Skip to content

OSSL_PARAM_BLD_push_octet_*(): Allow NULL buffer with 0 bsize#30730

Closed
t8m wants to merge 2 commits intoopenssl:masterfrom
t8m:parambld-push-null
Closed

OSSL_PARAM_BLD_push_octet_*(): Allow NULL buffer with 0 bsize#30730
t8m wants to merge 2 commits intoopenssl:masterfrom
t8m:parambld-push-null

Conversation

@t8m
Copy link
Copy Markdown
Member

@t8m t8m commented Apr 8, 2026

Fixes #30728

@t8m t8m added branch: master Applies to master branch triaged: bug The issue/pr is/fixes a bug severity: regression The issue/pr is a regression from previous released version tests: present The PR has suitable tests present branch: 3.3 Applies to openssl-3.3 (EOL) branch: 3.4 Applies to openssl-3.4 branch: 3.5 Applies to openssl-3.5 branch: 3.6 Applies to openssl-3.6 branch: 4.0 Applies to openssl-4.0 labels Apr 8, 2026
@t8m
Copy link
Copy Markdown
Member Author

t8m commented Apr 8, 2026

However, it is debatable if this is what we want to support. Please note that OSSL_PARAM_get_octet_string() will fail on such param.

@paulidale @slontis @mattcaswell Opinions?

@t8m t8m added the approval: review pending This pull request needs review by a committer label Apr 8, 2026
@t8m t8m mentioned this pull request Apr 8, 2026
Closed
@t8m t8m force-pushed the parambld-push-null branch from 8209eb1 to e017351 Compare April 8, 2026 15:43
@t8m t8m closed this Apr 8, 2026
@t8m t8m reopened this Apr 8, 2026
xnox
xnox reviewed Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@xnox xnox left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In Wolfi, we applied a similar fix already. So approved.

Also would be appreciated to backport this to 3.6 and 3.5 series, once it lands.

@t8m t8m force-pushed the parambld-push-null branch from e017351 to 03ce2ee Compare April 8, 2026 17:03
@github-actions github-actions Bot added the severity: fips change The pull request changes FIPS provider sources label Apr 8, 2026
paulidale
paulidale previously approved these changes Apr 8, 2026
View reviewed changes
Comment thread crypto/param_build.c
@paulidale paulidale dismissed their stale review April 8, 2026 23:22

Don't know why I approved since I already knew of the test failures...

slontis
slontis reviewed Apr 9, 2026
View reviewed changes
Comment thread crypto/param_build.c
int secure;

if (bld == NULL || key == NULL || buf == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
Copy link
Copy Markdown
Member

@slontis slontis Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to cater for empty strings? (I assume not??)

Copy link
Copy Markdown
Member Author

@t8m t8m Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Empty string still has NUL.

We currently crash if bsize is 0 for UTF8 strings/ptrs.

xnox
xnox reviewed Apr 9, 2026
View reviewed changes
Comment thread crypto/param_build.c
slontis
slontis reviewed Apr 9, 2026
View reviewed changes
Comment thread crypto/param_build.c
int secure;

if (bld == NULL || key == NULL || buf == NULL) {
if (bld == NULL || key == NULL || (buf == NULL && bsize != 0)) {
Copy link
Copy Markdown
Member

@slontis slontis Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change looks ok to me...
It wont alloc any blocks and will correctly set the param to be data=NULL, data_size=0

@t8m
Copy link
Copy Markdown
Member Author

t8m commented Apr 9, 2026

Fixed the test failure. @paulidale @slontis please re-review

@t8m t8m requested review from a team, paulidale and slontis April 9, 2026 09:04
@openssl-machine openssl-machine added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Apr 9, 2026
@esyr esyr removed the branch: 3.3 Applies to openssl-3.3 (EOL) label Apr 10, 2026
@openssl-machine openssl-machine removed the approval: done This pull request has the required number of approvals label Apr 11, 2026
@openssl-machine
Copy link
Copy Markdown
Collaborator

openssl-machine commented Apr 11, 2026

This pull request is ready to merge

@openssl-machine openssl-machine added the approval: ready to merge The 24 hour grace period has passed, ready to merge label Apr 11, 2026
esyr
esyr approved these changes Apr 11, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@esyr esyr left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, provided the OSSL_PARAM_BLD_push_utf8_ptr change gets mentioned in the commit message, along with a reasoning for it.

