From b4f447c038c05260491eb880e4a9c420b476c119 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 8 Apr 2021 18:25:26 +0200 Subject: Add selection support to the provider keymgmt_dup function Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14793) --- crypto/rsa/rsa_ameth.c | 2 +- crypto/rsa/rsa_backend.c | 50 ++++++++++++++++++++++++++++-------------------- 2 files changed, 30 insertions(+), 22 deletions(-) (limited to 'crypto/rsa') diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 45e0000117..2f9d60a7b3 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -891,7 +891,7 @@ static int rsa_pkey_copy(EVP_PKEY *to, EVP_PKEY *from) int ret; if (rsa != NULL) { - dupkey = ossl_rsa_dup(rsa); + dupkey = ossl_rsa_dup(rsa, OSSL_KEYMGMT_SELECT_ALL); if (dupkey == NULL) return 0; } diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c index 92be5f610a..192b3fdbf7 100644 --- a/crypto/rsa/rsa_backend.c +++ b/crypto/rsa/rsa_backend.c @@ -330,7 +330,7 @@ static ossl_inline int rsa_bn_dup_check(BIGNUM **out, const BIGNUM *f) return 1; } -RSA *ossl_rsa_dup(const RSA *rsa) +RSA *ossl_rsa_dup(const RSA *rsa, int selection) { RSA *dupkey = NULL; #ifndef FIPS_MODULE @@ -344,34 +344,42 @@ RSA *ossl_rsa_dup(const RSA *rsa) if ((dupkey = ossl_rsa_new_with_ctx(rsa->libctx)) == NULL) return NULL; - /* private and public key */ - if (!rsa_bn_dup_check(&dupkey->n, rsa->n)) - goto err; - if (!rsa_bn_dup_check(&dupkey->e, rsa->e)) - goto err; - if (!rsa_bn_dup_check(&dupkey->d, rsa->d)) - goto err; + /* public key */ + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { + if (!rsa_bn_dup_check(&dupkey->n, rsa->n)) + goto err; + if (!rsa_bn_dup_check(&dupkey->e, rsa->e)) + goto err; + } - /* factors and crt params */ - if (!rsa_bn_dup_check(&dupkey->p, rsa->p)) - goto err; - if (!rsa_bn_dup_check(&dupkey->q, rsa->q)) - goto err; - if (!rsa_bn_dup_check(&dupkey->dmp1, rsa->dmp1)) - goto err; - if (!rsa_bn_dup_check(&dupkey->dmq1, rsa->dmq1)) - goto err; - if (!rsa_bn_dup_check(&dupkey->iqmp, rsa->iqmp)) - goto err; + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { + + /* private key */ + if (!rsa_bn_dup_check(&dupkey->d, rsa->d)) + goto err; + + /* factors and crt params */ + if (!rsa_bn_dup_check(&dupkey->p, rsa->p)) + goto err; + if (!rsa_bn_dup_check(&dupkey->q, rsa->q)) + goto err; + if (!rsa_bn_dup_check(&dupkey->dmp1, rsa->dmp1)) + goto err; + if (!rsa_bn_dup_check(&dupkey->dmq1, rsa->dmq1)) + goto err; + if (!rsa_bn_dup_check(&dupkey->iqmp, rsa->iqmp)) + goto err; + } dupkey->version = rsa->version; dupkey->flags = rsa->flags; + /* we always copy the PSS parameters regardless of selection */ dupkey->pss_params = rsa->pss_params; #ifndef FIPS_MODULE /* multiprime */ - pnum = sk_RSA_PRIME_INFO_num(rsa->prime_infos); - if (pnum > 0) { + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 + && (pnum = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) > 0) { dupkey->prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum); for (i = 0; i < pnum; i++) { const RSA_PRIME_INFO *pinfo = NULL; -- cgit v1.2.3