openssl/0123-kdf-Preserve-backward-compatibility-with-older-provi.patch
Daiki Ueno d53f31aa80 Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers
Resolves: RHEL-40823
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-06-12 20:19:44 +09:00

34 lines
1.2 KiB
Diff

From 34a709e89e0c43928d9353aca1fb0c82aaa7e6ab Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 12 Jun 2024 20:14:04 +0900
Subject: [PATCH] kdf: Preserve backward compatibility with older providers
Suggested in:
https://github.com/openssl/openssl/issues/24611#issuecomment-2162560293
---
crypto/evp/pmeth_lib.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 015f756..e776ea5 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -1068,8 +1068,13 @@ static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback,
os_params[0] = OSSL_PARAM_construct_octet_string(param, NULL, 0);
os_params[1] = OSSL_PARAM_construct_end();
- if (!EVP_PKEY_CTX_get_params(ctx, os_params))
+ if (!EVP_PKEY_CTX_get_params(ctx, os_params)) {
+ if (EVP_PKEY_CTX_gettable_params(ctx) == NULL) {
+ /* Older provider that doesn't support gettable parameters */
+ return evp_pkey_ctx_set1_octet_string(ctx, fallback, param, op, ctrl, data, datalen);
+ }
return 0;
+ }
/* Older provider that doesn't support getting this parameter */
if (os_params[0].return_size == OSSL_PARAM_UNMODIFIED)
--
2.45.1