You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
63 lines
2.4 KiB
63 lines
2.4 KiB
1 month ago
|
From a4daab0c29bce044d385bdeada177a88c32cba4c Mon Sep 17 00:00:00 2001
|
||
|
From: Tomas Mraz <tomas@openssl.org>
|
||
|
Date: Mon, 17 Jun 2024 16:48:26 +0200
|
||
|
Subject: [PATCH] Fix regression of EVP_PKEY_CTX_add1_hkdf_info() with older
|
||
|
providers
|
||
|
|
||
|
If there is no get_ctx_params() implemented in the key exchange
|
||
|
provider implementation the fallback will not work. Instead
|
||
|
check the gettable_ctx_params() to see if the fallback should be
|
||
|
performed.
|
||
|
|
||
|
Fixes #24611
|
||
|
|
||
|
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
|
||
|
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
|
||
|
(Merged from https://github.com/openssl/openssl/pull/24661)
|
||
|
|
||
|
(cherry picked from commit 663dbc9c9c897392a9f9d18aa9a8400ca024dc5d)
|
||
|
---
|
||
|
crypto/evp/pmeth_lib.c | 11 +++++++++--
|
||
|
1 file changed, 9 insertions(+), 2 deletions(-)
|
||
|
|
||
|
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
|
||
|
index 2caff2cd6d..d15e43be05 100644
|
||
|
--- a/crypto/evp/pmeth_lib.c
|
||
|
+++ b/crypto/evp/pmeth_lib.c
|
||
|
@@ -1026,6 +1026,7 @@ static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback,
|
||
|
int datalen)
|
||
|
{
|
||
|
OSSL_PARAM os_params[2];
|
||
|
+ const OSSL_PARAM *gettables;
|
||
|
unsigned char *info = NULL;
|
||
|
size_t info_len = 0;
|
||
|
size_t info_alloc = 0;
|
||
|
@@ -1049,6 +1050,12 @@ static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback,
|
||
|
return 1;
|
||
|
}
|
||
|
|
||
|
+ /* Check for older provider that doesn't support getting this parameter */
|
||
|
+ gettables = EVP_PKEY_CTX_gettable_params(ctx);
|
||
|
+ if (gettables == NULL || OSSL_PARAM_locate_const(gettables, param) == NULL)
|
||
|
+ return evp_pkey_ctx_set1_octet_string(ctx, fallback, param, op, ctrl,
|
||
|
+ data, datalen);
|
||
|
+
|
||
|
/* Get the original value length */
|
||
|
os_params[0] = OSSL_PARAM_construct_octet_string(param, NULL, 0);
|
||
|
os_params[1] = OSSL_PARAM_construct_end();
|
||
|
@@ -1056,9 +1063,9 @@ static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback,
|
||
|
if (!EVP_PKEY_CTX_get_params(ctx, os_params))
|
||
|
return 0;
|
||
|
|
||
|
- /* Older provider that doesn't support getting this parameter */
|
||
|
+ /* This should not happen but check to be sure. */
|
||
|
if (os_params[0].return_size == OSSL_PARAM_UNMODIFIED)
|
||
|
- return evp_pkey_ctx_set1_octet_string(ctx, fallback, param, op, ctrl, data, datalen);
|
||
|
+ return 0;
|
||
|
|
||
|
info_alloc = os_params[0].return_size + datalen;
|
||
|
if (info_alloc == 0)
|
||
|
--
|
||
|
2.45.1
|
||
|
|