From: Matt Caswell <matt@openssl.org>
Date: Wed, 31 Jul 2024 13:24:12 +0000 (+0100)
Subject: Don't restrict the ECDSA settable ctx params unnecessarily
X-Git-Tag: openssl-3.3.3~193
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3c80f7ff4b271854c1285d42435dab8957c3df65;p=thirdparty%2Fopenssl.git

Don't restrict the ECDSA settable ctx params unnecessarily

We just allow all possible settables all the time. Some things like the
digest name can't actually be changed in some circumstances - but we already
have checks for those things. It's still possible to pass a digest of the
same name to one that's already been set for example.

Fixes #25012

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25057)

(cherry picked from commit d244abb6515c3f1c68975c5d62417aff03f488b5)
---

diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
index 6041bef4978..5ea5cf5c2b8 100644
--- a/providers/implementations/signature/ecdsa_sig.c
+++ b/providers/implementations/signature/ecdsa_sig.c
@@ -550,18 +550,9 @@ static const OSSL_PARAM settable_ctx_params[] = {
     OSSL_PARAM_END
 };
 
-static const OSSL_PARAM settable_ctx_params_no_digest[] = {
-    OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_KAT, NULL),
-    OSSL_PARAM_END
-};
-
 static const OSSL_PARAM *ecdsa_settable_ctx_params(void *vctx,
                                                    ossl_unused void *provctx)
 {
-    PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
-
-    if (ctx != NULL && !ctx->flag_allow_md)
-        return settable_ctx_params_no_digest;
     return settable_ctx_params;
 }