From 6207f2b657b5ba1823681b49c7c34c619da0dd00 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 31 Jul 2023 12:28:37 +0100
Subject: Don't add the msblob/pvk decoders if they're not suitable

msblob only decodes public/private keys (not just params).
pvk only decodes private keys.

If the requested selection doesn't intersect with the above then don't
consider those decoders.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21603)
---
 .../implementations/encode_decode/decode_msblob2key.c      | 14 ++++++++++++++
 providers/implementations/encode_decode/decode_pvk2key.c   | 13 +++++++++++++
 2 files changed, 27 insertions(+)

(limited to 'providers/implementations/encode_decode')

diff --git a/providers/implementations/encode_decode/decode_msblob2key.c b/providers/implementations/encode_decode/decode_msblob2key.c
index bb4c3a8183..3bf4cf4537 100644
--- a/providers/implementations/encode_decode/decode_msblob2key.c
+++ b/providers/implementations/encode_decode/decode_msblob2key.c
@@ -79,6 +79,18 @@ static void msblob2key_freectx(void *vctx)
     OPENSSL_free(ctx);
 }
 
+static int msblob2key_does_selection(void *provctx, int selection)
+{
+    if (selection == 0)
+        return 1;
+
+    if ((selection & (OSSL_KEYMGMT_SELECT_PRIVATE_KEY
+                      | OSSL_KEYMGMT_SELECT_PUBLIC_KEY))  != 0)
+        return 1;
+
+    return 0;
+}
+
 static int msblob2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
                              OSSL_CALLBACK *data_cb, void *data_cbarg,
                              OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
@@ -258,6 +270,8 @@ static void rsa_adjust(void *key, struct msblob2key_ctx_st *ctx)
           (void (*)(void))msblob2##keytype##_newctx },                  \
         { OSSL_FUNC_DECODER_FREECTX,                                    \
           (void (*)(void))msblob2key_freectx },                         \
+        { OSSL_FUNC_DECODER_DOES_SELECTION,                             \
+          (void (*)(void))msblob2key_does_selection },                  \
         { OSSL_FUNC_DECODER_DECODE,                                     \
           (void (*)(void))msblob2key_decode },                          \
         { OSSL_FUNC_DECODER_EXPORT_OBJECT,                              \
diff --git a/providers/implementations/encode_decode/decode_pvk2key.c b/providers/implementations/encode_decode/decode_pvk2key.c
index 6624773d9b..819014231c 100644
--- a/providers/implementations/encode_decode/decode_pvk2key.c
+++ b/providers/implementations/encode_decode/decode_pvk2key.c
@@ -79,6 +79,17 @@ static void pvk2key_freectx(void *vctx)
     OPENSSL_free(ctx);
 }
 
+static int pvk2key_does_selection(void *provctx, int selection)
+{
+    if (selection == 0)
+        return 1;
+
+    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY)  != 0)
+        return 1;
+
+    return 0;
+}
+
 static int pvk2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
                          OSSL_CALLBACK *data_cb, void *data_cbarg,
                          OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
@@ -226,6 +237,8 @@ static void rsa_adjust(void *key, struct pvk2key_ctx_st *ctx)
           (void (*)(void))pvk2##keytype##_newctx },                     \
         { OSSL_FUNC_DECODER_FREECTX,                                    \
           (void (*)(void))pvk2key_freectx },                            \
+        { OSSL_FUNC_DECODER_DOES_SELECTION,                             \
+          (void (*)(void))pvk2key_does_selection },                     \
         { OSSL_FUNC_DECODER_DECODE,                                     \
           (void (*)(void))pvk2key_decode },                             \
         { OSSL_FUNC_DECODER_EXPORT_OBJECT,                              \
-- 
cgit v1.2.3