Avoid erroneous legacy code path when provided

author Viktor Dukhovni <openssl-users@dukhovni.org>

Mon, 17 Mar 2025 03:08:52 +0000 (14:08 +1100)

committer Tomas Mraz <tomas@openssl.org>

Thu, 20 Mar 2025 10:33:50 +0000 (11:33 +0100)
author Viktor Dukhovni <openssl-users@dukhovni.org>
Mon, 17 Mar 2025 03:08:52 +0000 (14:08 +1100)
committer Tomas Mraz <tomas@openssl.org>
Thu, 20 Mar 2025 10:33:50 +0000 (11:33 +0100)
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c

index a932d38c060853b02155d3703dde2cb9965eef5b..ddc2f898433c247fcb49ea5143f6a3ec8287168b 100644 (file)
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -2895,11 +2895,15 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
  
  int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params)
  {
+    if (ctx->keymgmt != NULL)
+        return 0;
      return evp_pkey_ctx_setget_params_to_ctrl(ctx, SET, (OSSL_PARAM *)params);
  }
  
  int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
  {
+    if (ctx->keymgmt != NULL)
+        return 0;
      return evp_pkey_ctx_setget_params_to_ctrl(ctx, GET, params);
  }
  
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c

index eb8c37eaf6306527f8f849a947eccb049312a9ad..031175131874ce96fad31709b184e204176c3aa8 100644 (file)
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -695,8 +695,9 @@ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params)
                  ctx->op.encap.kem->set_ctx_params(ctx->op.encap.algctx,
                                                    params);
          break;
-#ifndef FIPS_MODULE
      case EVP_PKEY_STATE_UNKNOWN:
+        break;
+#ifndef FIPS_MODULE
      case EVP_PKEY_STATE_LEGACY:
          return evp_pkey_ctx_set_params_to_ctrl(ctx, params);
  #endif
@@ -739,8 +740,9 @@ int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
                  evp_keymgmt_gen_get_params(ctx->keymgmt, ctx->op.keymgmt.genctx,
                                             params);
          break;
-#ifndef FIPS_MODULE
      case EVP_PKEY_STATE_UNKNOWN:
+        break;
+#ifndef FIPS_MODULE
      case EVP_PKEY_STATE_LEGACY:
          return evp_pkey_ctx_get_params_to_ctrl(ctx, params);
  #endif
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c

index b28611d0ca9ac100236c86a2423907d2b46d9563..8265efc06d692ea290d64e71352ce406d94afb9c 100644 (file)
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -900,7 +900,9 @@ static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
  
      if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
          goto err;
-    if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
+    /* Check that premature EVP_PKEY_CTX_set_params() fails gracefully */
+    if (!TEST_int_eq(EVP_PKEY_CTX_set_params(pctx, params), 0)
+        || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
          || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
                                            params), 0))
          goto err;
author	Viktor Dukhovni <openssl-users@dukhovni.org>
	Mon, 17 Mar 2025 03:08:52 +0000 (14:08 +1100)
committer	Tomas Mraz <tomas@openssl.org>
	Thu, 20 Mar 2025 10:33:50 +0000 (11:33 +0100)
crypto/evp/ctrl_params_translate.c		patch \| blob \| blame \| history
crypto/evp/pmeth_lib.c		patch \| blob \| blame \| history
test/evp_extra_test.c		patch \| blob \| blame \| history