[openssl] openssl-3.0 update

Richard Levitte levitte at openssl.org
Tue Nov 23 10:43:27 UTC 2021


The branch openssl-3.0 has been updated
       via  8100a59fed1c985a3307c97af12cc8794bd93069 (commit)
       via  b5a4f7f56fc8601c6aadd58a5e22ab1a1954ba5a (commit)
      from  38e2957249c90317a26a080c7e7eb186dd5b6598 (commit)


- Log -----------------------------------------------------------------
commit 8100a59fed1c985a3307c97af12cc8794bd93069
Author: Richard Levitte <levitte at openssl.org>
Date:   Sun Nov 21 09:48:05 2021 +0100

    DOC: OSSL_PARAM_{set,get,construct}_BN() currently only supports nonnegative numbers
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17074)
    
    (cherry picked from commit b33fb68a3230b8fc87f6663212ac3ffae0b361c5)

commit b5a4f7f56fc8601c6aadd58a5e22ab1a1954ba5a
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Nov 19 13:18:34 2021 +0100

    Make OSSL_PARAM_BLD_push_BN{,_pad}() return an error on negative numbers
    
    Adding documentation to that fact as well.
    
    Fixes #17070
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17074)
    
    (cherry picked from commit db65eabefe76e44818ff8bd19c68990e7dcc70d3)

-----------------------------------------------------------------------

Summary of changes:
 crypto/param_build.c        | 6 ++++++
 doc/man3/OSSL_PARAM_BLD.pod | 5 +++++
 doc/man3/OSSL_PARAM_int.pod | 6 ++++++
 3 files changed, 17 insertions(+)

diff --git a/crypto/param_build.c b/crypto/param_build.c
index e64deaa88f..eaece0026d 100644
--- a/crypto/param_build.c
+++ b/crypto/param_build.c
@@ -204,6 +204,12 @@ int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key,
     OSSL_PARAM_BLD_DEF *pd;
 
     if (bn != NULL) {
+        if (BN_is_negative(bn)) {
+            ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_UNSUPPORTED,
+                           "Negative big numbers are unsupported for OSSL_PARAM");
+            return 0;
+        }
+
         n = BN_num_bytes(bn);
         if (n < 0) {
             ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_ZERO_LENGTH_NUMBER);
diff --git a/doc/man3/OSSL_PARAM_BLD.pod b/doc/man3/OSSL_PARAM_BLD.pod
index d07eff6f27..114ce44489 100644
--- a/doc/man3/OSSL_PARAM_BLD.pod
+++ b/doc/man3/OSSL_PARAM_BLD.pod
@@ -124,6 +124,11 @@ on error.
 All of the OSSL_PARAM_BLD_push_TYPE functions return 1 on success and 0
 on error.
 
+=head1 NOTES
+
+OSSL_PARAM_BLD_push_BN() and OSSL_PARAM_BLD_push_BN_pad() currently only
+support nonnegative B<BIGNUM>s.  They return an error on negative B<BIGNUM>s.
+
 =head1 EXAMPLES
 
 Both examples creating an OSSL_PARAM array that contains an RSA key.
diff --git a/doc/man3/OSSL_PARAM_int.pod b/doc/man3/OSSL_PARAM_int.pod
index 69b723d348..9ca725d120 100644
--- a/doc/man3/OSSL_PARAM_int.pod
+++ b/doc/man3/OSSL_PARAM_int.pod
@@ -331,6 +331,12 @@ representable by the target type or parameter.
 Apart from that, the functions must be used appropriately for the
 expected type of the parameter.
 
+OSSL_PARAM_get_BN() and OSSL_PARAM_set_BN() currently only support
+nonnegative B<BIGNUM>s, and by consequence, only
+B<OSSL_PARAM_UNSIGNED_INTEGER>.  OSSL_PARAM_construct_BN() currently
+constructs an B<OSSL_PARAM> structure with the data type
+B<OSSL_PARAM_UNSIGNED_INTEGER>.
+
 For OSSL_PARAM_construct_utf8_ptr() and OSSL_PARAM_consstruct_octet_ptr(),
 I<bsize> is not relevant if the purpose is to send the B<OSSL_PARAM> array
 to a I<responder>, i.e. to get parameter data back.


More information about the openssl-commits mailing list