diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-01-16 17:18:26 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-03-12 07:14:32 +1000 |
| commit | a173cc9c388cbe8105f78ba5a8fdfbf20a35be1a (patch) | |
| tree | 152d189a952143596a840e6a7a49121a2c889391 /providers | |
| parent | 0e6f62e3e1c4cdaa8e3bda7d459f978541dfb1fe (diff) | |
Add EC key validation to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10861)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/implementations/keymgmt/ec_kmgmt.c | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index 107ab1b594..2db23cd489 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -16,10 +16,10 @@ #include <openssl/core_numbers.h> #include <openssl/core_names.h> #include <openssl/bn.h> -#include <openssl/ec.h> #include <openssl/objects.h> #include <openssl/params.h> #include "crypto/bn.h" +#include "crypto/ec.h" #include "internal/param_build.h" #include "prov/implementations.h" #include "prov/providercommon.h" @@ -32,6 +32,7 @@ static OSSL_OP_keymgmt_set_params_fn ec_set_params; static OSSL_OP_keymgmt_settable_params_fn ec_settable_params; static OSSL_OP_keymgmt_has_fn ec_has; static OSSL_OP_keymgmt_match_fn ec_match; +static OSSL_OP_keymgmt_validate_fn ec_validate; static OSSL_OP_keymgmt_import_fn ec_import; static OSSL_OP_keymgmt_import_types_fn ec_import_types; static OSSL_OP_keymgmt_export_fn ec_export; @@ -730,6 +731,35 @@ int ec_set_params(void *key, const OSSL_PARAM params[]) return 1; } +static +int ec_validate(void *keydata, int selection) +{ + EC_KEY *eck = keydata; + int ok = 0; + BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(eck)); + + if (ctx == NULL) + return 0; + + if ((selection & EC_POSSIBLE_SELECTIONS) != 0) + ok = 1; + + if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) + ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx); + + if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) + ok = ok && ec_key_public_check(eck, ctx); + + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) + ok = ok && ec_key_private_check(eck); + + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_KEYPAIR) + ok = ok && ec_key_pairwise_check(eck, ctx); + + BN_CTX_free(ctx); + return ok; +} + const OSSL_DISPATCH ec_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))ec_newdata }, { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ec_freedata }, @@ -739,6 +769,7 @@ const OSSL_DISPATCH ec_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))ec_settable_params }, { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ec_has }, { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))ec_match }, + { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))ec_validate }, { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ec_import }, { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ec_import_types }, { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ec_export }, |