New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix bug in scrypt KDF provider dup method #17873
Conversation
The scrypt KDF provider's dup method calls kdf_scrypt_new passing a libctx, but a provider context is expected. Since the provider context is passed as void *, this was not caught.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this somehow reasonably easily testable? If not, I am ok approving it without a test.
@t8m I was just thinking about this. The dup operation is actually already exercised in test_evp and it's thanks to that that this was caught; refactoring libctx somehow caused this to be exposed in the test suite. Maybe the struct layouts of the different structures happened to align that it somehow worked. Since dup is already tested I'm not sure adding more tests for it would have helped. |
24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually. |
The scrypt KDF provider's dup method calls kdf_scrypt_new passing a libctx, but a provider context is expected. Since the provider context is passed as void *, this was not caught. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #17873)
It seems this has been merged, so closing. |
The scrypt KDF provider's dup method calls kdf_scrypt_new passing a libctx, but a provider context is expected. Since the provider context is passed as void *, this was not caught. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#17873) (cherry picked from commit e04c2c0)
The scrypt KDF provider's dup method calls kdf_scrypt_new passing a libctx, but a provider context is expected. Since the provider context is passed as void *, this was not caught. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#17873) (cherry picked from commit e04c2c0)
The scrypt KDF provider's dup method calls kdf_scrypt_new passing a libctx, but a provider context is expected. Since the provider context is passed as void *, this was not caught. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#17873) (cherry picked from commit e04c2c0)
The scrypt KDF provider's dup method calls kdf_scrypt_new passing a libctx, but a provider context is expected. Since the provider context is passed as void *, this was not caught. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #17873) (cherry picked from commit e04c2c0)
The scrypt KDF provider's dup method calls kdf_scrypt_new passing a libctx, but a provider context is expected. Since the provider context is passed as void *, this was not caught.
Discovered while refactoring libctx.
This method was not implemented for scrypt in 3.0, so not applicable to it.