Fix FFC mdprop setting bugs.

Coverage testing showed that ossl_ffc_params_fromdata() was not setting OSSL_PKEY_PARAM_FFC_DIGEST_PROPS. Adding a negative test also showed that ossl_ffc_params_copy() did not do a shallow copy of the digest or digest property. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20385)
2025-02-17 14:32:04 +08:00 · 2023-02-27 16:35:41 +10:00 · 2023-02-27 16:35:41 +10:00 · 3307338e26
commit 3307338e26
parent 5f820bd753
3 changed files with 46 additions and 0 deletions
--- a/crypto/ffc/ffc_backend.c
+++ b/crypto/ffc/ffc_backend.c
@ -111,6 +111,7 @@ int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[])
        if (p1 != NULL) {
            if (p1->data_type != OSSL_PARAM_UTF8_STRING)
                goto err;
+            props = p1->data;
        }
        if (!ossl_ffc_set_digest(ffc, prm->data, props))
            goto err;
--- a/crypto/ffc/ffc_params.c
+++ b/crypto/ffc/ffc_params.c
@ -182,6 +182,8 @@ int ossl_ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src)
        || !ffc_bn_cpy(&dst->j, src->j))
        return 0;

+    dst->mdname = src->mdname;
+    dst->mdprops = src->mdprops;
    OPENSSL_free(dst->seed);
    dst->seedlen = src->seedlen;
    if (src->seed != NULL) {
--- a/test/evp_extra_test2.c
+++ b/test/evp_extra_test2.c
@ -387,6 +387,7 @@ static int test_dh_paramgen(void)
    EVP_PKEY_free(pkey);
    return ret;
 }
+
 #endif

 #ifndef OPENSSL_NO_EC
@ -1003,6 +1004,47 @@ err:
    OSSL_PARAM_free(to_params);
    return ret;
 }
+
+/*
+ * Test that OSSL_PKEY_PARAM_FFC_DIGEST_PROPS is set properly when using fromdata
+ * This test:
+ *   checks for failure when the property query is bad (tstid == 0)
+ *   checks for success when the property query is valid (tstid == 1)
+ */
+static int test_dsa_fromdata_digest_prop(int tstid)
+{
+    EVP_PKEY_CTX *ctx = NULL, *gctx = NULL;
+    EVP_PKEY *pkey = NULL,  *pkey2 = NULL;
+    OSSL_PARAM params[4], *p = params;
+    int ret = 0;
+    int expected = (tstid == 0 ? 0 : 1);
+    unsigned int pbits = 512; /* minimum allowed for speed */
+
+    *p++ = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_PBITS, &pbits);
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, "SHA512", 0);
+    /* Setting a bad prop query here should fail during paramgen - when it tries to do a fetch */
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS,
+                                            tstid == 0 ? "provider=unknown" : "provider=default", 0);
+    *p++ = OSSL_PARAM_construct_end();
+
+    if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(mainctx, "DSA", NULL))
+        || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
+        || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params), 1))
+        goto err;
+
+    if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_pkey(mainctx, pkey, NULL))
+        || !TEST_int_eq(EVP_PKEY_paramgen_init(gctx), 1)
+        || !TEST_int_eq(EVP_PKEY_paramgen(gctx, &pkey2), expected))
+        goto err;
+
+    ret = 1;
+err:
+    EVP_PKEY_free(pkey2);
+    EVP_PKEY_free(pkey);
+    EVP_PKEY_CTX_free(ctx);
+    EVP_PKEY_CTX_free(gctx);
+    return ret;
+}
 #endif /* OPENSSL_NO_DSA */

 static int test_pkey_todata_null(void)
@ -1200,6 +1242,7 @@ int setup_tests(void)
 #ifndef OPENSSL_NO_DSA
    ADD_TEST(test_dsa_todata);
    ADD_TEST(test_dsa_tofrom_data_select);
+    ADD_ALL_TESTS(test_dsa_fromdata_digest_prop, 2);
 #endif
 #ifndef OPENSSL_NO_DH
    ADD_TEST(test_dh_tofrom_data_select);