summaryrefslogtreecommitdiffstats
path: root/providers
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2021-09-29 11:05:41 +0200
committerRichard Levitte <levitte@openssl.org>2021-12-13 07:58:34 +0100
commit213a33e79fc1d0554d7cdad8496a805d6eacc77f (patch)
tree4ba689905efa74ad3aceec8f9456f8e1d93ead49 /providers
parent9aaa943f0a9f9cc2b6610d40619423cc5614dc38 (diff)
Adapt our OSSL_FUNC_keymgmt_match() implementations to the EVP_PKEY_eq() fix
The match function (called OSSL_FUNC_keymgmt_match() in our documentation) in our KEYMGMT implementations were interpretting the selector bits a bit too strictly, so they get a bit relaxed to make it reasonable to match diverse key contents. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16765) (cherry picked from commit ee22a3741e3fc27c981e7f7e9bcb8d3342b0c65a)
Diffstat (limited to 'providers')
-rw-r--r--providers/implementations/keymgmt/dh_kmgmt.c28
-rw-r--r--providers/implementations/keymgmt/dsa_kmgmt.c30
-rw-r--r--providers/implementations/keymgmt/ec_kmgmt.c30
-rw-r--r--providers/implementations/keymgmt/ecx_kmgmt.c51
-rw-r--r--providers/implementations/keymgmt/rsa_kmgmt.c28
5 files changed, 126 insertions, 41 deletions
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index c4cda447bf..98eb882e3f 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -154,10 +154,30 @@ static int dh_match(const void *keydata1, const void *keydata2, int selection)
if (!ossl_prov_is_running())
return 0;
- if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
- ok = ok && BN_cmp(DH_get0_pub_key(dh1), DH_get0_pub_key(dh2)) == 0;
- if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
- ok = ok && BN_cmp(DH_get0_priv_key(dh1), DH_get0_priv_key(dh2)) == 0;
+ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
+ int key_checked = 0;
+
+ if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
+ const BIGNUM *pa = DH_get0_pub_key(dh1);
+ const BIGNUM *pb = DH_get0_pub_key(dh2);
+
+ if (pa != NULL && pb != NULL) {
+ ok = ok && BN_cmp(pa, pb) == 0;
+ key_checked = 1;
+ }
+ }
+ if (!key_checked
+ && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
+ const BIGNUM *pa = DH_get0_priv_key(dh1);
+ const BIGNUM *pb = DH_get0_priv_key(dh2);
+
+ if (pa != NULL && pb != NULL) {
+ ok = ok && BN_cmp(pa, pb) == 0;
+ key_checked = 1;
+ }
+ }
+ ok = ok && key_checked;
+ }
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
FFC_PARAMS *dhparams1 = ossl_dh_get0_params((DH *)dh1);
FFC_PARAMS *dhparams2 = ossl_dh_get0_params((DH *)dh2);
diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c
index 4f05799bb3..1e1b168f7d 100644
--- a/providers/implementations/keymgmt/dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/dsa_kmgmt.c
@@ -154,12 +154,30 @@ static int dsa_match(const void *keydata1, const void *keydata2, int selection)
if (!ossl_prov_is_running())
return 0;
- if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
- ok = ok
- && BN_cmp(DSA_get0_pub_key(dsa1), DSA_get0_pub_key(dsa2)) == 0;
- if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
- ok = ok
- && BN_cmp(DSA_get0_priv_key(dsa1), DSA_get0_priv_key(dsa2)) == 0;
+ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
+ int key_checked = 0;
+
+ if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
+ const BIGNUM *pa = DSA_get0_pub_key(dsa1);
+ const BIGNUM *pb = DSA_get0_pub_key(dsa2);
+
+ if (pa != NULL && pb != NULL) {
+ ok = ok && BN_cmp(pa, pb) == 0;
+ key_checked = 1;
+ }
+ }
+ if (!key_checked
+ && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
+ const BIGNUM *pa = DSA_get0_priv_key(dsa1);
+ const BIGNUM *pb = DSA_get0_priv_key(dsa2);
+
+ if (pa != NULL && pb != NULL) {
+ ok = ok && BN_cmp(pa, pb) == 0;
+ key_checked = 1;
+ }
+ }
+ ok = ok && key_checked;
+ }
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
FFC_PARAMS *dsaparams1 = ossl_dsa_get0_params((DSA *)dsa1);
FFC_PARAMS *dsaparams2 = ossl_dsa_get0_params((DSA *)dsa2);
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
index 24d4df543b..15b4532cd7 100644
--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
@@ -337,17 +337,29 @@ static int ec_match(const void *keydata1, const void *keydata2, int selection)
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
ok = ok && group_a != NULL && group_b != NULL
