When asked if an ECX key has parameters we should answer "true"

An ECX key doesn't have any parameters associated with it. Therefore it
always has all the parameters it needs, and the "has" function should
return 1 if asked about parameters. Without this
EVP_PKEY_missing_parameters() fails for ECX keys.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11898)

diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c
index c7a90543f9f97269e7223ec3a3c15ac4c36c9db6..e5c7e8bf3a582f86774be5c8d15257c023940a4a 100644 (file)
--- a/providers/implementations/keymgmt/ecx_kmgmt.c
+++ b/providers/implementations/keymgmt/ecx_kmgmt.c
@@ -101,8 +101,11 @@ static int ecx_has(void *keydata, int selection)
     int ok = 0;
 
     if (key != NULL) {
-        if ((selection & ECX_POSSIBLE_SELECTIONS) != 0)
-            ok = 1;
+        /*
+         * ECX keys always have all the parameters they need (i.e. none).
+         * Therefore we always return with 1, if asked about parameters.
+         */
+        ok = 1;
 
         if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
             ok = ok && key->haspubkey;

diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c
index 4c68f6bc6c11b448c2778e36ce2eed745603e769..ffb56cb3eec50be7b137d1f013075c6106af4459 100644 (file)
--- a/test/evp_pkey_provided_test.c
+++ b/test/evp_pkey_provided_test.c
@@ -855,7 +855,8 @@ static int test_fromdata_ecx(int tst)
         goto err;
 
     if (!TEST_ptr(copy_pk = EVP_PKEY_new())
-        || !TEST_false(EVP_PKEY_copy_parameters(copy_pk, pk)))
+           /* This should succeed because there are no parameters to copy */
+        || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
         goto err;
 
     if (!TEST_true(EVP_PKEY_get_octet_string_param(