int ret;
if (dh != NULL) {
- dupkey = ossl_dh_dup(dh);
+ dupkey = ossl_dh_dup(dh, OSSL_KEYMGMT_SELECT_ALL);
if (dupkey == NULL)
return 0;
}
return 1;
}
-DH *ossl_dh_dup(const DH *dh)
+DH *ossl_dh_dup(const DH *dh, int selection)
{
DH *dupkey = NULL;
return NULL;
dupkey->length = DH_get_length(dh);
- if (!ossl_ffc_params_copy(&dupkey->params, &dh->params))
+ if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0
+ && !ossl_ffc_params_copy(&dupkey->params, &dh->params))
goto err;
dupkey->flags = dh->flags;
- if (!dh_bn_dup_check(&dupkey->pub_key, dh->pub_key))
+ if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0
+ && ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0
+ || !dh_bn_dup_check(&dupkey->pub_key, dh->pub_key)))
goto err;
- if (!dh_bn_dup_check(&dupkey->priv_key, dh->priv_key))
+
+ if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
+ && ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0
+ || !dh_bn_dup_check(&dupkey->priv_key, dh->priv_key)))
goto err;
#ifndef FIPS_MODULE
DH_free(dupkey);
return NULL;
}
+
#ifndef FIPS_MODULE
DH *ossl_dh_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
OSSL_LIB_CTX *libctx, const char *propq)
int ret;
if (dsa != NULL) {
- dupkey = ossl_dsa_dup(dsa);
+ dupkey = ossl_dsa_dup(dsa, OSSL_KEYMGMT_SELECT_ALL);
if (dupkey == NULL)
return 0;
}
return 1;
}
-DSA *ossl_dsa_dup(const DSA *dsa)
+DSA *ossl_dsa_dup(const DSA *dsa, int selection)
{
DSA *dupkey = NULL;
if ((dupkey = ossl_dsa_new(dsa->libctx)) == NULL)
return NULL;
- if (!ossl_ffc_params_copy(&dupkey->params, &dsa->params))
+ if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0
+ && !ossl_ffc_params_copy(&dupkey->params, &dsa->params))
goto err;
dupkey->flags = dsa->flags;
- if (!dsa_bn_dup_check(&dupkey->pub_key, dsa->pub_key))
+ if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0
+ && ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0
+ || !dsa_bn_dup_check(&dupkey->pub_key, dsa->pub_key)))
goto err;
- if (!dsa_bn_dup_check(&dupkey->priv_key, dsa->priv_key))
+
+ if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
+ && ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0
+ || !dsa_bn_dup_check(&dupkey->priv_key, dsa->priv_key)))
goto err;
#ifndef FIPS_MODULE
#include <openssl/objects.h>
#include <openssl/params.h>
#include <openssl/err.h>
+#include <openssl/engine.h>
#include "crypto/bn.h"
#include "crypto/ec.h"
#include "ec_local.h"
return 1;
}
+EC_KEY *ossl_ec_key_dup(const EC_KEY *src, int selection)
+{
+ EC_KEY *ret = ossl_ec_key_new_method_int(src->libctx, src->propq,
+ src->engine);
+
+ if (ret == NULL)
+ return NULL;
+
+ if (src == NULL) {
+ ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER);
+ goto err;
+ }
+
+ /* copy the parameters */
+ if (src->group != NULL
+ && (selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
+ ret->group = ossl_ec_group_new_ex(src->libctx, src->propq,
+ src->group->meth);
+ if (ret->group == NULL
+ || !EC_GROUP_copy(ret->group, src->group))
+ goto err;
+
+ if (src->meth != NULL) {
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
+ if (src->engine != NULL && ENGINE_init(src->engine) == 0)
