[openssl] openssl-3.0 update
Dr. Paul Dale
pauli at openssl.org
Fri Dec 17 03:41:34 UTC 2021
The branch openssl-3.0 has been updated
via 699dcc50ae0ef64815b00cb0b6d0b5f2d77ed530 (commit)
via 9a4e7d863fa5a65b0efef96c1c4891864aac036f (commit)
from 7a2e2f291badb58796d4fd3672f381f3e7a8323d (commit)
- Log -----------------------------------------------------------------
commit 699dcc50ae0ef64815b00cb0b6d0b5f2d77ed530
Author: Pauli <pauli at openssl.org>
Date: Tue Dec 14 11:08:00 2021 +1100
Add test case to verify that the use after free issue is fixed.
Test case based on reproducer by Guido Vranken.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17263)
(cherry picked from commit 27f7f527652e403177335eb2e3ba1ff6df13f193)
commit 9a4e7d863fa5a65b0efef96c1c4891864aac036f
Author: Pauli <pauli at openssl.org>
Date: Mon Dec 13 12:16:18 2021 +1100
evp: address a use after free state when using HMAC and MD copy.
Fixes #17261
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17263)
(cherry picked from commit ad2fcee1632d3f21a37e8e108d4c0dcf9099686d)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/digest.c | 3 ++-
test/hmactest.c | 31 +++++++++++++++++++++++++++++++
2 files changed, 33 insertions(+), 1 deletion(-)
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index d3a28fa351..d92059cbcc 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -520,7 +520,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
if (out->fetched_digest != NULL)
EVP_MD_free(out->fetched_digest);
*out = *in;
- return 1;
+ goto clone_pkey;
}
if (in->digest->prov == NULL
@@ -551,6 +551,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
}
}
+ clone_pkey:
/* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
#ifndef FIPS_MODULE
diff --git a/test/hmactest.c b/test/hmactest.c
index 63954a1183..8f5bf32f87 100644
--- a/test/hmactest.c
+++ b/test/hmactest.c
@@ -245,6 +245,36 @@ err:
return ret;
}
+static int test_hmac_copy_uninited(void)
+{
+ const unsigned char key[24] = {0};
+ const unsigned char ct[166] = {0};
+ EVP_PKEY *pkey = NULL;
+ EVP_MD_CTX *ctx = NULL;
+ EVP_MD_CTX *ctx_tmp = NULL;
+ int res = 0;
+
+ if (!TEST_ptr(ctx = EVP_MD_CTX_new())
+ || !TEST_ptr(pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
+ key, sizeof(key)))
+ || !TEST_true(EVP_DigestSignInit(ctx, NULL, EVP_sha1(), NULL, pkey))
+ || !TEST_ptr(ctx_tmp = EVP_MD_CTX_new())
+ || !TEST_true(EVP_MD_CTX_copy(ctx_tmp, ctx)))
+ goto err;
+ EVP_MD_CTX_free(ctx);
+ ctx = ctx_tmp;
+ ctx_tmp = NULL;
+
+ if (!TEST_true(EVP_DigestSignUpdate(ctx, ct, sizeof(ct))))
+ goto err;
+ res = 1;
+ err:
+ EVP_MD_CTX_free(ctx);
+ EVP_MD_CTX_free(ctx_tmp);
+ EVP_PKEY_free(pkey);
+ return res;
+}
+
# ifndef OPENSSL_NO_MD5
static char *pt(unsigned char *md, unsigned int len)
{
@@ -266,6 +296,7 @@ int setup_tests(void)
ADD_TEST(test_hmac_bad);
ADD_TEST(test_hmac_run);
ADD_TEST(test_hmac_copy);
+ ADD_TEST(test_hmac_copy_uninited);
return 1;
}
More information about the openssl-commits
mailing list