DESERIALIZER: Make it possible to deserialize public keys too

levitte · paulidale · commit 3ff8159a8af6 · 2020-08-01T11:51:18.000+10:00
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from openssl#12544)
diff --git a/providers/implementations/serializers/deserialize_der2rsa.c b/providers/implementations/serializers/deserialize_der2rsa.c
@@ -123,8 +123,13 @@ static int der2rsa_deserialize(void *vctx, OSSL_CORE_BIO *cin,
     }
 
     derp = der;
-    if ((pkey = d2i_PrivateKey_ex(ctx->type, NULL, &derp, der_len,
-                                  libctx, NULL)) != NULL) {
+    pkey = d2i_PrivateKey_ex(ctx->type, NULL, &derp, der_len, libctx, NULL);
+    if (pkey == NULL) {
+        derp = der;
+        pkey = d2i_PUBKEY(NULL, &derp, der_len);
+    }
+
+    if (pkey != NULL) {
         /* Tear out the RSA pointer from the pkey */
         rsa = EVP_PKEY_get1_RSA(pkey);
         EVP_PKEY_free(pkey);
diff --git a/test/serdes_test.c b/test/serdes_test.c
@@ -426,6 +426,64 @@ static int test_protected_RSA_PSS_via_legacy_PEM(void)
                                       NULL, 1);
 }
 
+static int check_public_DER(int type, const void *data, size_t data_len)
+{
+    const unsigned char *datap = data;
+    EVP_PKEY *pkey = d2i_PUBKEY(NULL, &datap, data_len);
+    int ok = (TEST_ptr(pkey) && TEST_true(EVP_PKEY_is_a(pkey, "RSA")));
+
+    EVP_PKEY_free(pkey);
+    return ok;
+}
+
+static int test_public_RSA_via_DER(void)
+{
+    return test_serialize_deserialize("RSA", NULL, NULL,
+                                      serialize_EVP_PKEY_prov,
+                                      deserialize_EVP_PKEY_prov,
+                                      check_public_DER, dump_der,
+                                      OSSL_SERIALIZER_PUBKEY_TO_DER_PQ,
+                                      0);
+}
+
+static int test_public_RSA_PSS_via_DER(void)
+{
+    return test_serialize_deserialize("RSA-PSS", NULL, NULL,
+                                      serialize_EVP_PKEY_prov,
+                                      deserialize_EVP_PKEY_prov,
+                                      check_public_DER, dump_der,
+                                      OSSL_SERIALIZER_PUBKEY_TO_DER_PQ,
+                                      0);
+}
+
+static int check_public_PEM(int type, const void *data, size_t data_len)
+{
+    static const char pem_header[] = "-----BEGIN " PEM_STRING_PUBLIC "-----";
+
+    return
+        TEST_strn_eq(data, pem_header, sizeof(pem_header) - 1);
+}
+
+static int test_public_RSA_via_PEM(void)
+{
+    return test_serialize_deserialize("RSA", NULL, NULL,
+                                      serialize_EVP_PKEY_prov,
+                                      deserialize_EVP_PKEY_prov,
+                                      check_public_PEM, dump_pem,
+                                      OSSL_SERIALIZER_PUBKEY_TO_PEM_PQ,
+                                      0);
+}
+
+static int test_public_RSA_PSS_via_PEM(void)
+{
+    return test_serialize_deserialize("RSA-PSS", NULL, NULL,
+                                      serialize_EVP_PKEY_prov,
+                                      deserialize_EVP_PKEY_prov,
+                                      check_public_PEM, dump_pem,
+                                      OSSL_SERIALIZER_PUBKEY_TO_PEM_PQ,
+                                      0);
+}
+
 int setup_tests(void)
 {
     TEST_info("Generating keys...");
@@ -447,12 +505,16 @@ int setup_tests(void)
     ADD_TEST(test_protected_RSA_via_DER);
     ADD_TEST(test_protected_RSA_via_PEM);
     ADD_TEST(test_protected_RSA_via_legacy_PEM);
+    ADD_TEST(test_public_RSA_via_DER);
+    ADD_TEST(test_public_RSA_via_PEM);
     ADD_TEST(test_unprotected_RSA_PSS_via_DER);
     ADD_TEST(test_unprotected_RSA_PSS_via_PEM);
     ADD_TEST(test_unprotected_RSA_PSS_via_legacy_PEM);
     ADD_TEST(test_protected_RSA_PSS_via_DER);
     ADD_TEST(test_protected_RSA_PSS_via_PEM);
     ADD_TEST(test_protected_RSA_PSS_via_legacy_PEM);
+    ADD_TEST(test_public_RSA_PSS_via_DER);
+    ADD_TEST(test_public_RSA_PSS_via_PEM);
 
     return 1;
 }
