[openssl] master update
kaduk at mit.edu
kaduk at mit.edu
Thu May 28 17:14:56 UTC 2020
The branch master has been updated
via 9c44916ce555a0280170c5fc519a0ebf693292f8 (commit)
via 7c302f8afc1d36ec12effd0c08047baced095b46 (commit)
via 2cd3ebc76c7d8e76a8e337ef1eef43753eacef00 (commit)
from 5ddec6a7d3206c61209a016db4227b847dcaad27 (commit)
- Log -----------------------------------------------------------------
commit 9c44916ce555a0280170c5fc519a0ebf693292f8
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Fri May 22 11:13:24 2020 -0700
RSA: Do not set NULL OAEP labels
As of the previous commit, when a zero-length (string) parameter
is present in the parameters passed to a provider for a given operation,
we will produce an object corresponding to that zero-length parameter,
indicating to the underlying cryptographic operation that the parameter
was passed. However, rsa_cms_decrypt() was relying on the previous
behavior, and unconditionally tried to call
EVP_PKEY_CTX_set0_rsa_oaep_label() even when the implicit default label
was used (and thus the relevant local variable was still NULL).
In the new setup that distinguishes present-but-empty and absent
more clearly, it is an error to attempt to set a NULL parameter,
even if it is zero-length.
Exercise more caution when setting parameters, and do not call
EVP_PKEY_CTX_set0_rsa_oaep_label() when there is not actually a
label provided.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11920)
commit 7c302f8afc1d36ec12effd0c08047baced095b46
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Thu May 21 14:10:50 2020 -0700
params: do not ignore zero-length strings
Prior to this commit, if a string (or octet string) parameter
was present but indicated it was zero-length, we would return success
but with a NULL output value. This can be problematic in cases where
there is a protocol-level distinction between parameter-absent and
parameter-present-but-zero-length, which is uncommon but can happen.
Since OPENSSL_malloc() returns NULL for zero-length allocation requests,
make a dummy allocation for this case, to give a signal that the string
parameter does exist but has zero length.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11920)
commit 2cd3ebc76c7d8e76a8e337ef1eef43753eacef00
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Thu May 21 12:53:59 2020 -0700
test HKDF with empty IKM
Add an extra EVP test that provides empty input key material. It
currently fails, since we lose the information about "key present but
zero length" as we deserialize parameters in the provider.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11920)
-----------------------------------------------------------------------
Summary of changes:
crypto/params.c | 7 +++----
crypto/rsa/rsa_ameth.c | 3 ++-
test/evp_extra_test.c | 42 ++++++++++++++++++++++++++++++++++++++++++
3 files changed, 47 insertions(+), 5 deletions(-)
diff --git a/crypto/params.c b/crypto/params.c
index 06ae1bc44f..9bccc51760 100644
--- a/crypto/params.c
+++ b/crypto/params.c
@@ -788,8 +788,6 @@ static int get_string_internal(const OSSL_PARAM *p, void **val, size_t max_len,
if (used_len != NULL)
*used_len = sz;
- if (sz == 0)
- return 1;
if (p->data == NULL)
return 0;
@@ -797,12 +795,13 @@ static int get_string_internal(const OSSL_PARAM *p, void **val, size_t max_len,
return 1;
if (*val == NULL) {
- char *const q = OPENSSL_malloc(sz);
+ char *const q = OPENSSL_malloc(sz > 0 ? sz : 1);
if (q == NULL)
return 0;
*val = q;
- memcpy(q, p->data, sz);
+ if (sz != 0)
+ memcpy(q, p->data, sz);
return 1;
}
if (max_len < sz)
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 6628e38342..22c06a2139 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -1007,7 +1007,8 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
goto err;
if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
goto err;
- if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
+ if (label != NULL
+ && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
goto err;
/* Carry on */
rv = 1;
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 2ab4be89a3..e6a76a1fa6 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -1246,6 +1246,47 @@ static int test_HKDF(void)
return ret;
}
+static int test_emptyikm_HKDF(void)
+{
+ EVP_PKEY_CTX *pctx;
+ unsigned char out[20];
+ size_t outlen;
+ int ret = 0;
+ unsigned char salt[] = "9876543210";
+ unsigned char key[] = "";
+ unsigned char info[] = "stringinfo";
+ const unsigned char expected[] = {
+ 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
+ 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
+ };
+ size_t expectedlen = sizeof(expected);
+
+ if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
+ goto done;
+
+ outlen = sizeof(out);
+ memset(out, 0, outlen);
+
+ if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
+ sizeof(salt) - 1), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
+ sizeof(key) - 1), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
+ sizeof(info) - 1), 0)
+ || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
+ || !TEST_mem_eq(out, outlen, expected, expectedlen))
+ goto done;
+
+ ret = 1;
+
+ done:
+ EVP_PKEY_CTX_free(pctx);
+
+ return ret;
+}
+
#ifndef OPENSSL_NO_EC
static int test_X509_PUBKEY_inplace(void)
{
@@ -1698,6 +1739,7 @@ int setup_tests(void)
ADD_TEST(test_CMAC_keygen);
#endif
ADD_TEST(test_HKDF);
+ ADD_TEST(test_emptyikm_HKDF);
#ifndef OPENSSL_NO_EC
ADD_TEST(test_X509_PUBKEY_inplace);
ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
More information about the openssl-commits
mailing list