From 0996cff91fe9d6ed7c37830debdf585119dcc067 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Thu, 19 Mar 2020 22:29:10 +0100
Subject: DH, DSA, EC_KEY: Fix exporters to allow domain parameter keys

The export-to-provider functions for DH, DSA and EC_KEY assumed that a
public key is always present, and would fail if not.  This blocks any
attempt to export a key structure with only domain parameters.

While fixing this, we also modify the selection declaration to
evp_keymgmt_import() to be more adaptive, the diverse selection bits
are now added when the corresponding data is added to the OSSL_PARAM
array.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11374)
---
 crypto/dh/dh_ameth.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'crypto/dh/dh_ameth.c')

diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index ecec5fbcf6..877a66f9dc 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -498,6 +498,7 @@ static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
     const BIGNUM *pub_key = DH_get0_pub_key(dh);
     const BIGNUM *priv_key = DH_get0_priv_key(dh);
     OSSL_PARAM *params;
+    int selection = 0;
     int rv;
 
     /*
@@ -518,21 +519,24 @@ static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
         if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_Q, q))
             return 0;
     }
-    /* A key must at least have a public part. */
-    if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_PUB_KEY, pub_key))
-        return 0;
+    selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
+    if (pub_key != NULL) {
+        if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_PUB_KEY, pub_key))
+            return 0;
+        selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
+    }
     if (priv_key != NULL) {
         if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_PRIV_KEY,
                                     priv_key))
             return 0;
+        selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
     }
 
     if ((params = ossl_param_bld_to_param(&tmpl)) == NULL)
         return 0;
 
     /* We export, the provider imports */
-    rv = evp_keymgmt_import(to_keymgmt, to_keydata, OSSL_KEYMGMT_SELECT_ALL,
-                            params);
+    rv = evp_keymgmt_import(to_keymgmt, to_keydata, selection, params);
 
     ossl_param_bld_free(params);
 
-- 
cgit v1.2.3