diff options
| author | Tomas Mraz <tomas@openssl.org> | 2021-04-08 18:25:26 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-04-15 09:19:39 +0200 |
| commit | b4f447c038c05260491eb880e4a9c420b476c119 (patch) | |
| tree | 1f77cb414be14032b47264c1c98356c9398b4516 /crypto/rsa | |
| parent | 4a9fe33c8e12f4fefae0471c0834f8e674dc7e4e (diff) | |
| download | openssl-new-b4f447c038c05260491eb880e4a9c420b476c119.tar.gz | |
Add selection support to the provider keymgmt_dup function
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14793)
Diffstat (limited to 'crypto/rsa')
| -rw-r--r-- | crypto/rsa/rsa_ameth.c | 2 | ||||
| -rw-r--r-- | crypto/rsa/rsa_backend.c | 50 |
2 files changed, 30 insertions, 22 deletions
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 45e0000117..2f9d60a7b3 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -891,7 +891,7 @@ static int rsa_pkey_copy(EVP_PKEY *to, EVP_PKEY *from) int ret; if (rsa != NULL) { - dupkey = ossl_rsa_dup(rsa); + dupkey = ossl_rsa_dup(rsa, OSSL_KEYMGMT_SELECT_ALL); if (dupkey == NULL) return 0; } diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c index 92be5f610a..192b3fdbf7 100644 --- a/crypto/rsa/rsa_backend.c +++ b/crypto/rsa/rsa_backend.c @@ -330,7 +330,7 @@ static ossl_inline int rsa_bn_dup_check(BIGNUM **out, const BIGNUM *f) return 1; } -RSA *ossl_rsa_dup(const RSA *rsa) +RSA *ossl_rsa_dup(const RSA *rsa, int selection) { RSA *dupkey = NULL; #ifndef FIPS_MODULE @@ -344,34 +344,42 @@ RSA *ossl_rsa_dup(const RSA *rsa) if ((dupkey = ossl_rsa_new_with_ctx(rsa->libctx)) == NULL) return NULL; - /* private and public key */ - if (!rsa_bn_dup_check(&dupkey->n, rsa->n)) - goto err; - if (!rsa_bn_dup_check(&dupkey->e, rsa->e)) - goto err; - if (!rsa_bn_dup_check(&dupkey->d, rsa->d)) - goto err; + /* public key */ + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { + if (!rsa_bn_dup_check(&dupkey->n, rsa->n)) + goto err; + if (!rsa_bn_dup_check(&dupkey->e, rsa->e)) + goto err; + } - /* factors and crt params */ - if (!rsa_bn_dup_check(&dupkey->p, rsa->p)) - goto err; - if (!rsa_bn_dup_check(&dupkey->q, rsa->q)) - goto err; - if (!rsa_bn_dup_check(&dupkey->dmp1, rsa->dmp1)) - goto err; - if (!rsa_bn_dup_check(&dupkey->dmq1, rsa->dmq1)) - goto err; - if (!rsa_bn_dup_check(&dupkey->iqmp, rsa->iqmp)) - goto err; + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { + + /* private key */ + if (!rsa_bn_dup_check(&dupkey->d, rsa->d)) + goto err; + + /* factors and crt params */ + if (!rsa_bn_dup_check(&dupkey->p, rsa->p)) + goto err; + if (!rsa_bn_dup_check(&dupkey->q, rsa->q)) + goto err; + if (!rsa_bn_dup_check(&dupkey->dmp1, rsa->dmp1)) + goto err; + if (!rsa_bn_dup_check(&dupkey->dmq1, rsa->dmq1)) + goto err; + if (!rsa_bn_dup_check(&dupkey->iqmp, rsa->iqmp)) + goto err; + } dupkey->version = rsa->version; dupkey->flags = rsa->flags; + /* we always copy the PSS parameters regardless of selection */ dupkey->pss_params = rsa->pss_params; #ifndef FIPS_MODULE /* multiprime */ - pnum = sk_RSA_PRIME_INFO_num(rsa->prime_infos); - if (pnum > 0) { + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 + && (pnum = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) > 0) { dupkey->prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum); for (i = 0; i < pnum; i++) { const RSA_PRIME_INFO *pinfo = NULL; |