[openssl] master update

Richard Levitte levitte at openssl.org
Wed Aug 18 15:06:39 UTC 2021


The branch master has been updated
       via  d68820d95634322108316f3051a1746ead88adaf (commit)
       via  4e92d5c79d501d09a978fd896c715da07902d8b7 (commit)
      from  2fbf0a560d77551d37e188b2d230b8fd8a94ac1f (commit)


- Log -----------------------------------------------------------------
commit d68820d95634322108316f3051a1746ead88adaf
Author: Richard Levitte <levitte at openssl.org>
Date:   Tue Aug 17 14:32:35 2021 +0200

    Add tests for EVP_PKEY_get_utf8_string_param(), both positive and negative
    
    Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16334)

commit 4e92d5c79d501d09a978fd896c715da07902d8b7
Author: Richard Levitte <levitte at openssl.org>
Date:   Tue Aug 17 08:46:23 2021 +0200

    EVP_PKEY_get_utf8_string_param(): ensure the string is NUL terminated
    
    A check is added to fail this function if the string buffer isn't
    large enough to accomodate a terminating NUL byte.
    
    Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16334)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/p_lib.c                    | 20 ++++++++++++++------
 doc/man3/EVP_PKEY_gettable_params.pod | 14 ++++++++------
 test/evp_pkey_provided_test.c         | 31 +++++++++++++++++++++++++++++++
 3 files changed, 53 insertions(+), 12 deletions(-)

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index fa3a0258fa..2bc1237488 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -2145,7 +2145,7 @@ err:
 
 int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name,
                                     unsigned char *buf, size_t max_buf_sz,
-                                    size_t *out_sz)
+                                    size_t *out_len)
 {
     OSSL_PARAM params[2];
     int ret1 = 0, ret2 = 0;
@@ -2157,14 +2157,14 @@ int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name,
     params[1] = OSSL_PARAM_construct_end();
     if ((ret1 = EVP_PKEY_get_params(pkey, params)))
         ret2 = OSSL_PARAM_modified(params);
-    if (ret2 && out_sz != NULL)
-        *out_sz = params[0].return_size;
+    if (ret2 && out_len != NULL)
+        *out_len = params[0].return_size;
     return ret1 && ret2;
 }
 
 int EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey, const char *key_name,
                                     char *str, size_t max_buf_sz,
-                                    size_t *out_sz)
+                                    size_t *out_len)
 {
     OSSL_PARAM params[2];
     int ret1 = 0, ret2 = 0;
@@ -2176,8 +2176,16 @@ int EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey, const char *key_name,
     params[1] = OSSL_PARAM_construct_end();
     if ((ret1 = EVP_PKEY_get_params(pkey, params)))
         ret2 = OSSL_PARAM_modified(params);
-    if (ret2 && out_sz != NULL)
-        *out_sz = params[0].return_size;
+    if (ret2 && out_len != NULL)
+        *out_len = params[0].return_size;
+
+    if (ret2 && params[0].return_size == max_buf_sz)
+        /* There was no space for a NUL byte */
+        return 0;
+    /* Add a terminating NUL byte for good measure */
+    if (ret2 && str != NULL)
+        str[params[0].return_size] = '\0';
+
     return ret1 && ret2;
 }
 
diff --git a/doc/man3/EVP_PKEY_gettable_params.pod b/doc/man3/EVP_PKEY_gettable_params.pod
index 27240b0d3b..4c0737d050 100644
--- a/doc/man3/EVP_PKEY_gettable_params.pod
+++ b/doc/man3/EVP_PKEY_gettable_params.pod
@@ -47,14 +47,16 @@ EVP_PKEY_get_bn_param() retrieves a key I<pkey> BIGNUM value I<**bn>
 associated with a name of I<key_name>. If I<*bn> is NULL then the BIGNUM
 is allocated by the method.
 
-EVP_PKEY_get_utf8_string_param() get a key I<pkey> UTF8 string value int a buffer
-I<str> of maximum size I<max_buf_sz> associated with a name of I<key_name>.
-If I<out_sz> is not NULL the I<*out_sz> is set to the length of the string
+EVP_PKEY_get_utf8_string_param() get a key I<pkey> UTF8 string value into a
+buffer I<str> of maximum size I<max_buf_sz> associated with a name of
+I<key_name>.  The maximum size must be large enough to accomodate the string
+value including a terminating NUL byte, or this function will fail.
+If I<out_len> is not NULL, I<*out_len> is set to the length of the string
 not including the terminating NUL byte.
 
-EVP_PKEY_get_octet_string_param() copy a I<pkey>'s octet string value into a buffer
-I<buf> of maximum size I<max_buf_sz> associated with a name of I<key_name>.
-I<*out_sz> is the returned size of the buffer if it is not NULL.
+EVP_PKEY_get_octet_string_param() get a key I<pkey>'s octet string value into a
+buffer I<buf> of maximum size I<max_buf_sz> associated with a name of I<key_name>.
+If I<out_len> is not NULL, I<*out_len> is set to the length of the contents.
 
 =head1 NOTES
 
diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c
index f075f40b0c..593f7090eb 100644
--- a/test/evp_pkey_provided_test.c
+++ b/test/evp_pkey_provided_test.c
@@ -526,6 +526,37 @@ static int test_fromdata_dh_named_group(void)
                                         fromdata_params)))
         goto err;
 
+    /*
+     * A few extra checks of EVP_PKEY_get_utf8_string_param() to see that
+     * it behaves as expected with regards to string length and terminating
+     * NUL byte.
+     */
+    if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
+                                                  OSSL_PKEY_PARAM_GROUP_NAME,
+                                                  NULL, sizeof(name_out),
+                                                  &len))
+        || !TEST_size_t_eq(len, sizeof(group_name) - 1)
+        /* Just enough space to hold the group name and a terminating NUL */
+        || !TEST_true(EVP_PKEY_get_utf8_string_param(pk,
+                                                     OSSL_PKEY_PARAM_GROUP_NAME,
+                                                     name_out,
+                                                     sizeof(group_name),
+                                                     &len))
+        || !TEST_size_t_eq(len, sizeof(group_name) - 1)
+        /* Too small buffer to hold the terminating NUL byte */
+        || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
+                                                      OSSL_PKEY_PARAM_GROUP_NAME,
+                                                      name_out,
+                                                      sizeof(group_name) - 1,
+                                                      &len))
+        /* Too small buffer to hold the whole group name, even! */
+        || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
+                                                      OSSL_PKEY_PARAM_GROUP_NAME,
+                                                      name_out,
+                                                      sizeof(group_name) - 2,
+                                                      &len)))
+        goto err;
+
     while (dup_pk == NULL) {
         ret = 0;
         if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)


More information about the openssl-commits mailing list