From: Tomas Mraz Date: Fri, 21 Jul 2023 15:40:31 +0000 (+0200) Subject: When exporting/importing decoded keys do not use 0 as selection X-Git-Tag: openssl-3.1.3~65 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=137ba0567417441cd8b3d43cf23e27d73f7a7684;p=thirdparty%2Fopenssl.git When exporting/importing decoded keys do not use 0 as selection When decoding 0 as the selection means to decode anything you get. However when exporting and then importing the key data 0 as selection is not meaningful. So we set it to OSSL_KEYMGMT_SELECT_ALL to make the export/import function export/import everything that we have decoded. Fixes #21493 Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Todd Short (Merged from https://github.com/openssl/openssl/pull/21519) (cherry picked from commit 2acb0d363c0032b5b97c4f6596609f40bd7d842f) --- diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c index fa32f2b9fbd..fa66cbe7351 100644 --- a/crypto/encode_decode/decoder_pkey.c +++ b/crypto/encode_decode/decoder_pkey.c @@ -152,7 +152,11 @@ static int decoder_construct_pkey(OSSL_DECODER_INSTANCE *decoder_inst, import_data.keymgmt = keymgmt; import_data.keydata = NULL; - import_data.selection = data->selection; + if (data->selection == 0) + /* import/export functions do not tolerate 0 selection */ + import_data.selection = OSSL_KEYMGMT_SELECT_ALL; + else + import_data.selection = data->selection; /* * No need to check for errors here, the value of diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index 9f4a9c57776..72f73b69dc7 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -317,10 +317,14 @@ static int der2key_export_object(void *vctx, void *keydata; if (reference_sz == sizeof(keydata) && export != NULL) { + int selection = ctx->selection; + + if (selection == 0) + selection = OSSL_KEYMGMT_SELECT_ALL; /* The contents of the reference is the address to our object */ keydata = *(void **)reference; - return export(keydata, ctx->selection, export_cb, export_cbarg); + return export(keydata, selection, export_cb, export_cbarg); } return 0; } diff --git a/providers/implementations/encode_decode/decode_msblob2key.c b/providers/implementations/encode_decode/decode_msblob2key.c index 91f9977b6ba..80c6e0a91e9 100644 --- a/providers/implementations/encode_decode/decode_msblob2key.c +++ b/providers/implementations/encode_decode/decode_msblob2key.c @@ -223,10 +223,14 @@ msblob2key_export_object(void *vctx, void *keydata; if (reference_sz == sizeof(keydata) && export != NULL) { + int selection = ctx->selection; + + if (selection == 0) + selection = OSSL_KEYMGMT_SELECT_ALL; /* The contents of the reference is the address to our object */ keydata = *(void **)reference; - return export(keydata, ctx->selection, export_cb, export_cbarg); + return export(keydata, selection, export_cb, export_cbarg); } return 0; } diff --git a/providers/implementations/encode_decode/decode_pvk2key.c b/providers/implementations/encode_decode/decode_pvk2key.c index 2975186c300..4eeeaf425a4 100644 --- a/providers/implementations/encode_decode/decode_pvk2key.c +++ b/providers/implementations/encode_decode/decode_pvk2key.c @@ -190,10 +190,14 @@ static int pvk2key_export_object(void *vctx, void *keydata; if (reference_sz == sizeof(keydata) && export != NULL) { + int selection = ctx->selection; + + if (selection == 0) + selection = OSSL_KEYMGMT_SELECT_ALL; /* The contents of the reference is the address to our object */ keydata = *(void **)reference; - return export(keydata, ctx->selection, export_cb, export_cbarg); + return export(keydata, selection, export_cb, export_cbarg); } return 0; }