1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
Fix EVP_PKEY_CTX_get_rsa_pss_saltlen, and also disable the tests in non-default
context (required when backporting, not needed with 3.0.1).
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@arm.com>
From 6b5c02f6173e5fd46a3685e676fcb5eee9ac43ea Mon Sep 17 00:00:00 2001
From: Tom Cosgrove <tom.cosgrove@arm.com>
Date: Thu, 25 Nov 2021 15:49:26 +0000
Subject: [PATCH] Fix EVP_PKEY_CTX_get_rsa_pss_saltlen() not returning a value
When an integer value was specified, it was not being passed back via
the orig_p2 weirdness.
Regression test included.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17136)
---
crypto/evp/ctrl_params_translate.c | 12 +++++++-----
test/evp_extra_test.c | 30 ++++++++++++++++++++++++++++++
2 files changed, 37 insertions(+), 5 deletions(-)
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
index 88945e13e6..6638209a8d 100644
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -1379,21 +1379,23 @@ static int fix_rsa_pss_saltlen(enum state state,
if ((ctx->action_type == SET && state == PRE_PARAMS_TO_CTRL)
|| (ctx->action_type == GET && state == POST_CTRL_TO_PARAMS)) {
size_t i;
+ int val;
for (i = 0; i < OSSL_NELEM(str_value_map); i++) {
if (strcmp(ctx->p2, str_value_map[i].ptr) == 0)
break;
}
- if (i == OSSL_NELEM(str_value_map)) {
- ctx->p1 = atoi(ctx->p2);
- } else if (state == POST_CTRL_TO_PARAMS) {
+
+ val = i == OSSL_NELEM(str_value_map) ? atoi(ctx->p2)
+ : (int)str_value_map[i].id;
+ if (state == POST_CTRL_TO_PARAMS) {
/*
* EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN weirdness explained further
* up
*/
- *(int *)ctx->orig_p2 = str_value_map[i].id;
+ *(int *)ctx->orig_p2 = val;
} else {
- ctx->p1 = (int)str_value_map[i].id;
+ ctx->p1 = val;
}
ctx->p2 = NULL;
}
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 83f8902d24..9ad37a2bce 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -3049,6 +3049,35 @@ static int test_EVP_rsa_pss_with_keygen_bits(void)
return ret;
}
+static int test_EVP_rsa_pss_set_saltlen(void)
+{
+ int ret = 0;
+ EVP_PKEY *pkey = NULL;
+ EVP_PKEY_CTX *pkey_ctx = NULL;
+ EVP_MD *sha256 = NULL;
+ EVP_MD_CTX *sha256_ctx = NULL;
+ int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
+ const int test_value = 32;
+
+ if (nullprov != NULL)
+ return TEST_skip("Test does not support a non-default library context");
+
+ ret = TEST_ptr(pkey = load_example_rsa_key())
+ && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
+ && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
+ && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
+ && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
+ && TEST_true(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value))
+ && TEST_true(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen))
+ && TEST_int_eq(saltlen, test_value);
+
+ EVP_MD_CTX_free(sha256_ctx);
+ EVP_PKEY_free(pkey);
+ EVP_MD_free(sha256);
+
+ return ret;
+}
+
static int success = 1;
static void md_names(const char *name, void *vctx)
{
@@ -3966,6 +3995,7 @@ int setup_tests(void)
ADD_ALL_TESTS(test_evp_iv_des, 6);
#endif
ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
+ ADD_TEST(test_EVP_rsa_pss_set_saltlen);
#ifndef OPENSSL_NO_EC
ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
#endif
--
2.25.1
|
