From 39ed7636e0d8a90512e7ccb811cd0bfcb7a79650 Mon Sep 17 00:00:00 2001
From: slontis <shane.lontis@oracle.com>
Date: Fri, 16 Jun 2023 16:40:06 +1000
Subject: Fix decoders so that they use the passed in propq.

Fixes #21198

decoder objects were setting propq as NULL.
Added a set_ctx/settable_ctx to all decoders that should supply
a property query parameter to internal functions.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21219)
---
 .../implementations/encode_decode/decode_der2key.c | 31 +++++++++++++++++++-
 .../encode_decode/decode_epki2pki.c                | 32 ++++++++++++++++++++-
 .../implementations/encode_decode/decode_pvk2key.c | 33 +++++++++++++++++++++-
 .../encode_decode/decode_spki2typespki.c           | 33 ++++++++++++++++++++--
 4 files changed, 124 insertions(+), 5 deletions(-)

(limited to 'providers/implementations')

diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c
index 5f094a32dc..45b39ed358 100644
--- a/providers/implementations/encode_decode/decode_der2key.c
+++ b/providers/implementations/encode_decode/decode_der2key.c
@@ -89,6 +89,7 @@ struct keytype_desc_st {
  */
 struct der2key_ctx_st {
     PROV_CTX *provctx;
+    char propq[OSSL_MAX_PROPQUERY_SIZE];
     const struct keytype_desc_st *desc;
     /* The selection that is passed to der2key_decode() */
     int selection;
@@ -109,7 +110,7 @@ static void *der2key_decode_p8(const unsigned char **input_der,
     if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL
         && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)
         && OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type)
-        key = key_from_pkcs8(p8inf, PROV_LIBCTX_OF(ctx->provctx), NULL);
+        key = key_from_pkcs8(p8inf, PROV_LIBCTX_OF(ctx->provctx), ctx->propq);
     PKCS8_PRIV_KEY_INFO_free(p8inf);
 
     return key;
@@ -120,6 +121,8 @@ static void *der2key_decode_p8(const unsigned char **input_der,
 static OSSL_FUNC_decoder_freectx_fn der2key_freectx;
 static OSSL_FUNC_decoder_decode_fn der2key_decode;
 static OSSL_FUNC_decoder_export_object_fn der2key_export_object;
+static OSSL_FUNC_decoder_settable_ctx_params_fn der2key_settable_ctx_params;
+static OSSL_FUNC_decoder_set_ctx_params_fn der2key_set_ctx_params;
 
 static struct der2key_ctx_st *
 der2key_newctx(void *provctx, const struct keytype_desc_st *desc)
@@ -133,6 +136,28 @@ der2key_newctx(void *provctx, const struct keytype_desc_st *desc)
     return ctx;
 }
 
+static const OSSL_PARAM *der2key_settable_ctx_params(ossl_unused void *provctx)
+{
+    static const OSSL_PARAM settables[] = {
+        OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0),
+        OSSL_PARAM_END
+    };
+    return settables;
+}
+
+static int der2key_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+{
+    struct der2key_ctx_st *ctx = vctx;
+    const OSSL_PARAM *p;
+    char *str = ctx->propq;
+
+    p = OSSL_PARAM_locate_const(params, OSSL_DECODER_PARAM_PROPERTIES);
+    if (p != NULL && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->propq)))
+        return 0;
+
+    return 1;
+}
+
 static void der2key_freectx(void *vctx)
 {
     struct der2key_ctx_st *ctx = vctx;
@@ -755,6 +780,10 @@ static void rsa_adjust(void *key, struct der2key_ctx_st *ctx)
           (void (*)(void))der2key_decode },                             \
         { OSSL_FUNC_DECODER_EXPORT_OBJECT,                              \
           (void (*)(void))der2key_export_object },                      \
+        { OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS,                        \
+          (void (*)(void))der2key_settable_ctx_params },                \
+        { OSSL_FUNC_DECODER_SET_CTX_PARAMS,                             \
+          (void (*)(void))der2key_set_ctx_params },                     \
         OSSL_DISPATCH_END                                               \
     }
 
diff --git a/providers/implementations/encode_decode/decode_epki2pki.c b/providers/implementations/encode_decode/decode_epki2pki.c
index 16fdc7945e..5dd13f5a92 100644
--- a/providers/implementations/encode_decode/decode_epki2pki.c
+++ b/providers/implementations/encode_decode/decode_epki2pki.c
@@ -26,12 +26,15 @@
 static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx;
 static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx;
 static OSSL_FUNC_decoder_decode_fn epki2pki_decode;
+static OSSL_FUNC_decoder_settable_ctx_params_fn epki2pki_settable_ctx_params;
+static OSSL_FUNC_decoder_set_ctx_params_fn epki2pki_set_ctx_params;
 
