[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Thu Dec 3 22:27:55 UTC 2020
The branch master has been updated
via ddfd7182cf2b7e69669cf4fd3471a37d09af4ea1 (commit)
via 637dce3c3adf3527afeb33a98ae312285ebe0d19 (commit)
via c22139a78610210a977c3afcc358295b864befa5 (commit)
via 22b9230f39ff44f434dc671c45fe0bc68c14c0ad (commit)
from ae290d8f0cc9fcfec2777bd18c39a4059001c7cc (commit)
- Log -----------------------------------------------------------------
commit ddfd7182cf2b7e69669cf4fd3471a37d09af4ea1
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Wed Dec 2 20:54:08 2020 +1000
Fix EVP_PKEY_CTX propq so that it uses a copy
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12700)
commit 637dce3c3adf3527afeb33a98ae312285ebe0d19
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Wed Dec 2 20:52:32 2020 +1000
fix x509_PUBKEY propq so that it uses a copy
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12700)
commit c22139a78610210a977c3afcc358295b864befa5
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Wed Dec 2 20:50:32 2020 +1000
Fix x509_crl propq so that it uses a copy
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12700)
commit 22b9230f39ff44f434dc671c45fe0bc68c14c0ad
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Fri Aug 21 15:14:42 2020 +1000
Fix X509 propq so it does not use references
Fixes #13486
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12700)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/pmeth_lib.c | 19 ++++++++++++++++---
crypto/x509/x_crl.c | 17 ++++++++++++++++-
crypto/x509/x_pubkey.c | 28 +++++++++++++++++++++++++---
crypto/x509/x_x509.c | 20 ++++++++++++++------
include/crypto/evp.h | 2 +-
include/crypto/x509.h | 4 ++--
6 files changed, 74 insertions(+), 16 deletions(-)
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 903e30acf0..2c2d939538 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -312,9 +312,14 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx,
EVP_KEYMGMT_free(keymgmt);
return NULL;
}
-
+ if (propquery != NULL) {
+ ret->propquery = OPENSSL_strdup(propquery);
+ if (ret->propquery == NULL) {
+ EVP_KEYMGMT_free(keymgmt);
+ return NULL;
+ }
+ }
ret->libctx = libctx;
- ret->propquery = propquery;
ret->keytype = keytype;
ret->keymgmt = keymgmt;
ret->legacy_keytype = id; /* TODO: Remove when #legacy key are gone */
@@ -397,6 +402,7 @@ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx)
#endif
EVP_KEYMGMT_free(ctx->keymgmt);
+ OPENSSL_free(ctx->propquery);
EVP_PKEY_free(ctx->pkey);
EVP_PKEY_free(ctx->peerkey);
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
@@ -474,7 +480,14 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
rctx->operation = pctx->operation;
rctx->libctx = pctx->libctx;
rctx->keytype = pctx->keytype;
- rctx->propquery = pctx->propquery;
+ rctx->propquery = NULL;
+ if (pctx->propquery != NULL) {
+ rctx->propquery = OPENSSL_strdup(pctx->propquery);
+ if (rctx->propquery == NULL) {
+ OPENSSL_free(rctx);
+ return NULL;
+ }
+ }
if (EVP_PKEY_CTX_IS_DERIVE_OP(pctx)) {
if (pctx->op.kex.exchange != NULL) {
diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index 1ec7925513..164d425ab2 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -264,6 +264,15 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
ASN1_INTEGER_free(crl->crl_number);
ASN1_INTEGER_free(crl->base_crl_number);
sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
+ OPENSSL_free(crl->propq);
+ break;
+ case ASN1_OP_DUP_POST:
+ {
+ X509_CRL *old = exarg;
+
+ if (!x509_crl_set0_libctx(crl, old->libctx, old->propq))
+ return 0;
+ }
break;
}
return 1;
@@ -494,7 +503,13 @@ int x509_crl_set0_libctx(X509_CRL *x, OSSL_LIB_CTX *libctx, const char *propq)
{
if (x != NULL) {
x->libctx = libctx;
- x->propq = propq;
+ OPENSSL_free(x->propq);
+ x->propq = NULL;
