Bugfixes for params to legacy control translations for EC parameters

param->ctrl translation: Fix fix_ecdh_cofactor() In POST_PARAMS_TO_CTRL state the fix_ecdh_cofactor() function should return value in ctx->p1 param->ctrl translation: fix evp_pkey_ctx_setget_params_to_ctrl return Since some of the ctrl operations may return 0 as valid value (e.g. ecdh_cofactor value 0 is valid setting), before colling POST_PARAMS_TO_CTRL, we need to check return value for 0 as well otherwise the evp_pkey_ctx_setget_params_to_ctrl function fails without a chance to fix the return value param->ctrl translation: Set ecdh_cofactor default action_type GET Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22587)
2023-11-01 13:18:14 +02:00 · 2023-11-01 13:18:14 +02:00 · 2aaef03339
parent 85a52f7292
commit 2aaef03339
1 changed files with 11 additions and 1 deletions
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@ -1208,6 +1208,8 @@ static int fix_ecdh_cofactor(enum state state,
        /* The initial value for |ctx->action_type| must not be zero. */
        if (!ossl_assert(ctx->action_type != NONE))
            return 0;
+    } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == NONE) {
+        ctx->action_type = GET;
    }

    if ((ret = default_check(state, translation, ctx)) <= 0)
@ -1233,6 +1235,8 @@ static int fix_ecdh_cofactor(enum state state,
        }
    } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) {
        ctx->p1 = -2;
+    } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET) {
+        ctx->p1 = ret;
    }

    return ret;
@ -2868,8 +2872,14 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
        /*
         * In POST, we pass the return value as p1, allowing the fixup_args
         * function to put it to good use, or maybe affect it.
+         *
+         * NOTE: even though EVP_PKEY_CTX_ctrl return value is documented
+         * as return positive on Success and 0 or negative on falure. There
+         * maybe parameters (e.g. ecdh_cofactor), which actually return 0
+         * as success value. That is why we do POST_PARAMS_TO_CTRL for 0
+         * value as well
         */
-        if (ret > 0) {
+        if (ret >= 0) {
            ctx.p1 = ret;
            fixup(POST_PARAMS_TO_CTRL, translation, &ctx);
            ret = ctx.p1;