[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
Dr. Stephen Henson
steve at openssl.org
Wed May 4 12:01:14 UTC 2016
The branch OpenSSL_1_0_1-stable has been updated
via 28dab7cfba522603d88ca95aab16b335060b6c3d (commit)
via c3011e3e1d60babb18ffdf3af4b5e9cb2cfd832c (commit)
from c33e68971fa5a37ecb443755da22db9af5c35c80 (commit)
- Log -----------------------------------------------------------------
commit 28dab7cfba522603d88ca95aab16b335060b6c3d
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue May 3 15:05:31 2016 +0100
Fix double free in d2i_PrivateKey().
RT#4527
Reviewed-by: Matt Caswell <matt at openssl.org>
(cherry picked from commit 3340e8bb186f689df5720352f65a9c0c42b6046b)
commit c3011e3e1d60babb18ffdf3af4b5e9cb2cfd832c
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue May 3 15:21:41 2016 +0100
add documentation
Reviewed-by: Matt Caswell <matt at openssl.org>
(cherry picked from commit b1b3e14fbeb373a288ba20402600e071e6f402f8)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/d2i_pr.c | 8 +++---
doc/crypto/d2i_PrivateKey.pod | 59 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 64 insertions(+), 3 deletions(-)
create mode 100644 doc/crypto/d2i_PrivateKey.pod
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index d21829a..86dcf5f 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -97,15 +97,17 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
if (!ret->ameth->old_priv_decode ||
!ret->ameth->old_priv_decode(ret, &p, length)) {
if (ret->ameth->priv_decode) {
+ EVP_PKEY *tmp;
PKCS8_PRIV_KEY_INFO *p8 = NULL;
p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
if (!p8)
goto err;
- EVP_PKEY_free(ret);
- ret = EVP_PKCS82PKEY(p8);
+ tmp = EVP_PKCS82PKEY(p8);
PKCS8_PRIV_KEY_INFO_free(p8);
- if (ret == NULL)
+ if (tmp == NULL)
goto err;
+ EVP_PKEY_free(ret);
+ ret = tmp;
} else {
ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
goto err;
diff --git a/doc/crypto/d2i_PrivateKey.pod b/doc/crypto/d2i_PrivateKey.pod
new file mode 100644
index 0000000..e06ab6c
--- /dev/null
+++ b/doc/crypto/d2i_PrivateKey.pod
@@ -0,0 +1,59 @@
+=pod
+
+=head1 NAME
+
+d2i_Private_key, d2i_AutoPrivateKey, i2d_PrivateKey - decode and encode
+functions for reading and saving EVP_PKEY structures.
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+ long length);
+ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+ long length);
+ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+d2i_PrivateKey() decodes a private key using algorithm B<type>. It attempts to
+use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The
+B<type> parameter should be a public key algorithm constant such as
+B<EVP_PKEY_RSA>. An error occurs if the decoded key does not match B<type>.
+
+d2i_AutoPrivateKey() is similar to d2i_PrivateKey() except it attempts to
+automatically detect the private key format.
+
+i2d_PrivateKey() encodes B<key>. It uses a key specific format or, if none is
+defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format.
+
+These functions are similar to the d2i_X509() functions, and you should refer to
+that page for a detailed description (see L<d2i_X509(3)>).
+
+=head1 NOTES
+
+All these functions use DER format and unencrypted keys. Applications wishing
+to encrypt or decrypt private keys should use other functions such as
+d2i_PKC8PrivateKey() instead.
+
+If the B<*a> is not NULL when calling d2i_PrivateKey() or d2i_AutoPrivateKey()
+(i.e. an existing structure is being reused) and the key format is PKCS#8
+then B<*a> will be freed and replaced on a successful call.
+
+=head1 RETURN VALUES
+
+d2i_PrivateKey() and d2i_AutoPrivateKey() return a valid B<EVP_KEY> structure
+or B<NULL> if an error occurs. The error code can be obtained by calling
+L<ERR_get_error(3)>.
+
+i2d_PrivateKey() returns the number of bytes successfully encoded or a
+negative value if an error occurs. The error code can be obtained by calling
+L<ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<crypto(3)>,
+L<d2i_PKCS8PrivateKey(3)>
+
+=cut
More information about the openssl-commits
mailing list