diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2016-05-27 14:18:40 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2016-05-31 13:26:54 +0100 |
| commit | fd785ca8921af85b00755fd1ce3cfe460edb2f95 (patch) | |
| tree | de0cdcd77e72f86d7b58274663a8e21b5d74aaf1 | |
| parent | 8e0a94a58a4382296b6c2ba6d7381c48e24e26cd (diff) | |
Parameter copy sanity checks.
Don't copy parameters is they're already present in the destination.
Return error if an attempt is made to copy different parameters to
destination. Update documentation.
If key type is not initialised return missing parameters
RT#4149
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit f72f00d49549c6620d7101f5e9bf7963da6df9ee)
| -rw-r--r-- | crypto/dh/dh_ameth.c | 2 | ||||
| -rw-r--r-- | crypto/dsa/dsa_ameth.c | 2 | ||||
| -rw-r--r-- | crypto/ec/ec_ameth.c | 2 | ||||
| -rw-r--r-- | crypto/evp/p_lib.c | 8 | ||||
| -rw-r--r-- | doc/crypto/EVP_PKEY_cmp.pod | 4 |
5 files changed, 14 insertions, 4 deletions
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index ac72468bd1..4558283576 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -519,7 +519,7 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) static int dh_missing_parameters(const EVP_PKEY *a) { - if (!a->pkey.dh->p || !a->pkey.dh->g) + if (a->pkey.dh == NULL || a->pkey.dh->p == NULL || a->pkey.dh->g == NULL) return 1; return 0; } diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index cc83d6e6ad..c4fa105747 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -350,7 +350,7 @@ static int dsa_missing_parameters(const EVP_PKEY *pkey) { DSA *dsa; dsa = pkey->pkey.dsa; - if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) + if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) return 1; return 0; } diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 83e208cfe4..b5299950af 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -378,7 +378,7 @@ static int ec_bits(const EVP_PKEY *pkey) static int ec_missing_parameters(const EVP_PKEY *pkey) { - if (EC_KEY_get0_group(pkey->pkey.ec) == NULL) + if (pkey->pkey.ec == NULL || EC_KEY_get0_group(pkey->pkey.ec) == NULL) return 1; return 0; } diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index c0171244d5..545d04fd77 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -130,6 +130,14 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS); goto err; } + + if (!EVP_PKEY_missing_parameters(to)) { + if (EVP_PKEY_cmp_parameters(to, from) == 1) + return 1; + EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS); + return 0; + } + if (from->ameth && from->ameth->param_copy) return from->ameth->param_copy(to, from); err: diff --git a/doc/crypto/EVP_PKEY_cmp.pod b/doc/crypto/EVP_PKEY_cmp.pod index 0ff027c0d5..f8e7ff1039 100644 --- a/doc/crypto/EVP_PKEY_cmp.pod +++ b/doc/crypto/EVP_PKEY_cmp.pod @@ -21,7 +21,9 @@ parameters of B<pkey> are missing and 0 if they are present or the algorithm doesn't use parameters. The function EVP_PKEY_copy_parameters() copies the parameters from key -B<from> to key B<to>. +B<from> to key B<to>. An error is returned if the parameters are missing in +B<from> or present in both B<from> and B<to> and mismatch. If the parameters +in B<from> and B<to> are both present and match this function has no effect. The function EVP_PKEY_cmp_parameters() compares the parameters of keys B<a> and B<b>. |