+ goto err;
+ ret->engine = src->engine;
+#endif
+ ret->meth = src->meth;
+ }
+ }
+
+ /* copy the public key */
+ if (src->pub_key != NULL
+ && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
+ if (ret->group == NULL)
+ /* no parameter-less keys allowed */
+ goto err;
+ ret->pub_key = EC_POINT_new(ret->group);
+ if (ret->pub_key == NULL
+ || !EC_POINT_copy(ret->pub_key, src->pub_key))
+ goto err;
+ }
+
+ /* copy the private key */
+ if (src->priv_key != NULL
+ && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
+ if (ret->group == NULL)
+ /* no parameter-less keys allowed */
+ goto err;
+ ret->priv_key = BN_new();
+ if (ret->priv_key == NULL || !BN_copy(ret->priv_key, src->priv_key))
+ goto err;
+ if (ret->group->meth->keycopy
+ && ret->group->meth->keycopy(ret, src) == 0)
+ goto err;
+ }
+
+ /* copy the rest */
+ if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) {
+ ret->enc_flag = src->enc_flag;
+ ret->conv_form = src->conv_form;
+ }
+
+ ret->version = src->version;
+ ret->flags = src->flags;
+
+#ifndef FIPS_MODULE
+ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY,
+ &ret->ex_data, &src->ex_data))
+ goto err;
+#endif
+
+ if (ret->meth != NULL && ret->meth->copy != NULL) {
+ if ((selection
+ & OSSL_KEYMGMT_SELECT_KEYPAIR) != OSSL_KEYMGMT_SELECT_KEYPAIR)
+ goto err;
+ if (ret->meth->copy(ret, src) == 0)
+ goto err;
+ }
+
+ return ret;
+ err:
+ EC_KEY_free(ret);
+ return NULL;
+}
+
int ossl_ec_encoding_param2id(const OSSL_PARAM *p, int *id)
{
const char *name = NULL;
EC_KEY *EC_KEY_dup(const EC_KEY *ec_key)
{
- EC_KEY *ret = ossl_ec_key_new_method_int(ec_key->libctx, ec_key->propq,
- ec_key->engine);
-
- if (ret == NULL)
- return NULL;
-
- if (EC_KEY_copy(ret, ec_key) == NULL) {
- EC_KEY_free(ret);
- return NULL;
- }
- return ret;
+ return ossl_ec_key_dup(ec_key, OSSL_KEYMGMT_SELECT_ALL);
}
int EC_KEY_up_ref(EC_KEY *r)
return 1;
}
-ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key)
+ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key, int selection)
{
ECX_KEY *ret = OPENSSL_zalloc(sizeof(*ret));
goto err;
}
- memcpy(ret->pubkey, key->pubkey, sizeof(ret->pubkey));
+ if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
+ memcpy(ret->pubkey, key->pubkey, sizeof(ret->pubkey));
- if (key->privkey != NULL) {
+ if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
+ && key->privkey != NULL) {
if (ossl_ecx_key_allocate_privkey(ret) == NULL)
goto err;
memcpy(ret->privkey, key->privkey, ret->keylen);
int ret;
if (ecx != NULL) {
- dupkey = ossl_ecx_key_dup(ecx);
+ dupkey = ossl_ecx_key_dup(ecx, OSSL_KEYMGMT_SELECT_ALL);
if (dupkey == NULL)
return 0;
}
return 0;
}
} else if (to_keymgmt == from->keymgmt && to_keymgmt->dup != NULL
- && to_keydata == NULL
- && selection == OSSL_KEYMGMT_SELECT_ALL) {
- to_keydata = alloc_keydata = evp_keymgmt_dup(to_keymgmt, from->keydata);
+ && to_keydata == NULL) {
+ to_keydata = alloc_keydata = evp_keymgmt_dup(to_keymgmt,
+ from->keydata,
+ selection);
if (to_keydata == NULL)
return 0;
} else if (match_type(to_keymgmt, from->keymgmt)) {
return keymgmt->copy(keydata_to, keydata_from, selection);
