Parameter copy sanity checks.

Don't copy parameters is they're already present in the destination. Return error if an attempt is made to copy different parameters to destination. Update documentation. If key type is not initialised return missing parameters RT#4149 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-27 14:18:40 +01:00 · 2016-05-27 14:18:40 +01:00 · f72f00d495
commit f72f00d495
parent cc7113e8de
5 changed files with 14 additions and 4 deletions
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@ -437,7 +437,7 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)

 static int dh_missing_parameters(const EVP_PKEY *a)
 {
-    if (!a->pkey.dh->p || !a->pkey.dh->g)
+    if (a->pkey.dh == NULL || a->pkey.dh->p == NULL || a->pkey.dh->g == NULL)
        return 1;
    return 0;
 }
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@ -266,7 +266,7 @@ static int dsa_missing_parameters(const EVP_PKEY *pkey)
 {
    DSA *dsa;
    dsa = pkey->pkey.dsa;
-    if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+    if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
        return 1;
    return 0;
 }
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@ -292,7 +292,7 @@ static int ec_security_bits(const EVP_PKEY *pkey)

 static int ec_missing_parameters(const EVP_PKEY *pkey)
 {
-    if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
+    if (pkey->pkey.ec == NULL || EC_KEY_get0_group(pkey->pkey.ec) == NULL)
        return 1;
    return 0;
 }
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@ -84,6 +84,14 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
        EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS);
        goto err;
    }
+
+    if (!EVP_PKEY_missing_parameters(to)) {
+        if (EVP_PKEY_cmp_parameters(to, from) == 1)
+            return 1;
+        EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS);
+        return 0;
+    }
+
    if (from->ameth && from->ameth->param_copy)
        return from->ameth->param_copy(to, from);
 err:
--- a/doc/crypto/EVP_PKEY_cmp.pod
+++ b/doc/crypto/EVP_PKEY_cmp.pod
@ -21,7 +21,9 @@ parameters of B<pkey> are missing and 0 if they are present or the algorithm
 doesn't use parameters.

 The function EVP_PKEY_copy_parameters() copies the parameters from key
-B<from> to key B<to>.
+B<from> to key B<to>. An error is returned if the parameters are missing in
+B<from> or present in both B<from> and B<to> and mismatch. If the parameters
+in B<from> and B<to> are both present and match this function has no effect.

 The function EVP_PKEY_cmp_parameters() compares the parameters of keys
 B<a> and B<b>.