From: Vladimirs Ambrosovs Date: Wed, 1 Nov 2023 11:18:14 +0000 (+0200) Subject: Bugfixes for params to legacy control translations for EC parameters X-Git-Tag: openssl-3.5.0-alpha1~934 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2aaef03339a88e5d693f278406a889657b10fd2d;p=thirdparty%2Fopenssl.git Bugfixes for params to legacy control translations for EC parameters param->ctrl translation: Fix fix_ecdh_cofactor() In POST_PARAMS_TO_CTRL state the fix_ecdh_cofactor() function should return value in ctx->p1 param->ctrl translation: fix evp_pkey_ctx_setget_params_to_ctrl return Since some of the ctrl operations may return 0 as valid value (e.g. ecdh_cofactor value 0 is valid setting), before colling POST_PARAMS_TO_CTRL, we need to check return value for 0 as well otherwise the evp_pkey_ctx_setget_params_to_ctrl function fails without a chance to fix the return value param->ctrl translation: Set ecdh_cofactor default action_type GET Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22587) --- diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index 406343f0a81..a932d38c060 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -1208,6 +1208,8 @@ static int fix_ecdh_cofactor(enum state state, /* The initial value for |ctx->action_type| must not be zero. */ if (!ossl_assert(ctx->action_type != NONE)) return 0; + } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == NONE) { + ctx->action_type = GET; } if ((ret = default_check(state, translation, ctx)) <= 0) @@ -1233,6 +1235,8 @@ static int fix_ecdh_cofactor(enum state state, } } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) { ctx->p1 = -2; + } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET) { + ctx->p1 = ret; } return ret; @@ -2868,8 +2872,14 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx, /* * In POST, we pass the return value as p1, allowing the fixup_args * function to put it to good use, or maybe affect it. + * + * NOTE: even though EVP_PKEY_CTX_ctrl return value is documented + * as return positive on Success and 0 or negative on falure. There + * maybe parameters (e.g. ecdh_cofactor), which actually return 0 + * as success value. That is why we do POST_PARAMS_TO_CTRL for 0 + * value as well */ - if (ret > 0) { + if (ret >= 0) { ctx.p1 = ret; fixup(POST_PARAMS_TO_CTRL, translation, &ctx); ret = ctx.p1;