From: Matthias St. Pierre <matthias.st.pierre@ncp-e.com>
Date: Mon, 2 Oct 2023 10:10:01 +0000 (+0200)
Subject: Don't (re-)initialize the FFC_PARAMs in dh_init and dsa_init
X-Git-Tag: openssl-3.1.4~42
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=16546f439b68324994deb3621774cc078780f7fc;p=thirdparty%2Fopenssl.git

Don't (re-)initialize the FFC_PARAMs in dh_init and dsa_init

The initialization was introduced in commit dc8de3e6f1ee and
changes the behaviour of the `init` method for DSA and DH
between 1.1.1 and 3.0, while the behaviour for RSA and EC_KEY
remains unchanged.

The initialization is not necessary in 3.x and master imho and
breaks the use-case of intercepting the methods of an existing
key.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22185)

(cherry picked from commit 706512ecbc31585d447b53c3aa89acdf6951f996)
---

diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 4e9705beef7..fb9ef5dd7c5 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -190,7 +190,6 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
 static int dh_init(DH *dh)
 {
     dh->flags |= DH_FLAG_CACHE_MONT_P;
-    ossl_ffc_params_init(&dh->params);
     dh->dirty_cnt++;
     return 1;
 }
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 29cda5d7bfa..57ea2ee4924 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -116,6 +116,8 @@ static DH *dh_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx)
         goto err;
 #endif /* FIPS_MODULE */
 
+    ossl_ffc_params_init(&ret->params);
+
     if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
         ERR_raise(ERR_LIB_DH, ERR_R_INIT_FAIL);
         goto err;
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index ccc70165921..ebe3685d460 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -176,6 +176,8 @@ static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx)
         goto err;
 #endif
 
+    ossl_ffc_params_init(&ret->params);
+
     if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
         ERR_raise(ERR_LIB_DSA, ERR_R_INIT_FAIL);
         goto err;
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 62f7c70149f..8fd66a950e3 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -441,7 +441,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
 static int dsa_init(DSA *dsa)
 {
     dsa->flags |= DSA_FLAG_CACHE_MONT_P;
-    ossl_ffc_params_init(&dsa->params);
     dsa->dirty_cnt++;
     return 1;
 }