[openssl] master update

shane.lontis at oracle.com shane.lontis at oracle.com
Fri Nov 20 02:02:16 UTC 2020


The branch master has been updated
       via  f2a7151849a566892912737f7b633c04f64a2b9e (commit)
      from  ae2e4d1fd11910245b6f7b4db31cccf1ff4bec60 (commit)


- Log -----------------------------------------------------------------
commit f2a7151849a566892912737f7b633c04f64a2b9e
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Wed Nov 18 11:32:33 2020 +1000

    Fix crash in genpkey app when -pkeyopt digest:name is used for DH or DSA.
    
    By the time the keygen is called the references to strings inside the
    gen ctx are floating pointers. A strdup solves this problem.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13432)

-----------------------------------------------------------------------

Summary of changes:
 providers/implementations/keymgmt/dh_kmgmt.c  | 16 ++++++++++++----
 providers/implementations/keymgmt/dsa_kmgmt.c | 16 ++++++++++++----
 test/recipes/15-test_gendh.t                  | 10 +++++++++-
 test/recipes/15-test_gendsa.t                 | 10 +++++++++-
 4 files changed, 42 insertions(+), 10 deletions(-)

diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index 927246167e..dc0f3b2acd 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -69,8 +69,8 @@ struct dh_gen_ctx {
     int hindex;
     int priv_len;
 
-    const char *mdname;
-    const char *mdprops;
+    char *mdname;
+    char *mdprops;
     OSSL_CALLBACK *cb;
     void *cbarg;
     int dh_type;
@@ -549,13 +549,19 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[])
     if (p != NULL) {
         if (p->data_type != OSSL_PARAM_UTF8_STRING)
             return 0;
-        gctx->mdname = p->data;
+        OPENSSL_free(gctx->mdname);
+        gctx->mdname = OPENSSL_strdup(p->data);
+        if (gctx->mdname == NULL)
+            return 0;
     }
     p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST_PROPS);
     if (p != NULL) {
         if (p->data_type != OSSL_PARAM_UTF8_STRING)
             return 0;
-        gctx->mdprops = p->data;
+        OPENSSL_free(gctx->mdprops);
+        gctx->mdprops = OPENSSL_strdup(p->data);
+        if (gctx->mdprops == NULL)
+            return 0;
     }
     p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN);
     if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->priv_len))
@@ -694,6 +700,8 @@ static void dh_gen_cleanup(void *genctx)
     if (gctx == NULL)
         return;
 
+    OPENSSL_free(gctx->mdname);
+    OPENSSL_free(gctx->mdprops);
     OPENSSL_clear_free(gctx->seed, gctx->seedlen);
     OPENSSL_free(gctx);
 }
diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c
index 6dbd450386..bc4591b1d6 100644
--- a/providers/implementations/keymgmt/dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/dsa_kmgmt.c
@@ -63,8 +63,8 @@ struct dsa_gen_ctx {
     int gen_type; /* DSA_PARAMGEN_TYPE_FIPS_186_2 or DSA_PARAMGEN_TYPE_FIPS_186_4 */
     int pcounter;
     int hindex;
-    const char *mdname;
-    const char *mdprops;
+    char *mdname;
+    char *mdprops;
     OSSL_CALLBACK *cb;
     void *cbarg;
 };
@@ -459,13 +459,19 @@ static int dsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
     if (p != NULL) {
         if (p->data_type != OSSL_PARAM_UTF8_STRING)
             return 0;
-        gctx->mdname = p->data;
+        OPENSSL_free(gctx->mdname);
+        gctx->mdname = OPENSSL_strdup(p->data);
+        if (gctx->mdname == NULL)
+            return 0;
     }
     p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST_PROPS);
     if (p != NULL) {
         if (p->data_type != OSSL_PARAM_UTF8_STRING)
             return 0;
-        gctx->mdprops = p->data;
+        OPENSSL_free(gctx->mdprops);
+        gctx->mdprops = OPENSSL_strdup(p->data);
+        if (gctx->mdprops == NULL)
+            return 0;
     }
     return 1;
 }
@@ -572,6 +578,8 @@ static void dsa_gen_cleanup(void *genctx)
     if (gctx == NULL)
         return;
 
+    OPENSSL_free(gctx->mdname);
+    OPENSSL_free(gctx->mdprops);
     OPENSSL_clear_free(gctx->seed, gctx->seedlen);
     OPENSSL_free(gctx);
 }
diff --git a/test/recipes/15-test_gendh.t b/test/recipes/15-test_gendh.t
index c87ae0d89c..87dd73f438 100644
--- a/test/recipes/15-test_gendh.t
+++ b/test/recipes/15-test_gendh.t
@@ -18,7 +18,7 @@ setup("test_gendh");
 
 plan skip_all => "This test is unsupported in a no-dh build" if disabled("dh");
 
-plan tests => 12;
+plan tests => 13;
 
 ok(run(app([ 'openssl', 'genpkey', '-genparam',
              '-algorithm', 'DH',
@@ -33,6 +33,14 @@ ok(run(app([ 'openssl', 'genpkey', '-genparam',
              '-text'])),
    "genpkey DH params fips186_4 with unverifiable g");
 
+ok(run(app([ 'openssl', 'genpkey', '-genparam',
+             '-algorithm', 'DH',
+             '-pkeyopt', 'pbits:2048',
+             '-pkeyopt', 'qbits:224',
+             '-pkeyopt', 'digest:SHA512-224',
+             '-pkeyopt', 'type:fips186_4'])),
+   "genpkey DH params fips186_4 with truncated SHA");
+
 ok(run(app([ 'openssl', 'genpkey', '-genparam',
              '-algorithm', 'DH',
              '-pkeyopt', 'type:fips186_2',
diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t
index 910cc7da56..5e36109b37 100644
--- a/test/recipes/15-test_gendsa.t
+++ b/test/recipes/15-test_gendsa.t
@@ -19,7 +19,7 @@ setup("test_gendsa");
 plan skip_all => "This test is unsupported in a no-dsa build"
     if disabled("dsa");
 
-plan tests => 10;
+plan tests => 11;
 
 ok(run(app([ 'openssl', 'genpkey', '-genparam',
              '-algorithm', 'DSA',
@@ -34,6 +34,14 @@ ok(run(app([ 'openssl', 'genpkey', '-genparam',
              '-text'])),
    "genpkey DSA params fips186_4 with unverifiable g");
 
+ok(run(app([ 'openssl', 'genpkey', '-genparam',
+             '-algorithm', 'DSA',
+             '-pkeyopt', 'pbits:2048',
+             '-pkeyopt', 'qbits:224',
+             '-pkeyopt', 'digest:SHA512-256',
+             '-pkeyopt', 'type:fips186_4'])),
+   "genpkey DSA params fips186_4 with truncated SHA");
+
 ok(run(app([ 'openssl', 'genpkey', '-genparam',
              '-algorithm', 'DSA',
              '-pkeyopt', 'type:fips186_2',


More information about the openssl-commits mailing list