[openssl] master update
Richard Levitte
levitte at openssl.org
Wed Aug 18 15:06:39 UTC 2021
The branch master has been updated
via d68820d95634322108316f3051a1746ead88adaf (commit)
via 4e92d5c79d501d09a978fd896c715da07902d8b7 (commit)
from 2fbf0a560d77551d37e188b2d230b8fd8a94ac1f (commit)
- Log -----------------------------------------------------------------
commit d68820d95634322108316f3051a1746ead88adaf
Author: Richard Levitte <levitte at openssl.org>
Date: Tue Aug 17 14:32:35 2021 +0200
Add tests for EVP_PKEY_get_utf8_string_param(), both positive and negative
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16334)
commit 4e92d5c79d501d09a978fd896c715da07902d8b7
Author: Richard Levitte <levitte at openssl.org>
Date: Tue Aug 17 08:46:23 2021 +0200
EVP_PKEY_get_utf8_string_param(): ensure the string is NUL terminated
A check is added to fail this function if the string buffer isn't
large enough to accomodate a terminating NUL byte.
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16334)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/p_lib.c | 20 ++++++++++++++------
doc/man3/EVP_PKEY_gettable_params.pod | 14 ++++++++------
test/evp_pkey_provided_test.c | 31 +++++++++++++++++++++++++++++++
3 files changed, 53 insertions(+), 12 deletions(-)
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index fa3a0258fa..2bc1237488 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -2145,7 +2145,7 @@ err:
int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name,
unsigned char *buf, size_t max_buf_sz,
- size_t *out_sz)
+ size_t *out_len)
{
OSSL_PARAM params[2];
int ret1 = 0, ret2 = 0;
@@ -2157,14 +2157,14 @@ int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name,
params[1] = OSSL_PARAM_construct_end();
if ((ret1 = EVP_PKEY_get_params(pkey, params)))
ret2 = OSSL_PARAM_modified(params);
- if (ret2 && out_sz != NULL)
- *out_sz = params[0].return_size;
+ if (ret2 && out_len != NULL)
+ *out_len = params[0].return_size;
return ret1 && ret2;
}
int EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey, const char *key_name,
char *str, size_t max_buf_sz,
- size_t *out_sz)
+ size_t *out_len)
{
OSSL_PARAM params[2];
int ret1 = 0, ret2 = 0;
@@ -2176,8 +2176,16 @@ int EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey, const char *key_name,
params[1] = OSSL_PARAM_construct_end();
if ((ret1 = EVP_PKEY_get_params(pkey, params)))
ret2 = OSSL_PARAM_modified(params);
- if (ret2 && out_sz != NULL)
- *out_sz = params[0].return_size;
+ if (ret2 && out_len != NULL)
+ *out_len = params[0].return_size;
+
+ if (ret2 && params[0].return_size == max_buf_sz)
+ /* There was no space for a NUL byte */
+ return 0;
+ /* Add a terminating NUL byte for good measure */
+ if (ret2 && str != NULL)
+ str[params[0].return_size] = '\0';
+
return ret1 && ret2;
}
diff --git a/doc/man3/EVP_PKEY_gettable_params.pod b/doc/man3/EVP_PKEY_gettable_params.pod
index 27240b0d3b..4c0737d050 100644
--- a/doc/man3/EVP_PKEY_gettable_params.pod
+++ b/doc/man3/EVP_PKEY_gettable_params.pod
@@ -47,14 +47,16 @@ EVP_PKEY_get_bn_param() retrieves a key I<pkey> BIGNUM value I<**bn>
associated with a name of I<key_name>. If I<*bn> is NULL then the BIGNUM
is allocated by the method.
-EVP_PKEY_get_utf8_string_param() get a key I<pkey> UTF8 string value int a buffer
-I<str> of maximum size I<max_buf_sz> associated with a name of I<key_name>.
-If I<out_sz> is not NULL the I<*out_sz> is set to the length of the string
+EVP_PKEY_get_utf8_string_param() get a key I<pkey> UTF8 string value into a
+buffer I<str> of maximum size I<max_buf_sz> associated with a name of
+I<key_name>. The maximum size must be large enough to accomodate the string
+value including a terminating NUL byte, or this function will fail.
+If I<out_len> is not NULL, I<*out_len> is set to the length of the string
not including the terminating NUL byte.
-EVP_PKEY_get_octet_string_param() copy a I<pkey>'s octet string value into a buffer
-I<buf> of maximum size I<max_buf_sz> associated with a name of I<key_name>.
-I<*out_sz> is the returned size of the buffer if it is not NULL.
+EVP_PKEY_get_octet_string_param() get a key I<pkey>'s octet string value into a
+buffer I<buf> of maximum size I<max_buf_sz> associated with a name of I<key_name>.
+If I<out_len> is not NULL, I<*out_len> is set to the length of the contents.
=head1 NOTES
diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c
index f075f40b0c..593f7090eb 100644
--- a/test/evp_pkey_provided_test.c
+++ b/test/evp_pkey_provided_test.c
@@ -526,6 +526,37 @@ static int test_fromdata_dh_named_group(void)
fromdata_params)))
goto err;
+ /*
+ * A few extra checks of EVP_PKEY_get_utf8_string_param() to see that
+ * it behaves as expected with regards to string length and terminating
+ * NUL byte.
+ */
+ if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
+ OSSL_PKEY_PARAM_GROUP_NAME,
+ NULL, sizeof(name_out),
+ &len))
+ || !TEST_size_t_eq(len, sizeof(group_name) - 1)
+ /* Just enough space to hold the group name and a terminating NUL */
+ || !TEST_true(EVP_PKEY_get_utf8_string_param(pk,
+ OSSL_PKEY_PARAM_GROUP_NAME,
+ name_out,
+ sizeof(group_name),
+ &len))
+ || !TEST_size_t_eq(len, sizeof(group_name) - 1)
+ /* Too small buffer to hold the terminating NUL byte */
+ || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
+ OSSL_PKEY_PARAM_GROUP_NAME,
+ name_out,
+ sizeof(group_name) - 1,
+ &len))
+ /* Too small buffer to hold the whole group name, even! */
+ || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
+ OSSL_PKEY_PARAM_GROUP_NAME,
+ name_out,
+ sizeof(group_name) - 2,
+ &len)))
+ goto err;
+
while (dup_pk == NULL) {
ret = 0;
if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
More information about the openssl-commits
mailing list