}
-void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt, const void *keydata_from)
+void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt, const void *keydata_from,
+ int selection)
{
/* We assume no dup if the implementation doesn't have a function */
if (keymgmt->dup == NULL)
return NULL;
- return keymgmt->dup(keydata_from);
+ return keymgmt->dup(keydata_from, selection);
}
int ret;
if (rsa != NULL) {
- dupkey = ossl_rsa_dup(rsa);
+ dupkey = ossl_rsa_dup(rsa, OSSL_KEYMGMT_SELECT_ALL);
if (dupkey == NULL)
return 0;
}
return 1;
}
-RSA *ossl_rsa_dup(const RSA *rsa)
+RSA *ossl_rsa_dup(const RSA *rsa, int selection)
{
RSA *dupkey = NULL;
#ifndef FIPS_MODULE
if ((dupkey = ossl_rsa_new_with_ctx(rsa->libctx)) == NULL)
return NULL;
- /* private and public key */
- if (!rsa_bn_dup_check(&dupkey->n, rsa->n))
- goto err;
- if (!rsa_bn_dup_check(&dupkey->e, rsa->e))
- goto err;
- if (!rsa_bn_dup_check(&dupkey->d, rsa->d))
- goto err;
+ /* public key */
+ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
+ if (!rsa_bn_dup_check(&dupkey->n, rsa->n))
+ goto err;
+ if (!rsa_bn_dup_check(&dupkey->e, rsa->e))
+ goto err;
+ }
- /* factors and crt params */
- if (!rsa_bn_dup_check(&dupkey->p, rsa->p))
- goto err;
- if (!rsa_bn_dup_check(&dupkey->q, rsa->q))
- goto err;
- if (!rsa_bn_dup_check(&dupkey->dmp1, rsa->dmp1))
- goto err;
- if (!rsa_bn_dup_check(&dupkey->dmq1, rsa->dmq1))
- goto err;
- if (!rsa_bn_dup_check(&dupkey->iqmp, rsa->iqmp))
- goto err;
+ if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
+
+ /* private key */
+ if (!rsa_bn_dup_check(&dupkey->d, rsa->d))
+ goto err;
+
+ /* factors and crt params */
+ if (!rsa_bn_dup_check(&dupkey->p, rsa->p))
+ goto err;
+ if (!rsa_bn_dup_check(&dupkey->q, rsa->q))
+ goto err;
+ if (!rsa_bn_dup_check(&dupkey->dmp1, rsa->dmp1))
+ goto err;
+ if (!rsa_bn_dup_check(&dupkey->dmq1, rsa->dmq1))
+ goto err;
+ if (!rsa_bn_dup_check(&dupkey->iqmp, rsa->iqmp))
+ goto err;
+ }
dupkey->version = rsa->version;
dupkey->flags = rsa->flags;
+ /* we always copy the PSS parameters regardless of selection */
dupkey->pss_params = rsa->pss_params;
#ifndef FIPS_MODULE
/* multiprime */
- pnum = sk_RSA_PRIME_INFO_num(rsa->prime_infos);
- if (pnum > 0) {
+ if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
+ && (pnum = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) > 0) {
dupkey->prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum);
for (i = 0; i < pnum; i++) {
const RSA_PRIME_INFO *pinfo = NULL;
int OSSL_FUNC_keymgmt_copy(void *keydata_to, const void *keydata_from, int selection);
/* Key object duplication, a constructor */
- void *OSSL_FUNC_keymgmt_dup(const void *keydata_from);
+ void *OSSL_FUNC_keymgmt_dup(const void *keydata_from, int selection);
/* Key object validation */
int OSSL_FUNC_keymgmt_validate(const void *keydata, int selection, int checktype);
has ensured that I<keydata_to> and I<keydata_from> are both owned by
the implementation of this function.
-OSSL_FUNC_keymgmt_dup() should duplicate the key data I<keydata_from> and
-create a new provider side key object with the data.
