]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
When exporting/importing decoded keys do not use 0 as selection
authorTomas Mraz <tomas@openssl.org>
Fri, 21 Jul 2023 15:40:31 +0000 (17:40 +0200)
committerTodd Short <todd.short@me.com>
Fri, 4 Aug 2023 14:13:40 +0000 (10:13 -0400)
When decoding 0 as the selection means to decode anything
you get.

However when exporting and then importing the key data 0 as
selection is not meaningful.
So we set it to OSSL_KEYMGMT_SELECT_ALL to make the export/import
function export/import everything that we have decoded.

Fixes #21493

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21519)

(cherry picked from commit 2acb0d363c0032b5b97c4f6596609f40bd7d842f)

crypto/encode_decode/decoder_pkey.c
providers/implementations/encode_decode/decode_der2key.c
providers/implementations/encode_decode/decode_msblob2key.c
providers/implementations/encode_decode/decode_pvk2key.c

index fa32f2b9fbd7dd60afdea9d66dfb26d7eaa89fc9..fa66cbe735162fd84bb6c17fe1764f0113b51c56 100644 (file)
@@ -152,7 +152,11 @@ static int decoder_construct_pkey(OSSL_DECODER_INSTANCE *decoder_inst,
 
             import_data.keymgmt = keymgmt;
             import_data.keydata = NULL;
-            import_data.selection = data->selection;
+            if (data->selection == 0)
+                /* import/export functions do not tolerate 0 selection */
+                import_data.selection = OSSL_KEYMGMT_SELECT_ALL;
+            else
+                import_data.selection = data->selection;
 
             /*
              * No need to check for errors here, the value of
index 9f4a9c57776f8218c9129b7897c1b227110c1d34..72f73b69dc7826b9c641aaf6df166d7913ba128f 100644 (file)
@@ -317,10 +317,14 @@ static int der2key_export_object(void *vctx,
     void *keydata;
 
     if (reference_sz == sizeof(keydata) && export != NULL) {
+        int selection = ctx->selection;
+
+        if (selection == 0)
+            selection = OSSL_KEYMGMT_SELECT_ALL;
         /* The contents of the reference is the address to our object */
         keydata = *(void **)reference;
 
-        return export(keydata, ctx->selection, export_cb, export_cbarg);
+        return export(keydata, selection, export_cb, export_cbarg);
     }
     return 0;
 }
index 91f9977b6bab7ba8bc1d642b2d200eba2eb44d6a..80c6e0a91e906bd9e146a4fd22b30b47d86619f9 100644 (file)
@@ -223,10 +223,14 @@ msblob2key_export_object(void *vctx,
     void *keydata;
 
     if (reference_sz == sizeof(keydata) && export != NULL) {
+        int selection = ctx->selection;
+
+        if (selection == 0)
+            selection = OSSL_KEYMGMT_SELECT_ALL;
         /* The contents of the reference is the address to our object */
         keydata = *(void **)reference;
 
-        return export(keydata, ctx->selection, export_cb, export_cbarg);
+        return export(keydata, selection, export_cb, export_cbarg);
     }
     return 0;
 }
index 2975186c30084c3a57dfba733f523849f19b5ab5..4eeeaf425a409a3d13716d54910483aac66270d5 100644 (file)
@@ -190,10 +190,14 @@ static int pvk2key_export_object(void *vctx,
     void *keydata;
 
     if (reference_sz == sizeof(keydata) && export != NULL) {
+        int selection = ctx->selection;
+
+        if (selection == 0)
+            selection = OSSL_KEYMGMT_SELECT_ALL;
         /* The contents of the reference is the address to our object */
         keydata = *(void **)reference;
 
-        return export(keydata, ctx->selection, export_cb, export_cbarg);
+        return export(keydata, selection, export_cb, export_cbarg);
     }
     return 0;
 }