]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6288aa4)
Don't restrict what EVP_PKEY_Q_keygen can be used for
authorMatt Caswell <matt@openssl.org>
Mon, 16 Sep 2024 11:00:32 +0000 (12:00 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 17 Sep 2024 15:25:44 +0000 (16:25 +0100)
The EVP_PKEY_Q_keygen function contains a list of algorithm type names
and fails if the requested name is not in the list. This prevents the use
of this function for externally supplied key type names.

We should just assume that any unrecognised key type name does not require
a parameter.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25468)

crypto/evp/evp_lib.c patch | blob | blame | history
doc/man3/EVP_PKEY_keygen.pod patch | blob | blame | history

diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 4440582e4fa2c92f71d3876baeec5212119554b0..7cf8085857aa7b1074b63866bfbc9352d33614b2 100644 (file)
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -1236,17 +1236,10 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
         name = va_arg(args, char *);
         params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
                                                      name, 0);
-    } else if (OPENSSL_strcasecmp(type, "ED25519") != 0
-               && OPENSSL_strcasecmp(type, "X25519") != 0
-               && OPENSSL_strcasecmp(type, "ED448") != 0
-               && OPENSSL_strcasecmp(type, "X448") != 0
-               && OPENSSL_strcasecmp(type, "SM2") != 0) {
-        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT);
-        goto end;
     }
+
     ret = evp_pkey_keygen(libctx, type, propq, params);
 
- end:
     va_end(args);
     return ret;
 }
diff --git a/doc/man3/EVP_PKEY_keygen.pod b/doc/man3/EVP_PKEY_keygen.pod
index 433123618606f736ac9b2b8868d6402ede153919..dec9dd572fa70900c8fadb36f2904fbde4f271b0 100644 (file)
--- a/doc/man3/EVP_PKEY_keygen.pod
+++ b/doc/man3/EVP_PKEY_keygen.pod
@@ -101,7 +101,9 @@ a B<size_t> parameter must be given to specify the size of the RSA key.
 If I<type> is C<EC>,
 a string parameter must be given to specify the name of the EC curve.
 If I<type> is C<X25519>, C<X448>, C<ED25519>, C<ED448>, or C<SM2>
-no further parameter is needed.
+no further parameter is needed. Other key types may be possible if they are
+supplied by the loaded providers. EVP_PKEY_Q_keygen() may be usable with such
+key types as long as they do not require further parameters.
 
 =head1 RETURN VALUES
 
Mirror of https://github.com/openssl/openssl.git