[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Wed Dec 11 21:41:27 UTC 2019
The branch master has been updated
via 0402c90ff9caac4c680e3cb6db7729e00d3fc20b (commit)
from f5e77bb0fa25b2fd87c879eb5bfa3e7945731675 (commit)
- Log -----------------------------------------------------------------
commit 0402c90ff9caac4c680e3cb6db7729e00d3fc20b
Author: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Date: Thu Dec 12 07:41:00 2019 +1000
rand_lib.c: fix null pointer dereferences after RAND_get_rand_method() failure
RAND_get_rand_method() can return a NULL method pointer in the case of a
malloc failure, so don't dereference it without a check.
Reported-by: Zu-Ming Jiang (detected by FIFUZZ)
Fixes #10480
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10483)
-----------------------------------------------------------------------
Summary of changes:
crypto/err/openssl.txt | 2 ++
crypto/rand/rand_lib.c | 38 +++++++++++++++++++++-----------------
include/openssl/randerr.h | 2 ++
3 files changed, 25 insertions(+), 17 deletions(-)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 7a80a7e145..a39b65382d 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1150,6 +1150,8 @@ RAND_F_RAND_POOL_ATTACH:124:rand_pool_attach
RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed
RAND_F_RAND_POOL_GROW:127:
RAND_F_RAND_POOL_NEW:116:rand_pool_new
+RAND_F_RAND_PRIV_BYTES_EX:128:
+RAND_F_RAND_PSEUDO_BYTES:129:
RAND_F_RAND_WRITE_FILE:112:RAND_write_file
RSA_F_CHECK_PADDING_MD:140:check_padding_md
RSA_F_ENCODE_PKCS1:146:encode_pkcs1
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index c6b4ad3ae4..0be9db1c5f 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -311,6 +311,9 @@ int RAND_poll(void)
const RAND_METHOD *meth = RAND_get_rand_method();
+ if (meth == NULL)
+ return 0;
+
if (meth == RAND_OpenSSL()) {
/* fill random pool and seed the master DRBG */
RAND_DRBG *drbg = RAND_DRBG_get0_master();
@@ -831,7 +834,7 @@ void RAND_seed(const void *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
- if (meth->seed != NULL)
+ if (meth != NULL && meth->seed != NULL)
meth->seed(buf, num);
}
@@ -839,7 +842,7 @@ void RAND_add(const void *buf, int num, double randomness)
{
const RAND_METHOD *meth = RAND_get_rand_method();
- if (meth->add != NULL)
+ if (meth != NULL && meth->add != NULL)
meth->add(buf, num, randomness);
}
@@ -851,18 +854,20 @@ void RAND_add(const void *buf, int num, double randomness)
int rand_priv_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num)
{
RAND_DRBG *drbg;
- int ret;
const RAND_METHOD *meth = RAND_get_rand_method();
- if (meth != RAND_OpenSSL())
- return meth->bytes(buf, num);
+ if (meth != NULL && meth != RAND_OpenSSL()) {
+ if (meth->bytes != NULL)
+ return meth->bytes(buf, num);
+ RANDerr(RAND_F_RAND_PRIV_BYTES_EX, RAND_R_FUNC_NOT_IMPLEMENTED);
+ return -1;
+ }
drbg = OPENSSL_CTX_get0_private_drbg(ctx);
- if (drbg == NULL)
- return 0;
+ if (drbg != NULL)
+ return RAND_DRBG_bytes(drbg, buf, num);
- ret = RAND_DRBG_bytes(drbg, buf, num);
- return ret;
+ return 0;
}
int RAND_priv_bytes(unsigned char *buf, int num)
@@ -873,10 +878,9 @@ int RAND_priv_bytes(unsigned char *buf, int num)
int rand_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num)
{
RAND_DRBG *drbg;
- int ret;
const RAND_METHOD *meth = RAND_get_rand_method();
- if (meth != RAND_OpenSSL()) {
+ if (meth != NULL && meth != RAND_OpenSSL()) {
if (meth->bytes != NULL)
return meth->bytes(buf, num);
RANDerr(RAND_F_RAND_BYTES_EX, RAND_R_FUNC_NOT_IMPLEMENTED);
@@ -884,11 +888,10 @@ int rand_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num)
}
drbg = OPENSSL_CTX_get0_public_drbg(ctx);
- if (drbg == NULL)
- return 0;
+ if (drbg != NULL)
+ return RAND_DRBG_bytes(drbg, buf, num);
- ret = RAND_DRBG_bytes(drbg, buf, num);
- return ret;
+ return 0;
}
int RAND_bytes(unsigned char *buf, int num)
@@ -901,8 +904,9 @@ int RAND_pseudo_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
- if (meth->pseudorand != NULL)
+ if (meth != NULL && meth->pseudorand != NULL)
return meth->pseudorand(buf, num);
+ RANDerr(RAND_F_RAND_PSEUDO_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED);
return -1;
}
#endif
@@ -911,7 +915,7 @@ int RAND_status(void)
{
const RAND_METHOD *meth = RAND_get_rand_method();
- if (meth->status != NULL)
+ if (meth != NULL && meth->status != NULL)
return meth->status();
return 0;
}
diff --git a/include/openssl/randerr.h b/include/openssl/randerr.h
index e633260712..68992d771d 100644
--- a/include/openssl/randerr.h
+++ b/include/openssl/randerr.h
@@ -57,6 +57,8 @@ int ERR_load_RAND_strings(void);
# define RAND_F_RAND_POOL_BYTES_NEEDED 0
# define RAND_F_RAND_POOL_GROW 0
# define RAND_F_RAND_POOL_NEW 0
+# define RAND_F_RAND_PRIV_BYTES_EX 0
+# define RAND_F_RAND_PSEUDO_BYTES 0
# define RAND_F_RAND_WRITE_FILE 0
# endif
More information about the openssl-commits
mailing list