diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-12-11 11:01:09 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-12-17 12:02:08 +0100 |
| commit | 6963979f5c0f95b2152ef74645faa7344e33284d (patch) | |
| tree | ff97ca1102560458f90bc3e16db622055aec41fd /providers | |
| parent | e77c13f8b73ff937819d6551ddd616fe01b989d0 (diff) | |
DECODER: Adjust the library context of keys in our decoders
Because decoders are coupled with keymgmts from the same provider,
ours need to produce provider side keys the same way. Since our
keymgmts create key data with the provider library context, so must
our decoders.
We solve with functions to adjust the library context of decoded keys,
and use them.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13661)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/implementations/encode_decode/decode_der2key.c | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index 17ed16235d..a91bd3b7b8 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -24,7 +24,11 @@ #include <openssl/x509.h> #include "internal/cryptlib.h" /* ossl_assert() */ #include "internal/asn1.h" +#include "crypto/dh.h" +#include "crypto/dsa.h" +#include "crypto/ec.h" #include "crypto/ecx.h" +#include "crypto/rsa.h" #include "prov/bio.h" #include "prov/implementations.h" #include "prov/providercommonerr.h" @@ -106,7 +110,9 @@ static OSSL_FUNC_decoder_freectx_fn der2key_freectx; static OSSL_FUNC_decoder_decode_fn der2key_decode; static OSSL_FUNC_decoder_export_object_fn der2key_export_object; +struct der2key_ctx_st; /* Forward declaration */ typedef void *(extract_key_fn)(EVP_PKEY *); +typedef void (adjust_key_fn)(void *, struct der2key_ctx_st *ctx); typedef void (free_key_fn)(void *); struct keytype_desc_st { const char *keytype_name; @@ -130,10 +136,16 @@ struct keytype_desc_st { d2i_of_void *d2i_private_key; d2i_of_void *d2i_public_key; d2i_of_void *d2i_key_params; + /* * For PKCS#8 decoders, we use EVP_PKEY extractors, EVP_PKEY_get1_{TYPE}() */ extract_key_fn *extract_key; + /* + * For any key, we may need to make provider specific adjustments, such + * as ensure the key carries the correct library context. + */ + adjust_key_fn *adjust_key; /* {type}_free() */ free_key_fn *free_key; }; @@ -341,6 +353,9 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, } } + if (key != NULL && ctx->desc->adjust_key != NULL) + ctx->desc->adjust_key(key, ctx); + end: /* * Prune low-level ASN.1 parse errors from error queue, assuming @@ -403,12 +418,18 @@ static int der2key_export_object(void *vctx, # define dh_d2i_key_params (d2i_of_void *)d2i_DHparams # define dh_free (free_key_fn *)DH_free +static void dh_adjust(void *key, struct der2key_ctx_st *ctx) +{ + ossl_dh_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); +} + # define dhx_evp_type EVP_PKEY_DHX # define dhx_evp_extract (extract_key_fn *)EVP_PKEY_get1_DH # define dhx_d2i_private_key NULL # define dhx_d2i_public_key NULL # define dhx_d2i_key_params (d2i_of_void *)d2i_DHxparams # define dhx_free (free_key_fn *)DH_free +# define dhx_adjust dh_adjust #endif /* ---------------------------------------------------------------------- */ @@ -420,6 +441,11 @@ static int der2key_export_object(void *vctx, # define dsa_d2i_public_key (d2i_of_void *)d2i_DSAPublicKey # define dsa_d2i_key_params (d2i_of_void *)d2i_DSAparams # define dsa_free (free_key_fn *)DSA_free + +static void dsa_adjust(void *key, struct der2key_ctx_st *ctx) +{ + ossl_dsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); +} #endif /* ---------------------------------------------------------------------- */ @@ -432,16 +458,28 @@ static int der2key_export_object(void *vctx, # define ec_d2i_key_params (d2i_of_void *)d2i_ECParameters # define ec_free (free_key_fn *)EC_KEY_free +static void ec_adjust(void *key, struct der2key_ctx_st *ctx) +{ + ec_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); +} + /* * ED25519, ED448, X25519, X448 only implement PKCS#8 and SubjectPublicKeyInfo, * so no d2i functions to be had. */ + +static void ecx_key_adjust(void *key, struct der2key_ctx_st *ctx) +{ + ecx_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); +} + # define ed25519_evp_type EVP_PKEY_ED25519 # define ed25519_evp_extract (extract_key_fn *)evp_pkey_get1_ED25519 # define