From: Matt Caswell Date: Thu, 21 May 2020 10:36:21 +0000 (+0100) Subject: When asked if an ECX key has parameters we should answer "true" X-Git-Tag: openssl-3.0.0-alpha4~173 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7fa2b2673edd684ceb94ff19346f08121da9774f;p=thirdparty%2Fopenssl.git When asked if an ECX key has parameters we should answer "true" An ECX key doesn't have any parameters associated with it. Therefore it always has all the parameters it needs, and the "has" function should return 1 if asked about parameters. Without this EVP_PKEY_missing_parameters() fails for ECX keys. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11898) --- diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c index c7a90543f9f..e5c7e8bf3a5 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/providers/implementations/keymgmt/ecx_kmgmt.c @@ -101,8 +101,11 @@ static int ecx_has(void *keydata, int selection) int ok = 0; if (key != NULL) { - if ((selection & ECX_POSSIBLE_SELECTIONS) != 0) - ok = 1; + /* + * ECX keys always have all the parameters they need (i.e. none). + * Therefore we always return with 1, if asked about parameters. + */ + ok = 1; if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) ok = ok && key->haspubkey; diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index 4c68f6bc6c1..ffb56cb3eec 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -855,7 +855,8 @@ static int test_fromdata_ecx(int tst) goto err; if (!TEST_ptr(copy_pk = EVP_PKEY_new()) - || !TEST_false(EVP_PKEY_copy_parameters(copy_pk, pk))) + /* This should succeed because there are no parameters to copy */ + || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk))) goto err; if (!TEST_true(EVP_PKEY_get_octet_string_param(