[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Fri Nov 5 00:55:33 UTC 2021
The branch master has been updated
via 09d91264c8ee1fdfcbe41f326a96a21cd85eb732 (commit)
from cc350c882218b1053a636d01eb36573b3e7b20c2 (commit)
- Log -----------------------------------------------------------------
commit 09d91264c8ee1fdfcbe41f326a96a21cd85eb732
Author: Phil Mesnier <mesnierp at objectcomputing.com>
Date: Wed Oct 27 04:26:45 2021 -0500
Fix for a segv interrupt that occurs when fix_dh_rfc5114 is called with
ctx->p2 being a null pointer.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16913)
(cherry picked from commit 07e6c857364770f6e986b5d8ceb9fbe296f3c6d0)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/ctrl_params_translate.c | 16 ++++++++++++++--
test/dhtest.c | 22 ++++++++++++++++++++++
2 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
index d17017a78e..cfde29dac2 100644
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -1026,10 +1026,23 @@ static int fix_dh_nid5114(enum state state,
if (ctx->action_type != SET)
return 0;
- if (state == PRE_CTRL_STR_TO_PARAMS) {
+ switch (state) {
+ case PRE_CTRL_TO_PARAMS:
+ ctx->p2 = (char *)ossl_ffc_named_group_get_name
+ (ossl_ffc_uid_to_dh_named_group(ctx->p1));
+ ctx->p1 = 0;
+ break;
+
+ case PRE_CTRL_STR_TO_PARAMS:
+ if (ctx->p2 == NULL)
+ return 0;
ctx->p2 = (char *)ossl_ffc_named_group_get_name
(ossl_ffc_uid_to_dh_named_group(atoi(ctx->p2)));
ctx->p1 = 0;
+ break;
+
+ default:
+ break;
}
return default_fixup_args(state, translation, ctx);
@@ -2741,4 +2754,3 @@ int evp_pkey_get_params_to_ctrl(const EVP_PKEY *pkey, OSSL_PARAM *params)
{
return evp_pkey_setget_params_to_ctrl(pkey, GET, params);
}
-
diff --git a/test/dhtest.c b/test/dhtest.c
index bd99b06a24..c24bae4a82 100644
--- a/test/dhtest.c
+++ b/test/dhtest.c
@@ -730,6 +730,27 @@ err:
return ok;
}
+static int dh_rfc5114_fix_nid_test(void)
+{
+ int ok = 0;
+ EVP_PKEY_CTX *paramgen_ctx;
+
+ /* Run the test. Success is any time the test does not cause a SIGSEGV interrupt */
+ paramgen_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DHX, 0);
+ if (!TEST_ptr(paramgen_ctx))
+ goto err;
+ if (!TEST_int_eq(EVP_PKEY_paramgen_init(paramgen_ctx), 1))
+ goto err;
+ /* Tested function is called here */
+ if (!TEST_int_eq(EVP_PKEY_CTX_set_dhx_rfc5114(paramgen_ctx, 3), 1))
+ goto err;
+ /* If we're still running then the test passed. */
+ ok = 1;
+err:
+ EVP_PKEY_CTX_free(paramgen_ctx);
+ return ok;
+}
+
static int dh_get_nid(void)
{
int ok = 0;
@@ -876,6 +897,7 @@ int setup_tests(void)
ADD_ALL_TESTS(dh_test_prime_groups, OSSL_NELEM(prime_groups));
ADD_TEST(dh_get_nid);
ADD_TEST(dh_load_pkcs3_namedgroup_privlen_test);
+ ADD_TEST(dh_rfc5114_fix_nid_test);
#endif
return 1;
}
More information about the openssl-commits
mailing list