ed25519_d2i_private_key NULL # define ed25519_d2i_public_key NULL # define ed25519_d2i_key_params NULL # define ed25519_free (free_key_fn *)ecx_key_free +# define ed25519_adjust ecx_key_adjust # define ed448_evp_type EVP_PKEY_ED448 # define ed448_evp_extract (extract_key_fn *)evp_pkey_get1_ED448 @@ -449,6 +487,7 @@ static int der2key_export_object(void *vctx, # define ed448_d2i_public_key NULL # define ed448_d2i_key_params NULL # define ed448_free (free_key_fn *)ecx_key_free +# define ed448_adjust ecx_key_adjust # define x25519_evp_type EVP_PKEY_X25519 # define x25519_evp_extract (extract_key_fn *)evp_pkey_get1_X25519 @@ -456,6 +495,7 @@ static int der2key_export_object(void *vctx, # define x25519_d2i_public_key NULL # define x25519_d2i_key_params NULL # define x25519_free (free_key_fn *)ecx_key_free +# define x25519_adjust ecx_key_adjust # define x448_evp_type EVP_PKEY_X448 # define x448_evp_extract (extract_key_fn *)evp_pkey_get1_X448 @@ -463,6 +503,7 @@ static int der2key_export_object(void *vctx, # define x448_d2i_public_key NULL # define x448_d2i_key_params NULL # define x448_free (free_key_fn *)ecx_key_free +# define x448_adjust ecx_key_adjust #endif /* ---------------------------------------------------------------------- */ @@ -474,12 +515,18 @@ static int der2key_export_object(void *vctx, #define rsa_d2i_key_params NULL #define rsa_free (free_key_fn *)RSA_free +static void rsa_adjust(void *key, struct der2key_ctx_st *ctx) +{ + ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); +} + #define rsapss_evp_type EVP_PKEY_RSA_PSS #define rsapss_evp_extract (extract_key_fn *)EVP_PKEY_get1_RSA #define rsapss_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey #define rsapss_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey #define rsapss_d2i_key_params NULL #define rsapss_free (free_key_fn *)RSA_free +#define rsapss_adjust rsa_adjust /* ---------------------------------------------------------------------- */ @@ -494,6 +541,7 @@ static int der2key_export_object(void *vctx, keytype##_d2i_public_key, \ NULL, \ NULL, \ + keytype##_adjust, \ keytype##_free #define DO_type_specific_pub(keytype) \ @@ -503,6 +551,7 @@ static int der2key_export_object(void *vctx, keytype##_d2i_public_key, \ NULL, \ NULL, \ + keytype##_adjust, \ keytype##_free #define DO_type_specific_priv(keytype) \ @@ -512,6 +561,7 @@ static int der2key_export_object(void *vctx, NULL, \ NULL, \ NULL, \ + keytype##_adjust, \ keytype##_free #define DO_type_specific_params(keytype) \ @@ -521,6 +571,7 @@ static int der2key_export_object(void *vctx, NULL, \ keytype##_d2i_key_params, \ NULL, \ + keytype##_adjust, \ keytype##_free #define DO_type_specific(keytype) \ @@ -530,6 +581,7 @@ static int der2key_export_object(void *vctx, keytype##_d2i_public_key, \ keytype##_d2i_key_params, \ NULL, \ + keytype##_adjust, \ keytype##_free #define DO_type_specific_no_pub(keytype) \ @@ -540,6 +592,7 @@ static int der2key_export_object(void *vctx, NULL, \ keytype##_d2i_key_params, \ NULL, \ + keytype##_adjust, \ keytype##_free #define DO_PKCS8(keytype) \ @@ -549,6 +602,7 @@ static int der2key_export_object(void *vctx, NULL, \ NULL, \ keytype##_evp_extract, \ + keytype##_adjust, \ keytype##_free #define DO_SubjectPublicKeyInfo(keytype) \ @@ -558,6 +612,7 @@ static int der2key_export_object(void *vctx, NULL, \ NULL, \ keytype##_evp_extract, \ + keytype##_adjust, \ keytype##_free #define DO_DH(keytype) \ @@ -567,6 +622,7 @@ static int der2key_export_object(void *vctx, NULL, \ keytype##_d2i_key_params, \ NULL, \ + keytype##_adjust, \ keytype##_free #define DO_DHX(keytype) \ @@ -576,6 +632,7 @@ static int der2key_export_object(void *vctx, NULL, \ keytype##_d2i_key_params, \ NULL, \ + keytype##_adjust, \ keytype##_free #define DO_DSA(keytype) \ @@ -585,6 +642,7 @@ static int der2key_export_object(void *vctx, keytype##_d2i_public_key, \ keytype##_d2i_key_params, \ NULL, \ + keytype##_adjust, \ keytype##_free #define DO_EC(keytype) \ @@ -595,6 +653,7 @@ static int der2key_export_object(void *vctx, NULL, \ keytype##_d2i_key_params, \ NULL, \ + keytype##_adjust, \ keytype##_free #define DO_RSA(keytype) \ @@ -604,6 +663,7 @@ static int der2key_export_object(void *vctx, keytype##_d2i_public_key, \ NULL, \ NULL, \ + keytype##_adjust, \ keytype##_free /* |