Avoid exporting bogus (empty) data if empty selection is used

This is already correct in the rsa_kmgmt.c but other implementations are wrong. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/21519) (cherry picked from commit 1ae4678cebaa13604c0f31bdf2c64cd28bdaf287) (cherry picked from commit 8865d7c4e8f9afac969fc927f2b24ee6d03868bd)
author: Tomas Mraz <tomas@openssl.org> 2023-07-21 16:26:12 +0200
committer: Todd Short <todd.short@me.com> 2023-08-04 10:15:51 -0400
commit: b5edc8d02ce0c11f39529b0fc95ae64c1c9f6c70 (patch)
tree: 9b39826ccc6f441aa161e863d0b9d3148e9d4ebf /providers
parent: 9f8dd6c265d5dd501cf03ca706aa45c6e79b53d7 (diff)
4 files changed, 12 insertions, 0 deletions
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index 9a7dde7c66..4ca9c1a3fa 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -222,6 +222,9 @@ static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
     if (!ossl_prov_is_running() || dh == NULL)
         return 0;
 
+    if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
+        return 0;
+
     tmpl = OSSL_PARAM_BLD_new();
     if (tmpl == NULL)
         return 0;
diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c
index cd8b4410b0..2f5742cfcc 100644
--- a/providers/implementations/keymgmt/dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/dsa_kmgmt.c
@@ -223,6 +223,9 @@ static int dsa_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
     if (!ossl_prov_is_running() || dsa == NULL)
         return 0;
 
+    if ((selection & DSA_POSSIBLE_SELECTIONS) == 0)
+        return 0;
+
     tmpl = OSSL_PARAM_BLD_new();
     if (tmpl == NULL)
         return 0;
diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c
index 2a7f867aa5..831681412a 100644
--- a/providers/implementations/keymgmt/ecx_kmgmt.c
+++ b/providers/implementations/keymgmt/ecx_kmgmt.c
@@ -238,6 +238,9 @@ static int ecx_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
     if (!ossl_prov_is_running() || key == NULL)
         return 0;
 
+    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
+        return 0;
+
     tmpl = OSSL_PARAM_BLD_new();
     if (tmpl == NULL)
         return 0;
diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
index c934ff1640..3434b966f4 100644
--- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c
+++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
@@ -281,6 +281,9 @@ static int mac_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
     if (!ossl_prov_is_running() || key == NULL)
         return 0;
 
+    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) == 0)
+        return 0;
+
     tmpl = OSSL_PARAM_BLD_new();
     if (tmpl == NULL)
         return 0;
author	Tomas Mraz <tomas@openssl.org>	2023-07-21 16:26:12 +0200
committer	Todd Short <todd.short@me.com>	2023-08-04 10:15:51 -0400
commit	b5edc8d02ce0c11f39529b0fc95ae64c1c9f6c70 (patch)
tree	9b39826ccc6f441aa161e863d0b9d3148e9d4ebf /providers
parent	9f8dd6c265d5dd501cf03ca706aa45c6e79b53d7 (diff)