From 76624df15fef0725f28a8b9d0f31256946669b1a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 3 Feb 2021 16:48:21 +0100 Subject: EVP: Adapt EVP_PKEY_{set1,get1}_encoded_public_key() These functions are modified to use EVP_PKEY_set_octet_string_param() and EVP_PKEY_get_octet_string_param() instead of evp_keymgmt_set_params() and evp_keymgmt_get_params(). To accomplish this fully, EVP_PKEY_get_octet_string_param() is changed slightly to populate |*out_sz| with the return size, even if getting the params resulted in an error. We also modify EVP_PKEY_get_utf8_string_param() to match EVP_PKEY_get_octet_string_param() Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14056) --- crypto/evp/p_lib.c | 67 ++++++++++++++++------------------- doc/man3/EVP_PKEY_gettable_params.pod | 3 +- 2 files changed, 32 insertions(+), 38 deletions(-) diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 5dfe48f3c6..106830bfbb 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1298,17 +1298,11 @@ int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid) int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey, const unsigned char *pub, size_t publen) { - if (pkey->ameth == NULL) { - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - if (pkey->keymgmt == NULL || pkey->keydata == NULL) - return 0; - - params[0] = - OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, - (unsigned char *)pub, publen); - return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params); - } + if (pkey != NULL && evp_pkey_is_provided(pkey)) + return + EVP_PKEY_set_octet_string_param(pkey, + OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, + (unsigned char *)pub, publen); if (publen > INT_MAX) return 0; @@ -1323,29 +1317,28 @@ size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub) { int rv; - if (pkey->ameth == NULL) { - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - if (pkey->keymgmt == NULL || pkey->keydata == NULL) - return 0; + if (pkey != NULL && evp_pkey_is_provided(pkey)) { + size_t return_size = OSSL_PARAM_UNMODIFIED; - params[0] = - OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, - NULL, 0); - if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params)) + /* + * We know that this is going to fail, but it will give us a size + * to allocate. + */ + EVP_PKEY_get_octet_string_param(pkey, + OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, + NULL, 0, &return_size); + if (return_size == OSSL_PARAM_UNMODIFIED) return 0; - *ppub = OPENSSL_malloc(params[0].return_size); + *ppub = OPENSSL_malloc(return_size); if (*ppub == NULL) return 0; - params[0] = - OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, - *ppub, params[0].return_size); - if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params)) + if (!EVP_PKEY_get_octet_string_param(pkey, + OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, + *ppub, return_size, NULL)) return 0; - - return params[0].return_size; + return return_size; } @@ -2044,6 +2037,7 @@ int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name, size_t *out_sz) { OSSL_PARAM params[2]; + int ret1 = 0, ret2 = 0; if (key_name == NULL || pkey == NULL @@ -2052,12 +2046,11 @@ int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name, params[0] = OSSL_PARAM_construct_octet_string(key_name, buf, max_buf_sz); params[1] = OSSL_PARAM_construct_end(); - if (!EVP_PKEY_get_params(pkey, params) - || !OSSL_PARAM_modified(params)) - return 0; - if (out_sz != NULL) + if ((ret1 = EVP_PKEY_get_params(pkey, params))) + ret2 = OSSL_PARAM_modified(params); + if (ret2 && out_sz != NULL) *out_sz = params[0].return_size; - return 1; + return ret1 && ret2; } int EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey, const char *key_name, @@ -2065,18 +2058,18 @@ int EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey, const char *key_name, size_t *out_sz) { OSSL_PARAM params[2]; + int ret1 = 0, ret2 = 0; if (key_name == NULL) return 0; params[0] = OSSL_PARAM_construct_utf8_string(key_name, str, max_buf_sz); params[1] = OSSL_PARAM_construct_end(); - if (!EVP_PKEY_get_params(pkey, params) - || !OSSL_PARAM_modified(params)) - return 0; - if (out_sz != NULL) + if ((ret1 = EVP_PKEY_get_params(pkey, params))) + ret2 = OSSL_PARAM_modified(params); + if (ret2 && out_sz != NULL) *out_sz = params[0].return_size; - return 1; + return ret1 && ret2; } int EVP_PKEY_get_int_param(const EVP_PKEY *pkey, const char *key_name, diff --git a/doc/man3/EVP_PKEY_gettable_params.pod b/doc/man3/EVP_PKEY_gettable_params.pod index 9b455a22f6..7a1eaaa548 100644 --- a/doc/man3/EVP_PKEY_gettable_params.pod +++ b/doc/man3/EVP_PKEY_gettable_params.pod @@ -67,7 +67,8 @@ All other methods return 1 if a value associated with the key's I was successfully returned, or 0 if there was an error. An error may be returned by methods EVP_PKEY_get_utf8_string_param() and EVP_PKEY_get_octet_string_param() if I is not big enough to hold the -value. +value. If I is not NULL, I<*out_sz> will be assigned the required +buffer size to hold the value. =head1 EXAMPLES -- cgit v1.2.3