When exporting/importing decoded keys do not use 0 as selection

t8m · tmshort · commit 2acb0d363c00 · 2023-08-04T10:09:44.000-04:00
When decoding 0 as the selection means to decode anything you get. However when exporting and then importing the key data 0 as selection is not meaningful. So we set it to OSSL_KEYMGMT_SELECT_ALL to make the export/import function export/import everything that we have decoded. Fixes #21493 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from #21519)
diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c
@@ -155,7 +155,11 @@ static int decoder_construct_pkey(OSSL_DECODER_INSTANCE *decoder_inst,
 
             import_data.keymgmt = keymgmt;
             import_data.keydata = NULL;
-            import_data.selection = data->selection;
+            if (data->selection == 0)
+                /* import/export functions do not tolerate 0 selection */
+                import_data.selection = OSSL_KEYMGMT_SELECT_ALL;
+            else
+                import_data.selection = data->selection;
 
             /*
              * No need to check for errors here, the value of
diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c
@@ -317,10 +317,14 @@ static int der2key_export_object(void *vctx,
     void *keydata;
 
     if (reference_sz == sizeof(keydata) && export != NULL) {
+        int selection = ctx->selection;
+
+        if (selection == 0)
+            selection = OSSL_KEYMGMT_SELECT_ALL;
         /* The contents of the reference is the address to our object */
         keydata = *(void **)reference;
 
-        return export(keydata, ctx->selection, export_cb, export_cbarg);
+        return export(keydata, selection, export_cb, export_cbarg);
     }
     return 0;
 }
diff --git a/providers/implementations/encode_decode/decode_msblob2key.c b/providers/implementations/encode_decode/decode_msblob2key.c
@@ -221,10 +221,14 @@ msblob2key_export_object(void *vctx,
     void *keydata;
 
     if (reference_sz == sizeof(keydata) && export != NULL) {
+        int selection = ctx->selection;
+
+        if (selection == 0)
+            selection = OSSL_KEYMGMT_SELECT_ALL;
         /* The contents of the reference is the address to our object */
         keydata = *(void **)reference;
 
-        return export(keydata, ctx->selection, export_cb, export_cbarg);
+        return export(keydata, selection, export_cb, export_cbarg);
     }
     return 0;
 }
diff --git a/providers/implementations/encode_decode/decode_pvk2key.c b/providers/implementations/encode_decode/decode_pvk2key.c
@@ -190,10 +190,14 @@ static int pvk2key_export_object(void *vctx,
     void *keydata;
 
     if (reference_sz == sizeof(keydata) && export != NULL) {
+        int selection = ctx->selection;
+
+        if (selection == 0)
+            selection = OSSL_KEYMGMT_SELECT_ALL;
         /* The contents of the reference is the address to our object */
         keydata = *(void **)reference;
 
-        return export(keydata, ctx->selection, export_cb, export_cbarg);
+        return export(keydata, selection, export_cb, export_cbarg);
     }
     return 0;
 }

Original file line number	Diff line number	Diff line change
`@@ -317,10 +317,14 @@ static int der2key_export_object(void *vctx,`
`317`	`317`	`void *keydata;`
`318`	`318`
`319`	`319`	`if (reference_sz == sizeof(keydata) && export != NULL) {`
	`320`	`+ int selection = ctx->selection;`
	`321`	`+`
	`322`	`+ if (selection == 0)`
	`323`	`+ selection = OSSL_KEYMGMT_SELECT_ALL;`
`320`	`324`	`/* The contents of the reference is the address to our object */`
`321`	`325`	`keydata = (void *)reference;`
`322`	`326`
`323`		`- return export(keydata, ctx->selection, export_cb, export_cbarg);`
	`327`	`+ return export(keydata, selection, export_cb, export_cbarg);`
`324`	`328`	`}`
`325`	`329`	`return 0;`
`326`	`330`	`}`
Original file line number	Diff line number	Diff line change
`@@ -221,10 +221,14 @@ msblob2key_export_object(void *vctx,`
`221`	`221`	`void *keydata;`
`222`	`222`
`223`	`223`	`if (reference_sz == sizeof(keydata) && export != NULL) {`
	`224`	`+ int selection = ctx->selection;`
	`225`	`+`
	`226`	`+ if (selection == 0)`
	`227`	`+ selection = OSSL_KEYMGMT_SELECT_ALL;`
`224`	`228`	`/* The contents of the reference is the address to our object */`
`225`	`229`	`keydata = (void *)reference;`
`226`	`230`
`227`		`- return export(keydata, ctx->selection, export_cb, export_cbarg);`
	`231`	`+ return export(keydata, selection, export_cb, export_cbarg);`
`228`	`232`	`}`
`229`	`233`	`return 0;`
`230`	`234`	`}`
Original file line number	Diff line number	Diff line change
`@@ -190,10 +190,14 @@ static int pvk2key_export_object(void *vctx,`
`190`	`190`	`void *keydata;`
`191`	`191`
`192`	`192`	`if (reference_sz == sizeof(keydata) && export != NULL) {`
	`193`	`+ int selection = ctx->selection;`
	`194`	`+`
	`195`	`+ if (selection == 0)`
	`196`	`+ selection = OSSL_KEYMGMT_SELECT_ALL;`
`193`	`197`	`/* The contents of the reference is the address to our object */`
`194`	`198`	`keydata = (void *)reference;`
`195`	`199`
`196`		`- return export(keydata, ctx->selection, export_cb, export_cbarg);`
	`200`	`+ return export(keydata, selection, export_cb, export_cbarg);`
`197`	`201`	`}`
`198`	`202`	`return 0;`
`199`	`203`	`}`