Parameter copy sanity checks.

Don't copy parameters is they're already present in the destination. Return error if an attempt is made to copy different parameters to destination. Update documentation. If key type is not initialised return missing parameters RT#4149 Reviewed-by: N Richard Levitte <levitte@openssl.org>

Parameter copy sanity checks.
Don't copy parameters is they're already present in the destination. Return error if an attempt is made to copy different parameters to destination. Update documentation. If key type is not initialised return missing parameters RT#4149 Reviewed-by: N Richard Levitte <levitte@openssl.org>
f72f00d4 · Dr. Stephen Henson · cc7113e8 · f72f00d4 · f72f00d4 · f72f00d4
5 changed file
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -437,7 +437,7 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)

 static int dh_missing_parameters(const EVP_PKEY *a)
 {
-    if (!a->pkey.dh->p || !a->pkey.dh->g)
+    if (a->pkey.dh == NULL || a->pkey.dh->p == NULL || a->pkey.dh->g == NULL)
        return 1;
    return 0;
 }

--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -266,7 +266,7 @@ static int dsa_missing_parameters(const EVP_PKEY *pkey)
 {
    DSA *dsa;
    dsa = pkey->pkey.dsa;
-    if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+    if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
        return 1;
    return 0;
 }

--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -292,7 +292,7 @@ static int ec_security_bits(const EVP_PKEY *pkey)

 static int ec_missing_parameters(const EVP_PKEY *pkey)
 {
-    if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
+    if (pkey->pkey.ec == NULL || EC_KEY_get0_group(pkey->pkey.ec) == NULL)
        return 1;
    return 0;
 }

--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -84,6 +84,14 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
        EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS);
        goto err;
    }
+
+    if (!EVP_PKEY_missing_parameters(to)) {
+        if (EVP_PKEY_cmp_parameters(to, from) == 1)
+            return 1;
+        EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS);
+        return 0;
+    }
+
    if (from->ameth && from->ameth->param_copy)
        return from->ameth->param_copy(to, from);
 err:

--- a/doc/crypto/EVP_PKEY_cmp.pod
+++ b/doc/crypto/EVP_PKEY_cmp.pod
@@ -21,7 +21,9 @@ parameters of B<pkey> are missing and 0 if they are present or the algorithm
 doesn't use parameters.

 The function EVP_PKEY_copy_parameters() copies the parameters from key
-B<from> to key B<to>.
+B<from> to key B<to>. An error is returned if the parameters are missing in
+B<from> or present in both B<from> and B<to> and mismatch. If the parameters
+in B<from> and B<to> are both present and match this function has no effect.

 The function EVP_PKEY_cmp_parameters() compares the parameters of keys
 B<a> and B<b>.