[openssl] master update

tomas at openssl.org tomas at openssl.org
Thu Aug 5 10:50:01 UTC 2021 

The branch master has been updated
       via  204323446e11d7062dc193e5e3986295925bd7b7 (commit)
      from  3d4ca443b4778e3230ff23f17625f58f815a9142 (commit)


- Log -----------------------------------------------------------------
commit 204323446e11d7062dc193e5e3986295925bd7b7
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed Aug 4 11:36:24 2021 +0200

    req: Avoid segfault when -modulus is used
    
    Fixes #16196
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/16215)

-----------------------------------------------------------------------

Summary of changes:
 apps/req.c                 | 4 ++--
 test/recipes/25-test_req.t | 7 ++++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/apps/req.c b/apps/req.c
index 5524092f2c..a0ecda8225 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -996,8 +996,8 @@ int req_main(int argc, char **argv)
         if (EVP_PKEY_is_a(tpubkey, "RSA")) {
             BIGNUM *n = NULL;
 
-            /* Every RSA key has an 'n' */
-            EVP_PKEY_get_bn_param(pkey, "n", &n);
+            if (!EVP_PKEY_get_bn_param(tpubkey, "n", &n))
+                goto end;
             BN_print(out, n);
             BN_free(n);
         } else {
diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
index 084d70bca5..a405810ae2 100644
--- a/test/recipes/25-test_req.t
+++ b/test/recipes/25-test_req.t
@@ -78,7 +78,7 @@ subtest "generating alt certificate requests with RSA" => sub {
 
 
 subtest "generating certificate requests with RSA" => sub {
-    plan tests => 7;
+    plan tests => 8;
 
     SKIP: {
         skip "RSA is not supported by this OpenSSL build", 2
@@ -103,6 +103,11 @@ subtest "generating certificate requests with RSA" => sub {
                     "-verify", "-in", "testreq-rsa.pem", "-noout"])),
            "Verifying signature on request");
 
+        ok(run(app(["openssl", "req",
+                    "-config", srctop_file("test", "test.cnf"),
+                    "-modulus", "-in", "testreq-rsa.pem", "-noout"])),
+           "Printing a modulus of the request key");
+
         ok(run(app(["openssl", "req",
                     "-config", srctop_file("test", "test.cnf"),
                     "-new", "-out", "testreq_withattrs_pem.pem", "-utf8",

More information about the openssl-commits mailing list