Comment thread crypto/param_build.c
OSSL_PARAM_BLD_DEF *pd;

if (bld == NULL || key == NULL) {
if (bld == NULL || key == NULL || buf == NULL) {
Copy link
Copy Markdown
Member

@esyr esyr Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change is mentioned neither in PR description nor in commit message.

@npajkovsky npajkovsky added this to the 4.0.0 Final Release milestone Apr 13, 2026
openssl-machine pushed a commit that referenced this pull request Apr 13, 2026
@t8m @nikolapajkovsky
OSSL_PARAM_BLD_push_octet_*(): Allow NULL buffer with 0 bsize
0463cbf 
Fixes #30728

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Mon Apr 13 07:47:44 2026
(Merged from #30730)
openssl-machine pushed a commit that referenced this pull request Apr 13, 2026
@t8m @nikolapajkovsky
OSSL_PARAM_BLD_push_octet_*(): Allow NULL buffer with 0 bsize
fd4ad98 
Fixes #30728

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Mon Apr 13 07:52:19 2026
(Merged from #30730)
openssl-machine pushed a commit that referenced this pull request Apr 13, 2026
@t8m @nikolapajkovsky
OSSL_PARAM_BLD_push_octet_*(): Allow NULL buffer with 0 bsize
8a2c2b6 
Fixes #30728

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Mon Apr 13 07:55:02 2026
(Merged from #30730)
openssl-machine pushed a commit that referenced this pull request Apr 13, 2026
@t8m @nikolapajkovsky
OSSL_PARAM_BLD_push_octet_*(): Allow NULL buffer with 0 bsize
55ac142 
Fixes #30728

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Mon Apr 13 07:58:25 2026
(Merged from #30730)
@npajkovsky
Copy link
Copy Markdown

npajkovsky commented Apr 13, 2026

Thank you. Pushed to master, openssl-4.0, openssl-3.6, openssl-3.5, and openssl-3.4.

@npajkovsky npajkovsky closed this Apr 13, 2026
openssl-machine pushed a commit that referenced this pull request Apr 13, 2026
@t8m @nikolapajkovsky
OSSL_PARAM_BLD_push_octet_*(): Allow NULL buffer with 0 bsize
3c6a0e0 
Fixes #30728

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Mon Apr 13 08:22:04 2026
(Merged from #30730)
This was referenced Apr 13, 2026
Closed
Closed
Closed
@donoghuc donoghuc mentioned this pull request Apr 16, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@esyr esyr esyr approved these changes

@paulidale paulidale paulidale approved these changes

@slontis slontis slontis approved these changes

+1 more reviewer

@xnox xnox xnox left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

approval: ready to merge The 24 hour grace period has passed, ready to merge branch: master Applies to master branch branch: 3.4 Applies to openssl-3.4 branch: 3.5 Applies to openssl-3.5 branch: 3.6 Applies to openssl-3.6 branch: 4.0 Applies to openssl-4.0 severity: fips change The pull request changes FIPS provider sources severity: regression The issue/pr is a regression from previous released version tests: present The PR has suitable tests present triaged: bug The issue/pr is/fixes a bug

Projects

None yet

Milestone

4.0.0 Final Release

Development

Successfully merging this pull request may close these issues.

OSSL_PARAM_BLD_push_octet_string breaking change with 3.5.6 and other recent releases

7 participants

@t8m @openssl-machine @npajkovsky @xnox @esyr @paulidale @slontis