Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regression: Unable to set EC_KEY private_key to NULL starting in 1.1.1h #18744

Closed
dpirotte opened this issue Jul 7, 2022 · 6 comments
Closed

Regression: Unable to set EC_KEY private_key to NULL starting in 1.1.1h #18744

dpirotte opened this issue Jul 7, 2022 · 6 comments
Labels
branch: master Merge to master branch branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch branch: 3.0 Merge to openssl-3.0 branch good first issue Bite size change that could be a good start triaged: bug The issue/pr is/fixes a bug

Comments

@dpirotte
Copy link

dpirotte commented Jul 7, 2022

OpenSSL 1.1.1h introduces a behavior change wherein one can no longer set an EC_KEY's private_key to NULL.

This behavior changes in 6a01f6f. Based on the original PR (#11127), it appears that this is hardening backported from 3.0.0 that unintentionally introduced a regression.

From 6a01f6f#diff-38a47bf175cde97de2df18870a9ab300366f191a848bdea84def068fe0fde69fR484-R486:

+    tmp_key = BN_dup(priv_key);
+    if (tmp_key == NULL)
+        return 0;

EC_KEY_set_private_key returns early and never sets key->priv_key to NULL.
@dpirotte dpirotte added the issue: bug report The issue was opened to report a bug label Jul 7, 2022
@t8m t8m added triaged: bug The issue/pr is/fixes a bug branch: master Merge to master branch branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch branch: 3.0 Merge to openssl-3.0 branch good first issue Bite size change that could be a good start and removed issue: bug report The issue was opened to report a bug labels Jul 7, 2022
robertohueso added a commit to robertohueso/openssl that referenced this issue Jul 26, 2022
@robertohueso
Fix EC_KEY_set_private_key() early exit
f5892bf 
This allows to set EC_KEY's private key to NULL.

Fixes openssl#18744.
@robertohueso robertohueso mentioned this issue Jul 26, 2022
Closed
@romen
Copy link
Member

romen commented Jul 26, 2022

So, before the patch in #11127, EC_KEY_set_private_key(some_eck, NULL); returned an error but also modified the inner field, which at the time looked like a bug.

Documentation said and says nothing about being allowed to pass NULL and what is the expected behavior.

So, questions for OTC:

  • what do we think is the expected behavior for 1.1.1? which one is the bug, original behavior or the one after hardening of EC/BN hardening backports from #10631 #11127?
  • depending on the answer above, what do we want for 3.0.0?
  • finally what about master?

@romen romen added the hold: need otc decision The OTC needs to make a decision label Jul 26, 2022
@romen
Copy link
Member

romen commented Jul 26, 2022
edited
Loading

Formally my hold is to let OTC evaluate if the original report describes a regression or not.
I am not objecting to fixing it if we deem that it is a regression, but this statement needs more consideration:

OpenSSL 1.1.1h introduces a behavior change wherein one can no longer set an EC_KEY's private_key to NULL.

As far as the public API is defined, passing NULL returns an error code, so one can say that the API before 1.1.1h did not allow the semantic of passing NULL to unset the private key.
In this perspective, letting EC_KEY_set_private_key(some_eck, NULL) unset the private key is a new feature.

On the other hand, if the caller did not check the return value and relied on undocumented inner behavior, one can say this is a regression.

@t-j-h
Copy link
Member

t-j-h commented Jul 26, 2022

All those functions explicitly handle being passed NULL as an argument and set the corresponding value to NULL - that is their intent. It didn't happen by accident.

BN_dup(NULL) returns NULL and that is not an error - as that is what it should do.

Changing long term explicit behaviour like this is one place where things get broken unnecessarily and we should not be backfitting this short of change into a stable release - that was a mistake to backfit it IMHO entirely independent of what you think about what the behaviour should be.

EC_KEY_set_group, EC_KEY_set_private_key, EC_KEY_set_public_key all operate the same way and changing one API out of a set of APIs to behave inconsistently was clearly the wrong choice to be making (for backfit or in any other context).

Someone wanting to make a behaviour change like that should be explicitly flagging that as a separate PR and discussing the context and the scope - not including it in with other changes.

