[openssl] master update
tomas at openssl.org
tomas at openssl.org
Tue Nov 9 14:41:31 UTC 2021
The branch master has been updated
via e7414634a59aa61c7917193a31382ced95d40eeb (commit)
from a18cdd28077be05ec88538be84a761469f3f20c4 (commit)
- Log -----------------------------------------------------------------
commit e7414634a59aa61c7917193a31382ced95d40eeb
Author: Xiaofei Bai <xiaofei.bai at arm.com>
Date: Wed Nov 3 03:28:23 2021 +0000
Fix sigsize usage in apps/speed.c
In a recent upstream change
(43da9a14f0e73f42f28ae34219929b44df5d1a11)
the parameter sigsize become a read/write input in
EVP_PKEY_sign(), and after signing, sigsize will be overwritten with
the actual size and used in the verify step. As the speed program
calls EVP_PKEY_sign() on the same context repeatedly, sigsize value is
no longer the initial available size, and may fail in later buffer
size checks.
This fix adds a new buflen member in struct loopargs (which is only
used within apps/speed.c), to save available buffer size and
to be used as sigsize input in EVP_PKEY_sign() calls.
Sigsize still contains the signature size for the verify step.
Signed-off-by: Xiaofei Bai <xiaofei.bai at arm.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16991)
-----------------------------------------------------------------------
Summary of changes:
apps/speed.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/apps/speed.c b/apps/speed.c
index 4dd9ce0885..ada559228d 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -462,6 +462,7 @@ typedef struct loopargs_st {
unsigned char *buf_malloc;
unsigned char *buf2_malloc;
unsigned char *key;
+ size_t buflen;
size_t sigsize;
EVP_PKEY_CTX *rsa_sign_ctx[RSA_NUM];
EVP_PKEY_CTX *rsa_verify_ctx[RSA_NUM];
@@ -832,6 +833,7 @@ static int RSA_sign_loop(void *args)
int ret, count;
for (count = 0; COND(rsa_c[testnum][0]); count++) {
+ *rsa_num = tempargs->buflen;
ret = EVP_PKEY_sign(rsa_sign_ctx[testnum], buf2, rsa_num, buf, 36);
if (ret <= 0) {
BIO_printf(bio_err, "RSA sign failure\n");
@@ -892,6 +894,7 @@ static int DSA_sign_loop(void *args)
int ret, count;
for (count = 0; COND(dsa_c[testnum][0]); count++) {
+ *dsa_num = tempargs->buflen;
ret = EVP_PKEY_sign(dsa_sign_ctx[testnum], buf2, dsa_num, buf, 20);
if (ret <= 0) {
BIO_printf(bio_err, "DSA sign failure\n");
@@ -935,6 +938,7 @@ static int ECDSA_sign_loop(void *args)
int ret, count;
for (count = 0; COND(ecdsa_c[testnum][0]); count++) {
+ *ecdsa_num = tempargs->buflen;
ret = EVP_PKEY_sign(ecdsa_sign_ctx[testnum], buf2, ecdsa_num, buf, 20);
if (ret <= 0) {
BIO_printf(bio_err, "ECDSA sign failure\n");
@@ -1779,6 +1783,8 @@ int speed_main(int argc, char **argv)
/* Align the start of buffers on a 64 byte boundary */
loopargs[i].buf = loopargs[i].buf_malloc + misalign;
loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
+ loopargs[i].buflen = buflen - misalign;
+ loopargs[i].sigsize = buflen - misalign;
loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a");
loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b");
#ifndef OPENSSL_NO_DH
@@ -2349,6 +2355,7 @@ int speed_main(int argc, char **argv)
for (i = 0; st && i < loopargs_len; i++) {
loopargs[i].rsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key, NULL);
+ loopargs[i].sigsize = loopargs[i].buflen;
if (loopargs[i].rsa_sign_ctx[testnum] == NULL
|| EVP_PKEY_sign_init(loopargs[i].rsa_sign_ctx[testnum]) <= 0
|| EVP_PKEY_sign(loopargs[i].rsa_sign_ctx[testnum],
@@ -2427,6 +2434,7 @@ int speed_main(int argc, char **argv)
for (i = 0; st && i < loopargs_len; i++) {
loopargs[i].dsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key,
NULL);
+ loopargs[i].sigsize = loopargs[i].buflen;
if (loopargs[i].dsa_sign_ctx[testnum] == NULL
|| EVP_PKEY_sign_init(loopargs[i].dsa_sign_ctx[testnum]) <= 0
@@ -2505,6 +2513,7 @@ int speed_main(int argc, char **argv)
for (i = 0; st && i < loopargs_len; i++) {
loopargs[i].ecdsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key,
NULL);
+ loopargs[i].sigsize = loopargs[i].buflen;
if (loopargs[i].ecdsa_sign_ctx[testnum] == NULL
|| EVP_PKEY_sign_init(loopargs[i].ecdsa_sign_ctx[testnum]) <= 0
More information about the openssl-commits
mailing list