From 2acb0d363c0032b5b97c4f6596609f40bd7d842f Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 21 Jul 2023 17:40:31 +0200 Subject: [PATCH] When exporting/importing decoded keys do not use 0 as selection When decoding 0 as the selection means to decode anything you get. However when exporting and then importing the key data 0 as selection is not meaningful. So we set it to OSSL_KEYMGMT_SELECT_ALL to make the export/import function export/import everything that we have decoded. Fixes #21493 Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Todd Short (Merged from https://github.com/openssl/openssl/pull/21519) --- crypto/encode_decode/decoder_pkey.c | 6 +++++- providers/implementations/encode_decode/decode_der2key.c | 6 +++++- providers/implementations/encode_decode/decode_msblob2key.c | 6 +++++- providers/implementations/encode_decode/decode_pvk2key.c | 6 +++++- 4 files changed, 20 insertions(+), 4 deletions(-) diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c index 49c90a81a6..e3aaa44902 100644 --- a/crypto/encode_decode/decoder_pkey.c +++ b/crypto/encode_decode/decoder_pkey.c @@ -155,7 +155,11 @@ static int decoder_construct_pkey(OSSL_DECODER_INSTANCE *decoder_inst, import_data.keymgmt = keymgmt; import_data.keydata = NULL; - import_data.selection = data->selection; + if (data->selection == 0) + /* import/export functions do not tolerate 0 selection */ + import_data.selection = OSSL_KEYMGMT_SELECT_ALL; + else + import_data.selection = data->selection; /* * No need to check for errors here, the value of diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index 2657760a62..5f094a32dc 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -317,10 +317,14 @@ static int der2key_export_object(void *vctx, void *keydata; if (reference_sz == sizeof(keydata) && export != NULL) { + int selection = ctx->selection; + + if (selection == 0) + selection = OSSL_KEYMGMT_SELECT_ALL; /* The contents of the reference is the address to our object */ keydata = *(void **)reference; - return export(keydata, ctx->selection, export_cb, export_cbarg); + return export(keydata, selection, export_cb, export_cbarg); } return 0; } diff --git a/providers/implementations/encode_decode/decode_msblob2key.c b/providers/implementations/encode_decode/decode_msblob2key.c index 3bf4cf4537..7c4f993b89 100644 --- a/providers/implementations/encode_decode/decode_msblob2key.c +++ b/providers/implementations/encode_decode/decode_msblob2key.c @@ -221,10 +221,14 @@ msblob2key_export_object(void *vctx, void *keydata; if (reference_sz == sizeof(keydata) && export != NULL) { + int selection = ctx->selection; + + if (selection == 0) + selection = OSSL_KEYMGMT_SELECT_ALL; /* The contents of the reference is the address to our object */ keydata = *(void **)reference; - return export(keydata, ctx->selection, export_cb, export_cbarg); + return export(keydata, selection, export_cb, export_cbarg); } return 0; } diff --git a/providers/implementations/encode_decode/decode_pvk2key.c b/providers/implementations/encode_decode/decode_pvk2key.c index 819014231c..cae1d9897a 100644 --- a/providers/implementations/encode_decode/decode_pvk2key.c +++ b/providers/implementations/encode_decode/decode_pvk2key.c @@ -190,10 +190,14 @@ static int pvk2key_export_object(void *vctx, void *keydata; if (reference_sz == sizeof(keydata) && export != NULL) { + int selection = ctx->selection; + + if (selection == 0) + selection = OSSL_KEYMGMT_SELECT_ALL; /* The contents of the reference is the address to our object */ keydata = *(void **)reference; - return export(keydata, ctx->selection, export_cb, export_cbarg); + return export(keydata, selection, export_cb, export_cbarg); } return 0; } -- 2.34.1