Allow EVP_PKEY_copy_parameters into an untyped EVP_PKEY.
I missed this in
https://boringssl-review.googlesource.com/c/boringssl/+/54905.
Upstream's 2986ecdc08016de978f1134315623778420b51e5 also made copying
into EVP_PKEY_NONE allowed.
For those keeping score, this gives us *even more* layers of empty
states:
- EVP_PKEY with no type
- EVP_PKEY with type but no key
- EVP_PKEY with type and EC_KEY but EC_KEY is empty
- EVP_PKEY with type and EC_KEY and EC_KEY only has a group
To say nothing of the states in https://crbug.com/boringssl/534. This
API is not good.
Bug: b:238920520
Change-Id: I49e85af5b02b16724454999ccb7c61b520d8c99c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55165
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
diff --git a/crypto/evp/evp.c b/crypto/evp/evp.c
index e982af7..4878e2e 100644
--- a/crypto/evp/evp.c
+++ b/crypto/evp/evp.c
@@ -153,21 +153,24 @@
}
int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) {
- if (to->type != from->type) {
+ if (to->type == EVP_PKEY_NONE) {
+ if (!EVP_PKEY_set_type(to, from->type)) {
+ return 0;
+ }
+ } else if (to->type != from->type) {
OPENSSL_PUT_ERROR(EVP, EVP_R_DIFFERENT_KEY_TYPES);
- goto err;
+ return 0;
}
if (EVP_PKEY_missing_parameters(from)) {
OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS);
- goto err;
+ return 0;
}
if (from->ameth && from->ameth->param_copy) {
return from->ameth->param_copy(to, from);
}
-err:
return 0;
}
diff --git a/crypto/evp/evp_extra_test.cc b/crypto/evp/evp_extra_test.cc
index e192406..215a6c2 100644
--- a/crypto/evp/evp_extra_test.cc
+++ b/crypto/evp/evp_extra_test.cc
@@ -1132,12 +1132,13 @@
bssl::UniquePtr<EVP_PKEY> from_encoded_point(EVP_PKEY_new());
ASSERT_TRUE(from_encoded_point);
- ASSERT_TRUE(EVP_PKEY_set_type(from_encoded_point.get(), test.pkey_type));
if (test.pkey_type == EVP_PKEY_EC) {
// |EVP_PKEY_EC| should have been |EVP_PKEY_EC_P256|, etc., but instead
// part of the type is buried inside parameters.
ASSERT_TRUE(
EVP_PKEY_copy_parameters(from_encoded_point.get(), from_spki.get()));
+ } else {
+ ASSERT_TRUE(EVP_PKEY_set_type(from_encoded_point.get(), test.pkey_type));
}
ASSERT_TRUE(EVP_PKEY_set1_tls_encodedpoint(from_encoded_point.get(),
test.encoded_point.data(),