2pki.c @@ -26,12 +26,15 @@ static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx; static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx; static OSSL_FUNC_decoder_decode_fn epki2pki_decode; +static OSSL_FUNC_decoder_settable_ctx_params_fn epki2pki_settable_ctx_params; +static OSSL_FUNC_decoder_set_ctx_params_fn epki2pki_set_ctx_params; /* * Context used for EncryptedPrivateKeyInfo to PrivateKeyInfo decoding. */ struct epki2pki_ctx_st { PROV_CTX *provctx; + char propq[OSSL_MAX_PROPQUERY_SIZE]; }; static void *epki2pki_newctx(void *provctx) @@ -50,6 +53,28 @@ static void epki2pki_freectx(void *vctx) OPENSSL_free(ctx); } +static const OSSL_PARAM *epki2pki_settable_ctx_params(ossl_unused void *provctx) +{ + static const OSSL_PARAM settables[] = { + OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0), + OSSL_PARAM_END + }; + return settables; +} + +static int epki2pki_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + struct epki2pki_ctx_st *ctx = vctx; + const OSSL_PARAM *p; + char *str = ctx->propq; + + p = OSSL_PARAM_locate_const(params, OSSL_DECODER_PARAM_PROPERTIES); + if (p != NULL && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->propq))) + return 0; + + return 1; +} + /* * The selection parameter in epki2pki_decode() is not used by this function * because it's not relevant just to decode EncryptedPrivateKeyInfo to @@ -104,7 +129,8 @@ static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, if (!PKCS12_pbe_crypt_ex(alg, pbuf, plen, oct->data, oct->length, &new_der, &new_der_len, 0, - PROV_LIBCTX_OF(ctx->provctx), NULL)) { + PROV_LIBCTX_OF(ctx->provctx), + ctx->propq)) { ok = 0; } else { OPENSSL_free(der); @@ -154,5 +180,9 @@ const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[] { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))epki2pki_newctx }, { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))epki2pki_freectx }, { OSSL_FUNC_DECODER_DECODE, (void (*)(void))epki2pki_decode }, + { OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS, + (void (*)(void))epki2pki_settable_ctx_params }, + { OSSL_FUNC_DECODER_SET_CTX_PARAMS, + (void (*)(void))epki2pki_set_ctx_params }, OSSL_DISPATCH_END }; diff --git a/providers/implementations/encode_decode/decode_pvk2key.c b/providers/implementations/encode_decode/decode_pvk2key.c index cae1d9897a..5355cf11d6 100644 --- a/providers/implementations/encode_decode/decode_pvk2key.c +++ b/providers/implementations/encode_decode/decode_pvk2key.c @@ -24,6 +24,7 @@ #include <openssl/pem.h> /* For public PVK functions */ #include <openssl/x509.h> #include "internal/passphrase.h" +#include "internal/sizes.h" #include "crypto/pem.h" /* For internal PVK and "blob" headers */ #include "crypto/rsa.h" #include "prov/bio.h" @@ -49,12 +50,15 @@ struct keytype_desc_st { static OSSL_FUNC_decoder_freectx_fn pvk2key_freectx; static OSSL_FUNC_decoder_decode_fn pvk2key_decode; static OSSL_FUNC_decoder_export_object_fn pvk2key_export_object; +static OSSL_FUNC_decoder_settable_ctx_params_fn pvk2key_settable_ctx_params; +static OSSL_FUNC_decoder_set_ctx_params_fn pvk2key_set_ctx_params; /* * Context used for DER to key decoding. */ struct pvk2key_ctx_st { PROV_CTX *provctx; + char propq[OSSL_MAX_PROPQUERY_SIZE]; const struct keytype_desc_st *desc; /* The selection that is passed to der2key_decode() */ int selection; @@ -79,6 +83,28 @@ static void pvk2key_freectx(void *vctx) OPENSSL_free(ctx); } +static const OSSL_PARAM *pvk2key_settable_ctx_params(ossl_unused void *provctx) +{ + static const OSSL_PARAM settables[] = { + OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0), + OSSL_PARAM_END, + }; + return settables; +} + +static int pvk2key_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + struct pvk2key_ctx_st *ctx = vctx; + const OSSL_PARAM *p; + char *str = ctx->propq; + + p = OSSL_PARAM_locate_const(params, OSSL_DECODER_PARAM_PROPERTIES); + if (p != NULL && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->propq))) + return 0; + + return 1; +} + static int pvk2key_does_selection(void *provctx, int selection) { if (selection == 0) @@ -115,7 +141,8 @@ static int pvk2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, goto end; key = ctx->desc->read_private_key(in, ossl_pw_pvk_password, &pwdata, - PROV_LIBCTX_OF(ctx->provctx), NULL); + PROV_LIBCTX_OF(ctx->provctx), + ctx->propq); /* * Because the PVK API doesn't have a separate decrypt call, we need @@ -247,6 +274,10 @@ static void rsa_adjust(void *key, struct pvk2key_ctx_st *ctx) (void (*)(void))pvk2key_decode }, \ { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ (void (*)(void))pvk2key_export_object }, \ + { OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS, \ + (void (*)(void))pvk2key_settable_ctx_params }, \ + { OSSL_FUNC_DECODER_SET_CTX_PARAMS, \ + (void (*)(void))pvk2key_set_ctx_params }, \ OSSL_DISPATCH_END \ } diff --git a/providers/implementations/encode_decode/decode_spki2typespki.c b/providers/implementations/encode_decode/decode_spki2typespki.c index e9f8dadb78..11f5426661 100644 --- a/providers/implementations/encode_decode/decode_spki2typespki.c +++ b/providers/implementations/encode_decode/decode_spki2typespki.c @@ -23,6 +23,8 @@ static OSSL_FUNC_decoder_newctx_fn spki2typespki_newctx; static OSSL_FUNC_decoder_freectx_fn spki2typespki_freectx; static OSSL_FUNC_decoder_decode_fn spki2typespki_decode; +static OSSL_FUNC_decoder_settable_ctx_params_fn spki2typespki_settable_ctx_params; +static OSSL_FUNC_decoder_set_ctx_params_fn spki2typespki_set_ctx_params; /* * Context used for SubjectPublicKeyInfo to Type specific SubjectPublicKeyInfo @@ -30,6 +32,7 @@ static OSSL_FUNC_decoder_decode_fn spki2typespki_decode; */ struct spki2typespki_ctx_st { PROV_CTX *provctx; + char propq[OSSL_MAX_PROPQUERY_SIZE]; }; static void *spki2typespki_newctx(void *provctx) @@ -48,6 +51,28 @@ static void spki2typespki_freectx(void *vctx) OPENSSL_free(ctx); } +static const OSSL_PARAM *spki2typespki_settable_ctx_params(ossl_unused void *provctx) +{ + static const OSSL_PARAM settables[] = { + OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0), + OSSL_PARAM_END + }; + return settables; +} + +static int spki2typespki_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + struct spki2typespki_ctx_st *ctx = vctx; + const OSSL_PARAM *p; + char *str = ctx->propq; + + p = OSSL_PARAM_locate_const(params, OSSL_DECODER_PARAM_PROPERTIES); + if (p != NULL && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->propq))) + return 0; + + return 1; +} + static int spki2typespki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, OSSL_CALLBACK *data_cb, void *data_cbarg, OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) @@ -67,8 +92,8 @@ static int spki2typespki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, return 1; derp = der; xpub = ossl_d2i_X509_PUBKEY_INTERNAL((const unsigned char **)&derp, len, - PROV_LIBCTX_OF(ctx->provctx)); - + PROV_LIBCTX_OF(ctx->provctx), + ctx->propq); if (xpub == NULL) { /* We return "empty handed". This is not an error. */ @@ -120,5 +145,9 @@ const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_der_decoder_functions[] = { { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))spki2typespki_newctx }, { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))spki2typespki_freectx }, { OSSL_FUNC_DECODER_DECODE, (void (*)(void))spki2typespki_decode }, + { OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS, + (void (*)(void))spki2typespki_settable_ctx_params }, + { OSSL_FUNC_DECODER_SET_CTX_PARAMS, + (void (*)(void))spki2typespki_set_ctx_params }, OSSL_DISPATCH_END }; |