diff options
| author | Vladimirs Ambrosovs <rodriguez.twister@gmail.com> | 2023-11-01 12:18:14 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-11-07 10:35:54 +0100 |
| commit | 2aaef03339a88e5d693f278406a889657b10fd2d (patch) | |
| tree | 0382e24baa38a1ee4baed566230f238bc810d409 | |
| parent | Adjust naming authority formatting when printing out admission extension (diff) | |
| download | openssl-2aaef03339a88e5d693f278406a889657b10fd2d.tar.xz openssl-2aaef03339a88e5d693f278406a889657b10fd2d.zip | |
Bugfixes for params to legacy control translations for EC parameters
param->ctrl translation: Fix fix_ecdh_cofactor()
In POST_PARAMS_TO_CTRL state the fix_ecdh_cofactor() function should
return value in ctx->p1
param->ctrl translation: fix evp_pkey_ctx_setget_params_to_ctrl
return
Since some of the ctrl operations may return 0 as valid value
(e.g. ecdh_cofactor value 0 is valid setting), before colling
POST_PARAMS_TO_CTRL, we need to check return value for 0 as well
otherwise the evp_pkey_ctx_setget_params_to_ctrl function fails
without a chance to fix the return value
param->ctrl translation: Set ecdh_cofactor default action_type GET
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22587)
| -rw-r--r-- | crypto/evp/ctrl_params_translate.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index 406343f0a8..a932d38c06 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -1208,6 +1208,8 @@ static int fix_ecdh_cofactor(enum state state, /* The initial value for |ctx->action_type| must not be zero. */ if (!ossl_assert(ctx->action_type != NONE)) return 0; + } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == NONE) { + ctx->action_type = GET; } if ((ret = default_check(state, translation, ctx)) <= 0) @@ -1233,6 +1235,8 @@ static int fix_ecdh_cofactor(enum state state, } } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) { ctx->p1 = -2; + } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET) { + ctx->p1 = ret; } return ret; @@ -2868,8 +2872,14 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx, /* * In POST, we pass the return value as p1, allowing the fixup_args * function to put it to good use, or maybe affect it. + * + * NOTE: even though EVP_PKEY_CTX_ctrl return value is documented + * as return positive on Success and 0 or negative on falure. There + * maybe parameters (e.g. ecdh_cofactor), which actually return 0 + * as success value. That is why we do POST_PARAMS_TO_CTRL for 0 + * value as well */ - if (ret > 0) { + if (ret >= 0) { ctx.p1 = ret; fixup(POST_PARAMS_TO_CTRL, translation, &ctx); ret = ctx.p1; |