From 944f822aadc88b2e25f7695366810c73a53a00c8 Mon Sep 17 00:00:00 2001
From: slontis <shane.lontis@oracle.com>
Date: Mon, 6 Dec 2021 09:27:12 +1000
Subject: Fix EVP todata and fromdata when used with selection of
 EVP_PKEY_PUBLIC_KEY.

The private key for rsa, dsa, dh and ecx was being included when the
selector was just the public key. (ec was working correctly).
This matches the documented behaviour.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17200)
---
 crypto/dh/dh_ameth.c     |  2 +-
 crypto/dh/dh_backend.c   | 17 +++++++++++------
 crypto/dsa/dsa_ameth.c   |  2 +-
 crypto/dsa/dsa_backend.c | 11 +++++++----
 crypto/rsa/rsa_ameth.c   |  4 ++--
 crypto/rsa/rsa_backend.c | 12 +++++++-----
 6 files changed, 29 insertions(+), 19 deletions(-)

(limited to 'crypto')

diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 38d8e7a38f..6a004ff2e4 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -511,7 +511,7 @@ static int dh_pkey_import_from_type(const OSSL_PARAM params[], void *vpctx,
     DH_set_flags(dh, type == EVP_PKEY_DH ? DH_FLAG_TYPE_DH : DH_FLAG_TYPE_DHX);
 
     if (!ossl_dh_params_fromdata(dh, params)
-        || !ossl_dh_key_fromdata(dh, params)
+        || !ossl_dh_key_fromdata(dh, params, 1)
         || !EVP_PKEY_assign(pkey, type, dh)) {
         DH_free(dh);
         return 0;
diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c
index 7bd5c617de..98881a75f9 100644
--- a/crypto/dh/dh_backend.c
+++ b/crypto/dh/dh_backend.c
@@ -63,7 +63,7 @@ int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[])
     return 1;
 }
 
-int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[])
+int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[], int include_private)
 {
     const OSSL_PARAM *param_priv_key, *param_pub_key;
     BIGNUM *priv_key = NULL, *pub_key = NULL;
@@ -74,10 +74,13 @@ int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[])
     param_priv_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
     param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
 
-    if ((param_priv_key != NULL
-         && !OSSL_PARAM_get_BN(param_priv_key, &priv_key))
-        || (param_pub_key != NULL
-            && !OSSL_PARAM_get_BN(param_pub_key, &pub_key)))
+    if (include_private
+        && param_priv_key != NULL
+        && !OSSL_PARAM_get_BN(param_priv_key, &priv_key))
+        goto err;
+
+    if (param_pub_key != NULL
+        && !OSSL_PARAM_get_BN(param_pub_key, &pub_key))
         goto err;
 
     if (!DH_set0_key(dh, pub_key, priv_key))
@@ -103,7 +106,8 @@ int ossl_dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
     return 1;
 }
 
-int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
+int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[],
+                       int include_private)
 {
     const BIGNUM *priv = NULL, *pub = NULL;
 
@@ -112,6 +116,7 @@ int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
 
     DH_get0_key(dh, &pub, &priv);
     if (priv != NULL
+        && include_private
         && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_PRIV_KEY, priv))
         return 0;
     if (pub != NULL
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 53417bff6a..f0a2bdb149 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -485,7 +485,7 @@ static int dsa_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
     }
 
     if (!ossl_dsa_ffc_params_fromdata(dsa, params)
-        || !ossl_dsa_key_fromdata(dsa, params)
+        || !ossl_dsa_key_fromdata(dsa, params, 1)
         || !EVP_PKEY_assign_DSA(pkey, dsa)) {
         DSA_free(dsa);
         return 0;
diff --git a/crypto/dsa/dsa_backend.c b/crypto/dsa/dsa_backend.c
index 5e3ff85154..9c3cede91a 100644
--- a/crypto/dsa/dsa_backend.c
+++ b/crypto/dsa/dsa_backend.c
@@ -27,16 +27,19 @@
  * implementations alike.
  */
 
-int ossl_dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[])
+int ossl_dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[],
+                          int include_private)
 {
-    const OSSL_PARAM *param_priv_key, *param_pub_key;
+    const OSSL_PARAM *param_priv_key = NULL, *param_pub_key;
     BIGNUM *priv_key = NULL, *pub_key = NULL;
 
     if (dsa == NULL)
         return 0;
 
-    param_priv_key =
-        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
+    if (include_private) {
+        param_priv_key =
+            OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
+    }
     param_pub_key =
         OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
 
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 55b7216d63..83714b8856 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -748,7 +748,7 @@ static int rsa_int_export_to(const EVP_PKEY *from, int rsa_type,
     if (RSA_get0_n(rsa) == NULL || RSA_get0_e(rsa) == NULL)
         goto err;
 
-    if (!ossl_rsa_todata(rsa, tmpl, NULL))
+    if (!ossl_rsa_todata(rsa, tmpl, NULL, 1))
         goto err;
 
     selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
@@ -841,7 +841,7 @@ static int rsa_int_import_from(const OSSL_PARAM params[], void *vpctx,
         goto err;
     }
 
-    if (!ossl_rsa_fromdata(rsa, params))
+    if (!ossl_rsa_fromdata(rsa, params, 1))
         goto err;
 
     switch (rsa_type) {
diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c
index ae071f18bf..4385dd0135 100644
--- a/crypto/rsa/rsa_backend.c
+++ b/crypto/rsa/rsa_backend.c
@@ -60,9 +60,9 @@ static int collect_numbers(STACK_OF(BIGNUM) *numbers,
     return 1;
 }
 
-int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[])
+int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[], int include_private)
 {
-    const OSSL_PARAM *param_n, *param_e,  *param_d;
+    const OSSL_PARAM *param_n, *param_e,  *param_d = NULL;
     BIGNUM *n = NULL, *e = NULL, *d = NULL;
     STACK_OF(BIGNUM) *factors = NULL, *exps = NULL, *coeffs = NULL;
     int is_private = 0;
@@ -72,7 +72,8 @@ int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[])
 
     param_n = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N);
     param_e = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E);
-    param_d = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D);
+    if (include_private)
+        param_d = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D);
 
     if ((param_n != NULL && !OSSL_PARAM_get_BN(param_n, &n))
         || (param_e != NULL && !OSSL_PARAM_get_BN(param_e, &e))
@@ -118,7 +119,8 @@ int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[])
 
 DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
 
-int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
+int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[],
+                    int include_private)
 {
     int ret = 0;
     const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL;
@@ -137,7 +139,7 @@ int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
         goto err;
 
     /* Check private key data integrity */
-    if (rsa_d != NULL) {
+    if (include_private && rsa_d != NULL) {
         int numprimes = sk_BIGNUM_const_num(factors);
         int numexps = sk_BIGNUM_const_num(exps);
         int numcoeffs = sk_BIGNUM_const_num(coeffs);
-- 
cgit v1.2.3