+ if (propq != NULL) {
+ x->propq = OPENSSL_strdup(propq);
+ if (x->propq == NULL)
+ return 0;
+ }
}
return 1;
}
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index 9f5b5d3c3d..f2caa0b834 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -32,11 +32,27 @@ struct X509_pubkey_st {
/* extra data for the callback, used by d2i_PUBKEY_ex */
OSSL_LIB_CTX *libctx;
- const char *propq;
+ char *propq;
};
static int x509_pubkey_decode(EVP_PKEY **pk, const X509_PUBKEY *key);
+static int x509_pubkey_set0_libctx(X509_PUBKEY *x, OSSL_LIB_CTX *libctx,
+ const char *propq)
+{
+ if (x != NULL) {
+ x->libctx = libctx;
+ OPENSSL_free(x->propq);
+ x->propq = NULL;
+ if (propq != NULL) {
+ x->propq = OPENSSL_strdup(propq);
+ if (x->propq == NULL)
+ return 0;
+ }
+ }
+ return 1;
+}
+
/* Minor tweak to operation: free up EVP_PKEY */
static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
void *exarg)
@@ -44,6 +60,7 @@ static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
if (operation == ASN1_OP_FREE_POST) {
+ OPENSSL_free(pubkey->propq);
EVP_PKEY_free(pubkey->pkey);
} else if (operation == ASN1_OP_D2I_POST) {
/* Attempt to decode public key and cache in pubkey structure. */
@@ -60,6 +77,11 @@ static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
return 0;
}
ERR_pop_to_mark();
+ } else if (operation == ASN1_OP_DUP_POST) {
+ X509_PUBKEY *old = exarg;
+
+ if (!x509_pubkey_set0_libctx(pubkey, old->libctx, old->propq))
+ return 0;
}
return 1;
}
@@ -257,8 +279,8 @@ EVP_PKEY *d2i_PUBKEY_ex(EVP_PKEY **a, const unsigned char **pp, long length,
ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
return NULL;
}
- xpk2->libctx = libctx;
- xpk2->propq = propq;
+ if (!x509_pubkey_set0_libctx(xpk2, libctx, propq))
+ goto end;
pxpk = &xpk2;
}
xpk = d2i_X509_PUBKEY(pxpk, &q, length);
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index efcd7cd15c..b09fa2754a 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -95,23 +95,22 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
ASIdentifiers_free(ret->rfc3779_asid);
#endif
ASN1_OCTET_STRING_free(ret->distinguishing_id);
+ OPENSSL_free(ret->propq);
break;
case ASN1_OP_DUP_POST:
{
X509 *old = exarg;
- ret->libctx = old->libctx;
- ret->propq = old->propq;
+ if (!x509_set0_libctx(ret, old->libctx, old->propq))
+ return 0;
}
break;
-
default:
break;
}
return 1;
-
}
ASN1_SEQUENCE_ref(X509, x509_cb) = {
@@ -149,7 +148,13 @@ int x509_set0_libctx(X509 *x, OSSL_LIB_CTX *libctx, const char *propq)
{
if (x != NULL) {
x->libctx = libctx;
- x->propq = propq;
+ OPENSSL_free(x->propq);
+ x->propq = NULL;
+ if (propq != NULL) {
+ x->propq = OPENSSL_strdup(propq);
+ if (x->propq == NULL)
+ return 0;
+ }
}
return 1;
}
@@ -159,7 +164,10 @@ X509 *X509_new_ex(OSSL_LIB_CTX *libctx, const char *propq)
X509 *cert = NULL;
cert = (X509 *)ASN1_item_new((X509_it()));
- (void)x509_set0_libctx(cert, libctx, propq);
+ if (!x509_set0_libctx(cert, libctx, propq)) {
+ X509_free(cert);
+ cert = NULL;
+ }
return cert;
}
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 6eac2a0b63..c6cbd787a7 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -43,7 +43,7 @@ struct evp_pkey_ctx_st {
* this context
*/
OSSL_LIB_CTX *libctx;
- const char *propquery;
+ char *propquery;
const char *keytype;
EVP_KEYMGMT *keymgmt;
diff --git a/include/crypto/x509.h b/include/crypto/x509.h
index 6fa5d22dc6..d88cd31902 100644
--- a/include/crypto/x509.h
+++ b/include/crypto/x509.h
@@ -116,7 +116,7 @@ struct X509_crl_st {
CRYPTO_RWLOCK *lock;
OSSL_LIB_CTX *libctx;
- const char *propq;
+ char *propq;
};
struct x509_revoked_st {
@@ -196,7 +196,7 @@ struct x509_st {
ASN1_OCTET_STRING *distinguishing_id;
OSSL_LIB_CTX *libctx;
- const char *propq;
+ char *propq;
} /* X509 */ ;
/*
More information about the openssl-commits
mailing list