+OSSL_FUNC_keymgmt_dup() should duplicate data subsets indicated by
+I<selection> or the whole key data I<keydata_from> and create a new
+provider side key object with the data.
=head2 Common Information Parameters
const unsigned char *ukm, size_t ukmlen,
const EVP_MD *md,
OSSL_LIB_CTX *libctx, const char *propq);
-DH *ossl_dh_dup(const DH *dh);
+DH *ossl_dh_dup(const DH *dh, int selection);
#endif /* OSSL_CRYPTO_DH_H */
int *ret);
int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret);
int ossl_dsa_check_pairwise(const DSA *dsa);
-DSA *ossl_dsa_dup(const DSA *dsa);
+DSA *ossl_dsa_dup(const DSA *dsa, int selection);
#endif
int ossl_ec_key_fromdata(EC_KEY *ecx, const OSSL_PARAM params[],
int include_private);
int ossl_ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]);
+EC_KEY *ossl_ec_key_dup(const EC_KEY *key, int selection);
EC_KEY *ossl_ec_key_param_from_x509_algor(const X509_ALGOR *palg,
OSSL_LIB_CTX *libctx,
const char *propq);
unsigned char *ossl_ecx_key_allocate_privkey(ECX_KEY *key);
void ossl_ecx_key_free(ECX_KEY *key);
int ossl_ecx_key_up_ref(ECX_KEY *key);
-ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key);
+ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key, int selection);
int ossl_x25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
const uint8_t peer_public_value[32]);
void *keydata_to, const void *keydata_from,
int selection);
void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt,
- const void *keydata_from);
+ const void *keydata_from, int selection);
/* Pulling defines out of C source files */
int ossl_rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes,
STACK_OF(BIGNUM_const) *exps,
STACK_OF(BIGNUM_const) *coeffs);
-RSA *ossl_rsa_dup(const RSA *rsa);
+RSA *ossl_rsa_dup(const RSA *rsa, int selection);
int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[]);
/* Dup function, constructor */
# define OSSL_FUNC_KEYMGMT_DUP 45
OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
- (const void *keydata_from))
+ (const void *keydata_from, int selection))
/* Key Exchange */
return NULL;
}
-static void *dh_dup(const void *keydata_from)
+static void *dh_dup(const void *keydata_from, int selection)
{
if (ossl_prov_is_running())
- return ossl_dh_dup(keydata_from);
+ return ossl_dh_dup(keydata_from, selection);
return NULL;
}
return NULL;
}
-static void *dsa_dup(const void *keydata_from)
+static void *dsa_dup(const void *keydata_from, int selection)
{
if (ossl_prov_is_running())
- return ossl_dsa_dup(keydata_from);
+ return ossl_dsa_dup(keydata_from, selection);
return NULL;
}
# endif
#endif
-static void *ec_dup(const void *keydata_from)
+static void *ec_dup(const void *keydata_from, int selection)
{
if (ossl_prov_is_running())
- return EC_KEY_dup(keydata_from);
+ return ossl_ec_key_dup(keydata_from, selection);
return NULL;
}
return NULL;
}
-static void *ecx_dup(const void *keydata_from)
+static void *ecx_dup(const void *keydata_from, int selection)
{
if (ossl_prov_is_running())
- return ossl_ecx_key_dup(keydata_from);
+ return ossl_ecx_key_dup(keydata_from, selection);
return NULL;
}
return common_load(reference, reference_sz, RSA_FLAG_TYPE_RSASSAPSS);
}
-static void *rsa_dup(const void *keydata_from)
+static void *rsa_dup(const void *keydata_from, int selection)
{
if (ossl_prov_is_running())
- return ossl_rsa_dup(keydata_from);
+ return ossl_rsa_dup(keydata_from, selection);
return NULL;
}
projects / thirdparty / openssl.git / commitdiff
