[openssl] master update

patrick.steuer at de.ibm.com patrick.steuer at de.ibm.com
Sun Nov 3 10:20:32 UTC 2019 

The branch master has been updated
       via  909ef4de3187b752710b7ae69b6df5df51251600 (commit)
       via  2c99372dbdab23726327777f36e2cbc0a1af0873 (commit)
       via  0f73e719c6ca6c2e955e6c08a3ab171642dc2dc0 (commit)
      from  2321c25dec8402c4bd48bac0edd3c2ef1ee4b6ad (commit)


- Log -----------------------------------------------------------------
commit 909ef4de3187b752710b7ae69b6df5df51251600
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Nov 1 22:58:27 2019 +0100

    doc/man3/OSSL_PARAM.pod: Clarify return_size with integer types
    
    Reviewed-by: Patrick Steuer <patrick.steuer at de.ibm.com>
    (Merged from https://github.com/openssl/openssl/pull/10326)

commit 2c99372dbdab23726327777f36e2cbc0a1af0873
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Nov 1 22:18:38 2019 +0100

    test/params_api_test.c: Correct the checks of OSSL_PARAM_set_BN()
    
    Now, the returned size check matches the check made for all other
    integer types.
    
    Reviewed-by: Patrick Steuer <patrick.steuer at de.ibm.com>
    (Merged from https://github.com/openssl/openssl/pull/10326)

commit 0f73e719c6ca6c2e955e6c08a3ab171642dc2dc0
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Nov 1 20:44:14 2019 +0100

    Fix OSSL_PARAM_set_BN() to fill the given buffer correctly.
    
    OSSL_PARAM_set_BN() filled the buffer from the left with as many bytes
    as that the BIGNUM takes, regardless of buffer size or native
    endianness.  This was due to BN_bn2nativepad() being given the size of
    the BIGNUM rather than the size of the buffer (which meant it never
    had to pad anything).
    
    The fix is to given BN_bn2nativepad() the size of the buffer instead.
    This aligns well with the corresponding _set_ functions for native
    integer types work.
    
    Reviewed-by: Patrick Steuer <patrick.steuer at de.ibm.com>
    (Merged from https://github.com/openssl/openssl/pull/10326)

-----------------------------------------------------------------------

Summary of changes:
 crypto/params.c         |  7 +++++--
 doc/man3/OSSL_PARAM.pod | 24 ++++++++++++++++++------
 test/params_api_test.c  |  2 +-
 3 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/crypto/params.c b/crypto/params.c
index b2ceb13278..0cd13e3b81 100644
--- a/crypto/params.c
+++ b/crypto/params.c
@@ -640,8 +640,11 @@ int OSSL_PARAM_set_BN(OSSL_PARAM *p, const BIGNUM *val)
     p->return_size = bytes;
     if (p->data == NULL)
         return 1;
-    return p->data_size >= bytes
-        && BN_bn2nativepad(val, p->data, bytes) >= 0;
+    if (p->data_size >= bytes) {
+        p->return_size = p->data_size;
+        return BN_bn2nativepad(val, p->data, p->data_size) >= 0;
+    }
+    return 0;
 }
 
 OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf,
diff --git a/doc/man3/OSSL_PARAM.pod b/doc/man3/OSSL_PARAM.pod
index df532b4264..cd7d41006b 100644
--- a/doc/man3/OSSL_PARAM.pod
+++ b/doc/man3/OSSL_PARAM.pod
@@ -100,10 +100,12 @@ accepted, otherwise it specifies the maximum size allowed.
 =item I<return_size>
 
 When an array of B<OSSL_PARAM> is used to request data, the
-I<responder> must set this field to indicate the actual size of the
-parameter data.
-In case the I<data_size> is too small for the data, the I<responder>
-must still set this field to indicate the minimum data size required.
+I<responder> must set this field to indicate size of the parameter
+data, including padding as the case may be.
+In case the I<data_size> is an unsuitable size for the data, the
+I<responder> must still set this field to indicate the minimum data
+size required.
+(further notes on this in L</NOTES> below).
 
 When the B<OSSL_PARAM> is used as a parameter descriptor,
 I<return_size> should be ignored.
@@ -238,8 +240,18 @@ B<OSSL_PARAM_OCTET_STRING>), but this is in no way mandatory.
 
 If a I<responder> finds that some data sizes are too small for the
 requested data, it must set I<return_size> for each such
-B<OSSL_PARAM> item to the required size, and eventually return an
-error.
+B<OSSL_PARAM> item to the minimum required size, and eventually return
+an error.
+
+=item *
+
+For the integer type parameters (B<OSSL_PARAM_UNSIGNED_INTEGER> and
+B<OSSL_PARAM_INTEGER>), a I<responder> may choose to return an error
+if the I<data_size> isn't a suitable size (even if I<data_size> is
+bigger than needed).  If the I<responder> finds the size suitable, it
+must fill all I<data_size> bytes and ensure correct padding for the
+native endianness, and set I<return_size> to the same value as
+I<data_size>.
 
 =back
 
diff --git a/test/params_api_test.c b/test/params_api_test.c
index 616035ecc4..c403f39abd 100644
--- a/test/params_api_test.c
+++ b/test/params_api_test.c
@@ -548,7 +548,7 @@ static int test_param_construct(void)
     if (!TEST_ptr(cp = OSSL_PARAM_locate(params, "bignum"))
         || !TEST_ptr(bn = BN_lebin2bn(bn_val, (int)sizeof(bn_val), NULL))
         || !TEST_true(OSSL_PARAM_set_BN(cp, bn))
-        || !TEST_size_t_eq(cp->return_size, sizeof(bn_val)))
+        || !TEST_size_t_eq(cp->data_size, cp->return_size))
         goto err;
     /* Match the return size to avoid trailing garbage bytes */
     cp->data_size = cp->return_size;

More information about the openssl-commits mailing list