Avoid erroneous legacy code path when provided

author Viktor Dukhovni <openssl-users@dukhovni.org>

Mon, 17 Mar 2025 03:08:52 +0000 (14:08 +1100)

committer Tomas Mraz <tomas@openssl.org>

Thu, 20 Mar 2025 10:34:10 +0000 (11:34 +0100)
author Viktor Dukhovni <openssl-users@dukhovni.org>
Mon, 17 Mar 2025 03:08:52 +0000 (14:08 +1100)
committer Tomas Mraz <tomas@openssl.org>
Thu, 20 Mar 2025 10:34:10 +0000 (11:34 +0100)
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c

index 44d0895bcf1447b98e2ebd9b06359a5c2188b2b0..1ca44dabcfa33681477cafb9c559237c4ed325a9 100644 (file)
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -2827,11 +2827,15 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
  
  int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params)
  {
+    if (ctx->keymgmt != NULL)
+        return 0;
      return evp_pkey_ctx_setget_params_to_ctrl(ctx, SET, (OSSL_PARAM *)params);
  }
  
  int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
  {
+    if (ctx->keymgmt != NULL)
+        return 0;
      return evp_pkey_ctx_setget_params_to_ctrl(ctx, GET, params);
  }
  
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c

index 5cd0c4b27f6db347b74137a53555e0ca010b09b0..245ca2d41d72c78746c164172abc481e5039da15 100644 (file)
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -721,8 +721,9 @@ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params)
                  ctx->op.encap.kem->set_ctx_params(ctx->op.encap.algctx,
                                                    params);
          break;
-#ifndef FIPS_MODULE
      case EVP_PKEY_STATE_UNKNOWN:
+        break;
+#ifndef FIPS_MODULE
      case EVP_PKEY_STATE_LEGACY:
          return evp_pkey_ctx_set_params_to_ctrl(ctx, params);
  #endif
@@ -759,8 +760,9 @@ int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
                  ctx->op.encap.kem->get_ctx_params(ctx->op.encap.algctx,
                                                    params);
          break;
-#ifndef FIPS_MODULE
      case EVP_PKEY_STATE_UNKNOWN:
+        break;
+#ifndef FIPS_MODULE
      case EVP_PKEY_STATE_LEGACY:
          return evp_pkey_ctx_get_params_to_ctrl(ctx, params);
  #endif
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c

index c5fbbf8a83092115c94ab4c36b3b947e4801bcdb..d441d4be59b3fc168eb5ba4ff016c3b2fe83496b 100644 (file)
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -716,7 +716,9 @@ static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
  
      if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
          goto err;
-    if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
+    /* Check that premature EVP_PKEY_CTX_set_params() fails gracefully */
+    if (!TEST_int_eq(EVP_PKEY_CTX_set_params(pctx, params), 0)
+        || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
          || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
                                            params), 0))
          goto err;
author	Viktor Dukhovni <openssl-users@dukhovni.org>
	Mon, 17 Mar 2025 03:08:52 +0000 (14:08 +1100)
committer	Tomas Mraz <tomas@openssl.org>
	Thu, 20 Mar 2025 10:34:10 +0000 (11:34 +0100)
crypto/evp/ctrl_params_translate.c		patch \| blob \| blame \| history
crypto/evp/pmeth_lib.c		patch \| blob \| blame \| history
test/evp_extra_test.c		patch \| blob \| blame \| history