 /*
  * Context used for EncryptedPrivateKeyInfo to PrivateKeyInfo decoding.
  */
 struct epki2pki_ctx_st {
     PROV_CTX *provctx;
+    char propq[OSSL_MAX_PROPQUERY_SIZE];
 };
 
 static void *epki2pki_newctx(void *provctx)
@@ -50,6 +53,28 @@ static void epki2pki_freectx(void *vctx)
     OPENSSL_free(ctx);
 }
 
+static const OSSL_PARAM *epki2pki_settable_ctx_params(ossl_unused void *provctx)
+{
+    static const OSSL_PARAM settables[] = {
+        OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0),
+        OSSL_PARAM_END
+    };
+    return settables;
+}
+
+static int epki2pki_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+{
+    struct epki2pki_ctx_st *ctx = vctx;
+    const OSSL_PARAM *p;
+    char *str = ctx->propq;
+
+    p = OSSL_PARAM_locate_const(params, OSSL_DECODER_PARAM_PROPERTIES);
+    if (p != NULL && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->propq)))
+        return 0;
+
+    return 1;
+}
+
 /*
  * The selection parameter in epki2pki_decode() is not used by this function
  * because it's not relevant just to decode EncryptedPrivateKeyInfo to
@@ -104,7 +129,8 @@ static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
             if (!PKCS12_pbe_crypt_ex(alg, pbuf, plen,
                                      oct->data, oct->length,
                                      &new_der, &new_der_len, 0,
-                                     PROV_LIBCTX_OF(ctx->provctx), NULL)) {
+                                     PROV_LIBCTX_OF(ctx->provctx),
+                                     ctx->propq)) {
                 ok = 0;
             } else {
                 OPENSSL_free(der);
@@ -154,5 +180,9 @@ const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[]
     { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))epki2pki_newctx },
     { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))epki2pki_freectx },
     { OSSL_FUNC_DECODER_DECODE, (void (*)(void))epki2pki_decode },
+    { OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS,
+      (void (*)(void))epki2pki_settable_ctx_params },
+    { OSSL_FUNC_DECODER_SET_CTX_PARAMS,
+      (void (*)(void))epki2pki_set_ctx_params },
     OSSL_DISPATCH_END
 };
diff --git a/providers/implementations/encode_decode/decode_pvk2key.c b/providers/implementations/encode_decode/decode_pvk2key.c
index cae1d9897a..5355cf11d6 100644
--- a/providers/implementations/encode_decode/decode_pvk2key.c
+++ b/providers/implementations/encode_decode/decode_pvk2key.c
@@ -24,6 +24,7 @@
 #include <openssl/pem.h>         /* For public PVK functions */
 #include <openssl/x509.h>
 #include "internal/passphrase.h"
+#include "internal/sizes.h"
 #include "crypto/pem.h"          /* For internal PVK and "blob" headers */
 #include "crypto/rsa.h"
 #include "prov/bio.h"
@@ -49,12 +50,15 @@ struct keytype_desc_st {
 static OSSL_FUNC_decoder_freectx_fn pvk2key_freectx;
 static OSSL_FUNC_decoder_decode_fn pvk2key_decode;
 static OSSL_FUNC_decoder_export_object_fn pvk2key_export_object;
+static OSSL_FUNC_decoder_settable_ctx_params_fn pvk2key_settable_ctx_params;
+static OSSL_FUNC_decoder_set_ctx_params_fn pvk2key_set_ctx_params;
 
 /*
  * Context used for DER to key decoding.
  */
 struct pvk2key_ctx_st {
     PROV_CTX *provctx;
+    char propq[OSSL_MAX_PROPQUERY_SIZE];
     const struct keytype_desc_st *desc;
     /* The selection that is passed to der2key_decode() */
     int selection;
@@ -79,6 +83,28 @@ static void pvk2key_freectx(void *vctx)
     OPENSSL_free(ctx);
 }
 