&& EC_GROUP_cmp(group_a, group_b, ctx) == 0;
- if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
- const BIGNUM *pa = EC_KEY_get0_private_key(ec1);
- const BIGNUM *pb = EC_KEY_get0_private_key(ec2);
+ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
+ int key_checked = 0;
- ok = ok && BN_cmp(pa, pb) == 0;
- }
- if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
- const EC_POINT *pa = EC_KEY_get0_public_key(ec1);
- const EC_POINT *pb = EC_KEY_get0_public_key(ec2);
+ if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
+ const EC_POINT *pa = EC_KEY_get0_public_key(ec1);
+ const EC_POINT *pb = EC_KEY_get0_public_key(ec2);
- ok = ok && EC_POINT_cmp(group_b, pa, pb, ctx) == 0;
+ if (pa != NULL && pb != NULL) {
+ ok = ok && EC_POINT_cmp(group_b, pa, pb, ctx) == 0;
+ key_checked = 1;
+ }
+ }
+ if (!key_checked
+ && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
+ const BIGNUM *pa = EC_KEY_get0_private_key(ec1);
+ const BIGNUM *pb = EC_KEY_get0_private_key(ec2);
+
+ if (pa != NULL && pb != NULL) {
+ ok = ok && BN_cmp(pa, pb) == 0;
+ key_checked = 1;
+ }
+ }
+ ok = ok && key_checked;
}
BN_CTX_free(ctx);
return ok;
diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c
index b088c03b30..2be9508692 100644
--- a/providers/implementations/keymgmt/ecx_kmgmt.c
+++ b/providers/implementations/keymgmt/ecx_kmgmt.c
@@ -153,24 +153,39 @@ static int ecx_match(const void *keydata1, const void *keydata2, int selection)
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
ok = ok && key1->type == key2->type;
- if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
- if ((key1->privkey == NULL && key2->privkey != NULL)
- || (key1->privkey != NULL && key2->privkey == NULL)
- || key1->type != key2->type)
- ok = 0;
- else
- ok = ok && (key1->privkey == NULL /* implies key2->privkey == NULL */
- || CRYPTO_memcmp(key1->privkey, key2->privkey,
- key1->keylen) == 0);
- }
- if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
- if (key1->haspubkey != key2->haspubkey
- || key1->type != key2->type)
- ok = 0;
- else
- ok = ok && (key1->haspubkey == 0 /* implies key2->haspubkey == 0 */
- || CRYPTO_memcmp(key1->pubkey, key2->pubkey,
- key1->keylen) == 0);
+ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
+ int key_checked = 0;
+
+ if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
+ const unsigned char *pa = key1->haspubkey ? key1->pubkey : NULL;
+ const unsigned char *pb = key2->haspubkey ? key2->pubkey : NULL;
+ size_t pal = key1->keylen;
+ size_t pbl = key2->keylen;
+
+ if (pa != NULL && pb != NULL) {
+ ok = ok
+ && key1->type == key2->type
+ && pal == pbl
+ && CRYPTO_memcmp(pa, pb, pal) == 0;
+ key_checked = 1;
+ }
+ }
+ if (!key_checked
+ && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
+ const unsigned char *pa = key1->privkey;
+ const unsigned char *pb = key2->privkey;
+ size_t pal = key1->keylen;
+ size_t pbl = key2->keylen;
+
+ if (pa != NULL && pb != NULL) {
+ ok = ok
+ && key1->type == key2->type
+ && pal == pbl
+ && CRYPTO_memcmp(pa, pb, pal) == 0;
+ key_checked = 1;
+ }
+ }
+ ok = ok && key_checked;
}
return ok;
}
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
index 34871629ba..b1c3011f14 100644
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -143,10 +143,30 @@ static int rsa_match(const void *keydata1, const void *keydata2, int selection)
/* There is always an |e| */
ok = ok && BN_cmp(RSA_get0_e(rsa1), RSA_get0_e(rsa2)) == 0;
- if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
- ok = ok && BN_cmp(RSA_get0_n(rsa1), RSA_get0_n(rsa2)) == 0;
- if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
- ok = ok && BN_cmp(RSA_get0_d(rsa1), RSA_get0_d(rsa2)) == 0;
+ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
+ int key_checked = 0;
+
+ if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
+ const BIGNUM *pa = RSA_get0_n(rsa1);
+ const BIGNUM *pb = RSA_get0_n(rsa2);
+
+ if (pa != NULL && pb != NULL) {
+ ok = ok && BN_cmp(pa, pb) == 0;
+ key_checked = 1;
+ }
+ }
+ if (!key_checked
+ && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
+ const BIGNUM *pa = RSA_get0_d(rsa1);
+ const BIGNUM *pb = RSA_get0_d(rsa2);
+
+ if (pa != NULL && pb != NULL) {
+ ok = ok && BN_cmp(pa, pb) == 0;
+ key_checked = 1;
+ }
+ }
+ ok = ok && key_checked;
+ }
return ok;
}