@romen
Copy link
Member

romen commented Jul 26, 2022

I don't disagree with anything you said @t-j-h !

But the previous code was already considering the BN_dup() returning NULL as an error, and returning an error to the caller:

openssl/crypto/ec/ec_key.c

Lines 428 to 429 in b5acbf9

key->priv_key = BN_dup(priv_key);
return (key->priv_key == NULL) ? 0 : 1;

@mattcaswell
Copy link
Member

So, questions for OTC:

OTC: We should revert to the old behaviour on all branches, where passing NULL sets the internal key to NULL and we get a failure result code back

@mattcaswell mattcaswell removed the hold: need otc decision The OTC needs to make a decision label Jul 26, 2022
robertohueso added a commit to robertohueso/openssl that referenced this issue Aug 1, 2022
@robertohueso
Fix EC_KEY_set_private_key() priv_key regression
9f3ae71 
This allows to set EC_KEY's private key to NULL and fixes regression
issue following OTC guideline in
openssl#18744 (comment)

Fixes openssl#18744.
@romen romen linked a pull request Aug 1, 2022 that will close this issue
Fix EC_KEY_set_private_key() NULL private key behavior in 1.1.1 #18874
Closed
robertohueso added a commit to robertohueso/openssl that referenced this issue Aug 2, 2022
@robertohueso
Fix EC_KEY_set_private_key() priv_key regression
5dc4a6a 
This allows to set EC_KEY's private key to NULL and fixes regression
issue following OTC guideline in
openssl#18744 (comment)

Fixes openssl#18744.
@robertohueso robertohueso mentioned this issue Aug 2, 2022
Closed
robertohueso added a commit to robertohueso/openssl that referenced this issue Aug 2, 2022
@robertohueso
Fix EC_KEY_set_private_key() priv_key regression
97d5a77 
This allows to set EC_KEY's private key to NULL and fixes regression
issue following OTC guideline in
openssl#18744 (comment)

Fixes openssl#18744.
@robertohueso robertohueso mentioned this issue Aug 2, 2022
Closed
openssl-machine pushed a commit that referenced this issue Aug 4, 2022
@robertohueso @romen
Fix EC_KEY_set_private_key() priv_key regression
f76cf4d 
This allows to set EC_KEY's private key to NULL and fixes regression
issue following OTC guideline in
#18744 (comment)

Fixes #18744.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from #18941)
openssl-machine pushed a commit that referenced this issue Aug 4, 2022
@robertohueso @romen
Fix EC_KEY_set_private_key() priv_key regression
143d7d4 
This allows to set EC_KEY's private key to NULL and fixes regression
issue following OTC guideline in
#18744 (comment)

Fixes #18744.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from #18874)
@romen
Copy link
Member

romen commented Aug 4, 2022

Thanks @dpirotte for reporting this and @robertohueso for the fix.

The fix has been merged:

@romen romen linked a pull request Aug 4, 2022 that will close this issue
Fix EC_KEY_set_private_key() NULL private key behavior in 3.0 #18941
Closed
JeffroMF pushed a commit to JeffroMF/openssl.1.55555 that referenced this issue Aug 5, 2022
@robertohueso @JeffroMF
Fix EC_KEY_set_private_key() priv_key regression
652125f 
This allows to set EC_KEY's private key to NULL and fixes regression
issue following OTC guideline in
openssl/openssl#18744 (comment)

Fixes #18744.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from openssl/openssl#18942)
sftcd pushed a commit to sftcd/openssl that referenced this issue Sep 24, 2022
@robertohueso @sftcd
Fix EC_KEY_set_private_key() priv_key regression
0dda307 
This allows to set EC_KEY's private key to NULL and fixes regression
issue following OTC guideline in
openssl#18744 (comment)

Fixes openssl#18744.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from openssl#18942)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
branch: master Merge to master branch branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch branch: 3.0 Merge to openssl-3.0 branch good first issue Bite size change that could be a good start triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
5 participants
@dpirotte @romen @t8m @t-j-h @mattcaswell