Google Git
Sign in
boringssl/boringssl/6b785f6e07189d56c3dd15f9de3b7fc9b61f0e31^!/.
commit
6b785f6e07189d56c3dd15f9de3b7fc9b61f0e31
[log]
author
David Benjamin <davidben@google.com>
Fri Nov 11 14:19:22 2022 +0000
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Fri Nov 11 17:16:57 2022 +0000
tree
49b85bd99e86041895a56293db3b05ced3b1175e
parent
b2536a2c6234496ef609e7c909936bbf828dac6d [diff]
Allow EVP_PKEY_copy_parameters into an untyped EVP_PKEY.

I missed this in
https://boringssl-review.googlesource.com/c/boringssl/+/54905.
Upstream's 2986ecdc08016de978f1134315623778420b51e5 also made copying
into EVP_PKEY_NONE allowed.

For those keeping score, this gives us *even more* layers of empty
states:

- EVP_PKEY with no type
- EVP_PKEY with type but no key
- EVP_PKEY with type and EC_KEY but EC_KEY is empty
- EVP_PKEY with type and EC_KEY and EC_KEY only has a group

To say nothing of the states in https://crbug.com/boringssl/534. This
API is not good.

Bug: b:238920520
Change-Id: I49e85af5b02b16724454999ccb7c61b520d8c99c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55165
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>

diff --git a/crypto/evp/evp.c b/crypto/evp/evp.c
index e982af7..4878e2e 100644
--- a/crypto/evp/evp.c
+++ b/crypto/evp/evp.c

@@ -153,21 +153,24 @@
 }
 
 int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) {
-  if (to->type != from->type) {
+  if (to->type == EVP_PKEY_NONE) {
+    if (!EVP_PKEY_set_type(to, from->type)) {
+      return 0;
+    }
+  } else if (to->type != from->type) {
     OPENSSL_PUT_ERROR(EVP, EVP_R_DIFFERENT_KEY_TYPES);
-    goto err;
+    return 0;
   }
 
   if (EVP_PKEY_missing_parameters(from)) {
     OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS);
-    goto err;
+    return 0;
   }
 
   if (from->ameth && from->ameth->param_copy) {
     return from->ameth->param_copy(to, from);
   }
 
-err:
   return 0;
 }
 

diff --git a/crypto/evp/evp_extra_test.cc b/crypto/evp/evp_extra_test.cc
index e192406..215a6c2 100644
--- a/crypto/evp/evp_extra_test.cc
+++ b/crypto/evp/evp_extra_test.cc

@@ -1132,12 +1132,13 @@
 
     bssl::UniquePtr<EVP_PKEY> from_encoded_point(EVP_PKEY_new());
     ASSERT_TRUE(from_encoded_point);
-    ASSERT_TRUE(EVP_PKEY_set_type(from_encoded_point.get(), test.pkey_type));
     if (test.pkey_type == EVP_PKEY_EC) {
       // |EVP_PKEY_EC| should have been |EVP_PKEY_EC_P256|, etc., but instead
       // part of the type is buried inside parameters.
       ASSERT_TRUE(
           EVP_PKEY_copy_parameters(from_encoded_point.get(), from_spki.get()));
+    } else {
+      ASSERT_TRUE(EVP_PKEY_set_type(from_encoded_point.get(), test.pkey_type));
     }
     ASSERT_TRUE(EVP_PKEY_set1_tls_encodedpoint(from_encoded_point.get(),
                                                test.encoded_point.data(),