[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Fri Nov 20 02:02:16 UTC 2020
The branch master has been updated
via f2a7151849a566892912737f7b633c04f64a2b9e (commit)
from ae2e4d1fd11910245b6f7b4db31cccf1ff4bec60 (commit)
- Log -----------------------------------------------------------------
commit f2a7151849a566892912737f7b633c04f64a2b9e
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Wed Nov 18 11:32:33 2020 +1000
Fix crash in genpkey app when -pkeyopt digest:name is used for DH or DSA.
By the time the keygen is called the references to strings inside the
gen ctx are floating pointers. A strdup solves this problem.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13432)
-----------------------------------------------------------------------
Summary of changes:
providers/implementations/keymgmt/dh_kmgmt.c | 16 ++++++++++++----
providers/implementations/keymgmt/dsa_kmgmt.c | 16 ++++++++++++----
test/recipes/15-test_gendh.t | 10 +++++++++-
test/recipes/15-test_gendsa.t | 10 +++++++++-
4 files changed, 42 insertions(+), 10 deletions(-)
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index 927246167e..dc0f3b2acd 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -69,8 +69,8 @@ struct dh_gen_ctx {
int hindex;
int priv_len;
- const char *mdname;
- const char *mdprops;
+ char *mdname;
+ char *mdprops;
OSSL_CALLBACK *cb;
void *cbarg;
int dh_type;
@@ -549,13 +549,19 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[])
if (p != NULL) {
if (p->data_type != OSSL_PARAM_UTF8_STRING)
return 0;
- gctx->mdname = p->data;
+ OPENSSL_free(gctx->mdname);
+ gctx->mdname = OPENSSL_strdup(p->data);
+ if (gctx->mdname == NULL)
+ return 0;
}
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST_PROPS);
if (p != NULL) {
if (p->data_type != OSSL_PARAM_UTF8_STRING)
return 0;
- gctx->mdprops = p->data;
+ OPENSSL_free(gctx->mdprops);
+ gctx->mdprops = OPENSSL_strdup(p->data);
+ if (gctx->mdprops == NULL)
+ return 0;
}
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN);
if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->priv_len))
@@ -694,6 +700,8 @@ static void dh_gen_cleanup(void *genctx)
if (gctx == NULL)
return;
+ OPENSSL_free(gctx->mdname);
+ OPENSSL_free(gctx->mdprops);
OPENSSL_clear_free(gctx->seed, gctx->seedlen);
OPENSSL_free(gctx);
}
diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c
index 6dbd450386..bc4591b1d6 100644
--- a/providers/implementations/keymgmt/dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/dsa_kmgmt.c
@@ -63,8 +63,8 @@ struct dsa_gen_ctx {
int gen_type; /* DSA_PARAMGEN_TYPE_FIPS_186_2 or DSA_PARAMGEN_TYPE_FIPS_186_4 */
int pcounter;
int hindex;
- const char *mdname;
- const char *mdprops;
+ char *mdname;
+ char *mdprops;
OSSL_CALLBACK *cb;
void *cbarg;
};
@@ -459,13 +459,19 @@ static int dsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
if (p != NULL) {
if (p->data_type != OSSL_PARAM_UTF8_STRING)
return 0;
- gctx->mdname = p->data;
+ OPENSSL_free(gctx->mdname);
+ gctx->mdname = OPENSSL_strdup(p->data);
+ if (gctx->mdname == NULL)
+ return 0;
}
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST_PROPS);
if (p != NULL) {
if (p->data_type != OSSL_PARAM_UTF8_STRING)
return 0;
- gctx->mdprops = p->data;
+ OPENSSL_free(gctx->mdprops);
+ gctx->mdprops = OPENSSL_strdup(p->data);
+ if (gctx->mdprops == NULL)
+ return 0;
}
return 1;
}
@@ -572,6 +578,8 @@ static void dsa_gen_cleanup(void *genctx)
if (gctx == NULL)
return;
+ OPENSSL_free(gctx->mdname);
+ OPENSSL_free(gctx->mdprops);
OPENSSL_clear_free(gctx->seed, gctx->seedlen);
OPENSSL_free(gctx);
}
diff --git a/test/recipes/15-test_gendh.t b/test/recipes/15-test_gendh.t
index c87ae0d89c..87dd73f438 100644
--- a/test/recipes/15-test_gendh.t
+++ b/test/recipes/15-test_gendh.t
@@ -18,7 +18,7 @@ setup("test_gendh");
plan skip_all => "This test is unsupported in a no-dh build" if disabled("dh");
-plan tests => 12;
+plan tests => 13;
ok(run(app([ 'openssl', 'genpkey', '-genparam',
'-algorithm', 'DH',
@@ -33,6 +33,14 @@ ok(run(app([ 'openssl', 'genpkey', '-genparam',
'-text'])),
"genpkey DH params fips186_4 with unverifiable g");
+ok(run(app([ 'openssl', 'genpkey', '-genparam',
+ '-algorithm', 'DH',
+ '-pkeyopt', 'pbits:2048',
+ '-pkeyopt', 'qbits:224',
+ '-pkeyopt', 'digest:SHA512-224',
+ '-pkeyopt', 'type:fips186_4'])),
+ "genpkey DH params fips186_4 with truncated SHA");
+
ok(run(app([ 'openssl', 'genpkey', '-genparam',
'-algorithm', 'DH',
'-pkeyopt', 'type:fips186_2',
diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t
index 910cc7da56..5e36109b37 100644
--- a/test/recipes/15-test_gendsa.t
+++ b/test/recipes/15-test_gendsa.t
@@ -19,7 +19,7 @@ setup("test_gendsa");
plan skip_all => "This test is unsupported in a no-dsa build"
if disabled("dsa");
-plan tests => 10;
+plan tests => 11;
ok(run(app([ 'openssl', 'genpkey', '-genparam',
'-algorithm', 'DSA',
@@ -34,6 +34,14 @@ ok(run(app([ 'openssl', 'genpkey', '-genparam',
'-text'])),
"genpkey DSA params fips186_4 with unverifiable g");
+ok(run(app([ 'openssl', 'genpkey', '-genparam',
+ '-algorithm', 'DSA',
+ '-pkeyopt', 'pbits:2048',
+ '-pkeyopt', 'qbits:224',
+ '-pkeyopt', 'digest:SHA512-256',
+ '-pkeyopt', 'type:fips186_4'])),
+ "genpkey DSA params fips186_4 with truncated SHA");
+
ok(run(app([ 'openssl', 'genpkey', '-genparam',
'-algorithm', 'DSA',
'-pkeyopt', 'type:fips186_2',
More information about the openssl-commits
mailing list