DESERIALIZER: Make it possible to deserialize public keys too

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12544)

diff --git a/providers/implementations/serializers/deserialize_der2rsa.c b/providers/implementations/serializers/deserialize_der2rsa.c
index 80be281ec9431e8471cfbea5d38293581edbfa4c..710fd2d1a8fb846e92d3ad186858f8e49d5daf35 100644 (file)
--- a/providers/implementations/serializers/deserialize_der2rsa.c
+++ b/providers/implementations/serializers/deserialize_der2rsa.c
@@ -123,8 +123,13 @@ static int der2rsa_deserialize(void *vctx, OSSL_CORE_BIO *cin,
     }
 
     derp = der;
-    if ((pkey = d2i_PrivateKey_ex(ctx->type, NULL, &derp, der_len,
-                                  libctx, NULL)) != NULL) {
+    pkey = d2i_PrivateKey_ex(ctx->type, NULL, &derp, der_len, libctx, NULL);
+    if (pkey == NULL) {
+        derp = der;
+        pkey = d2i_PUBKEY(NULL, &derp, der_len);
+    }
+
+    if (pkey != NULL) {
         /* Tear out the RSA pointer from the pkey */
         rsa = EVP_PKEY_get1_RSA(pkey);
         EVP_PKEY_free(pkey);

diff --git a/test/serdes_test.c b/test/serdes_test.c
index d5ba3940e90cfd9168faddb9c1584431ac9b9de3..df6008a6f6f208358b5f2fec4fd2a8bb84280d47 100644 (file)
--- a/test/serdes_test.c
+++ b/test/serdes_test.c
@@ -426,6 +426,64 @@ static int test_protected_RSA_PSS_via_legacy_PEM(void)
                                       NULL, 1);
 }
 
+static int check_public_DER(int type, const void *data, size_t data_len)
+{
+    const unsigned char *datap = data;
+    EVP_PKEY *pkey = d2i_PUBKEY(NULL, &datap, data_len);
+    int ok = (TEST_ptr(pkey) && TEST_true(EVP_PKEY_is_a(pkey, "RSA")));
+
+    EVP_PKEY_free(pkey);
+    return ok;
+}
+
+static int test_public_RSA_via_DER(void)
+{
+    return test_serialize_deserialize("RSA", NULL, NULL,
+                                      serialize_EVP_PKEY_prov,
+                                      deserialize_EVP_PKEY_prov,
+                                      check_public_DER, dump_der,
+                                      OSSL_SERIALIZER_PUBKEY_TO_DER_PQ,
+                                      0);
+}
+
+static int test_public_RSA_PSS_via_DER(void)
+{
+    return test_serialize_deserialize("RSA-PSS", NULL, NULL,
+                                      serialize_EVP_PKEY_prov,
+                                      deserialize_EVP_PKEY_prov,
+                                      check_public_DER, dump_der,
+                                      OSSL_SERIALIZER_PUBKEY_TO_DER_PQ,
+                                      0);
+}
+
+static int check_public_PEM(int type, const void *data, size_t data_len)
+{
+    static const char pem_header[] = "-----BEGIN " PEM_STRING_PUBLIC "-----";
+
+    return
+        TEST_strn_eq(data, pem_header, sizeof(pem_header) - 1);
+}
+
+static int test_public_RSA_via_PEM(void)
+{
+    return test_serialize_deserialize("RSA", NULL, NULL,
+                                      serialize_EVP_PKEY_prov,
+                                      deserialize_EVP_PKEY_prov,
+                                      check_public_PEM, dump_pem,
+                                      OSSL_SERIALIZER_PUBKEY_TO_PEM_PQ,
+                                      0);
+}
+
+static int test_public_RSA_PSS_via_PEM(void)
+{
+    return test_serialize_deserialize("RSA-PSS", NULL, NULL,
+                                      serialize_EVP_PKEY_prov,
+                                      deserialize_EVP_PKEY_prov,
+                                      check_public_PEM, dump_pem,
+                                      OSSL_SERIALIZER_PUBKEY_TO_PEM_PQ,
+                                      0);
+}
+
 int setup_tests(void)
 {
     TEST_info("Generating keys...");
@@ -447,12 +505,16 @@ int setup_tests(void)
     ADD_TEST(test_protected_RSA_via_DER);
     ADD_TEST(test_protected_RSA_via_PEM);
     ADD_TEST(test_protected_RSA_via_legacy_PEM);
+    ADD_TEST(test_public_RSA_via_DER);
+    ADD_TEST(test_public_RSA_via_PEM);
     ADD_TEST(test_unprotected_RSA_PSS_via_DER);
     ADD_TEST(test_unprotected_RSA_PSS_via_PEM);
     ADD_TEST(test_unprotected_RSA_PSS_via_legacy_PEM);
     ADD_TEST(test_protected_RSA_PSS_via_DER);
     ADD_TEST(test_protected_RSA_PSS_via_PEM);
     ADD_TEST(test_protected_RSA_PSS_via_legacy_PEM);
+    ADD_TEST(test_public_RSA_PSS_via_DER);
+    ADD_TEST(test_public_RSA_PSS_via_PEM);
 
     return 1;
 }