+static const OSSL_PARAM *pvk2key_settable_ctx_params(ossl_unused void *provctx)
+{
+    static const OSSL_PARAM settables[] = {
+        OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0),
+        OSSL_PARAM_END,
+    };
+    return settables;
+}
+
+static int pvk2key_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+{
+    struct pvk2key_ctx_st *ctx = vctx;
+    const OSSL_PARAM *p;
+    char *str = ctx->propq;
+
+    p = OSSL_PARAM_locate_const(params, OSSL_DECODER_PARAM_PROPERTIES);
+    if (p != NULL && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->propq)))
+        return 0;
+
+    return 1;
+}
+
 static int pvk2key_does_selection(void *provctx, int selection)
 {
     if (selection == 0)
@@ -115,7 +141,8 @@ static int pvk2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
             goto end;
 
         key = ctx->desc->read_private_key(in, ossl_pw_pvk_password, &pwdata,
-                                          PROV_LIBCTX_OF(ctx->provctx), NULL);
+                                          PROV_LIBCTX_OF(ctx->provctx),
+                                          ctx->propq);
 
         /*
          * Because the PVK API doesn't have a separate decrypt call, we need
@@ -247,6 +274,10 @@ static void rsa_adjust(void *key, struct pvk2key_ctx_st *ctx)
           (void (*)(void))pvk2key_decode },                             \
         { OSSL_FUNC_DECODER_EXPORT_OBJECT,                              \
           (void (*)(void))pvk2key_export_object },                      \
+        { OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS,                        \
+          (void (*)(void))pvk2key_settable_ctx_params },                \
+        { OSSL_FUNC_DECODER_SET_CTX_PARAMS,                             \
+          (void (*)(void))pvk2key_set_ctx_params },                     \
         OSSL_DISPATCH_END                                               \
     }
 
diff --git a/providers/implementations/encode_decode/decode_spki2typespki.c b/providers/implementations/encode_decode/decode_spki2typespki.c
index e9f8dadb78..11f5426661 100644
--- a/providers/implementations/encode_decode/decode_spki2typespki.c
+++ b/providers/implementations/encode_decode/decode_spki2typespki.c
@@ -23,6 +23,8 @@
 static OSSL_FUNC_decoder_newctx_fn spki2typespki_newctx;
 static OSSL_FUNC_decoder_freectx_fn spki2typespki_freectx;
 static OSSL_FUNC_decoder_decode_fn spki2typespki_decode;
+static OSSL_FUNC_decoder_settable_ctx_params_fn spki2typespki_settable_ctx_params;
+static OSSL_FUNC_decoder_set_ctx_params_fn spki2typespki_set_ctx_params;
 
 /*
  * Context used for SubjectPublicKeyInfo to Type specific SubjectPublicKeyInfo
@@ -30,6 +32,7 @@ static OSSL_FUNC_decoder_decode_fn spki2typespki_decode;
  */
 struct spki2typespki_ctx_st {
     PROV_CTX *provctx;
+    char propq[OSSL_MAX_PROPQUERY_SIZE];
 };
 
 static void *spki2typespki_newctx(void *provctx)
@@ -48,6 +51,28 @@ static void spki2typespki_freectx(void *vctx)
     OPENSSL_free(ctx);
 }
 
+static const OSSL_PARAM *spki2typespki_settable_ctx_params(ossl_unused void *provctx)
+{
+    static const OSSL_PARAM settables[] = {
+        OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0),
+        OSSL_PARAM_END
+    };
+    return settables;
+}
+
+static int spki2typespki_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+{
+    struct spki2typespki_ctx_st *ctx = vctx;
+    const OSSL_PARAM *p;
+    char *str = ctx->propq;
+
+    p = OSSL_PARAM_locate_const(params, OSSL_DECODER_PARAM_PROPERTIES);
+    if (p != NULL && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->propq)))
+        return 0;
+
+    return 1;
+}
+
 static int spki2typespki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
                                 OSSL_CALLBACK *data_cb, void *data_cbarg,
                                 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
@@ -67,8 +92,8 @@ static int spki2typespki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
         return 1;
     derp = der;
     xpub = ossl_d2i_X509_PUBKEY_INTERNAL((const unsigned char **)&derp, len,
-                                         PROV_LIBCTX_OF(ctx->provctx));
-
+                                         PROV_LIBCTX_OF(ctx->provctx),
+                                         ctx->propq);
 
     if (xpub == NULL) {
         /* We return "empty handed".  This is not an error. */
@@ -120,5 +145,9 @@ const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_der_decoder_functions[] = {
     { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))spki2typespki_newctx },
     { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))spki2typespki_freectx },
     { OSSL_FUNC_DECODER_DECODE, (void (*)(void))spki2typespki_decode },
+    { OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS,
+      (void (*)(void))spki2typespki_settable_ctx_params },
+    { OSSL_FUNC_DECODER_SET_CTX_PARAMS,
+      (void (*)(void))spki2typespki_set_ctx_params },
     OSSL_DISPATCH_END
 };
-- 
cgit v1.2.3