[openssl] openssl-3.0 update

tomas at openssl.org tomas at openssl.org
Mon Jan 3 11:00:25 UTC 2022 

The branch openssl-3.0 has been updated
       via  e09648323645031c16fdd9eb3e900e2db259e0d0 (commit)
      from  b247bb52b83ce096ab572af5d9525880e142f426 (commit)


- Log -----------------------------------------------------------------
commit e09648323645031c16fdd9eb3e900e2db259e0d0
Author: x2018 <xkernel.wang at foxmail.com>
Date:   Mon Nov 29 17:09:36 2021 +0800

    Check the return value of ossl_bio_new_from_core_bio()
    
    There are missing checks of its return value in 8 different spots.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17154)
    
    (cherry picked from commit 352a0bcaab8eda18cce786d2871e8d4ec6f9cbfe)

-----------------------------------------------------------------------

Summary of changes:
 providers/implementations/encode_decode/decode_epki2pki.c   |  6 +++++-
 providers/implementations/encode_decode/decode_msblob2key.c |  3 +++
 providers/implementations/encode_decode/decode_pem2der.c    |  6 +++++-
 providers/implementations/encode_decode/decode_pvk2key.c    |  3 +++
 providers/implementations/encode_decode/encode_key2blob.c   |  6 +++++-
 providers/implementations/encode_decode/encode_key2ms.c     | 12 ++++++++----
 providers/implementations/encode_decode/endecoder_common.c  |  5 ++++-
 7 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/providers/implementations/encode_decode/decode_epki2pki.c b/providers/implementations/encode_decode/decode_epki2pki.c
index 66f4ff659d..a997629aaa 100644
--- a/providers/implementations/encode_decode/decode_epki2pki.c
+++ b/providers/implementations/encode_decode/decode_epki2pki.c
@@ -68,8 +68,12 @@ static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
     PKCS8_PRIV_KEY_INFO *p8inf = NULL;
     const X509_ALGOR *alg = NULL;
     BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin);
-    int ok = (asn1_d2i_read_bio(in, &mem) >= 0);
+    int ok = 0;
 
+    if (in == NULL)
+        return 0;
+
+    ok = (asn1_d2i_read_bio(in, &mem) >= 0);
     BIO_free(in);
 
     /* We return "empty handed".  This is not an error. */
diff --git a/providers/implementations/encode_decode/decode_msblob2key.c b/providers/implementations/encode_decode/decode_msblob2key.c
index 0508e68b32..0445721171 100644
--- a/providers/implementations/encode_decode/decode_msblob2key.c
+++ b/providers/implementations/encode_decode/decode_msblob2key.c
@@ -93,6 +93,9 @@ static int msblob2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
     void *key = NULL;
     int ok = 0;
 
+    if (in == NULL)
+        return 0;
+
     if (BIO_read(in, hdr_buf, 16) != 16) {
         ERR_raise(ERR_LIB_PEM, PEM_R_KEYBLOB_TOO_SHORT);
         goto next;
diff --git a/providers/implementations/encode_decode/decode_pem2der.c b/providers/implementations/encode_decode/decode_pem2der.c
index 6c537d26ae..1d5d30968f 100644
--- a/providers/implementations/encode_decode/decode_pem2der.c
+++ b/providers/implementations/encode_decode/decode_pem2der.c
@@ -33,7 +33,11 @@ static int read_pem(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
                     unsigned char **data, long *len)
 {
     BIO *in = ossl_bio_new_from_core_bio(provctx, cin);
-    int ok = (PEM_read_bio(in, pem_name, pem_header, data, len) > 0);
+    int ok;
+
+    if (in == NULL)
+        return 0;
+    ok = (PEM_read_bio(in, pem_name, pem_header, data, len) > 0);
 
     BIO_free(in);
     return ok;
diff --git a/providers/implementations/encode_decode/decode_pvk2key.c b/providers/implementations/encode_decode/decode_pvk2key.c
index 32206fe84d..7169aef2f4 100644
--- a/providers/implementations/encode_decode/decode_pvk2key.c
+++ b/providers/implementations/encode_decode/decode_pvk2key.c
@@ -88,6 +88,9 @@ static int pvk2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
     void *key = NULL;
     int ok = 0;
 
+    if (in == NULL)
+        return 0;
+
     ctx->selection = selection;
 
     if ((selection == 0
diff --git a/providers/implementations/encode_decode/encode_key2blob.c b/providers/implementations/encode_decode/encode_key2blob.c
index 19a7d171db..d4cc2e7cdc 100644
--- a/providers/implementations/encode_decode/encode_key2blob.c
+++ b/providers/implementations/encode_decode/encode_key2blob.c
@@ -30,7 +30,11 @@ static int write_blob(void *provctx, OSSL_CORE_BIO *cout,
                       void *data, int len)
 {
     BIO *out = ossl_bio_new_from_core_bio(provctx, cout);
-    int ret = BIO_write(out, data, len);
+    int ret;
+
+    if (out == NULL)
+        return 0;
+    ret = BIO_write(out, data, len);
 
     BIO_free(out);
     return ret;
diff --git a/providers/implementations/encode_decode/encode_key2ms.c b/providers/implementations/encode_decode/encode_key2ms.c
index 81528fefb6..15077954a4 100644
--- a/providers/implementations/encode_decode/encode_key2ms.c
+++ b/providers/implementations/encode_decode/encode_key2ms.c
@@ -39,8 +39,11 @@ static int write_msblob(struct key2ms_ctx_st *ctx, OSSL_CORE_BIO *cout,
                         EVP_PKEY *pkey, int ispub)
 {
     BIO *out = ossl_bio_new_from_core_bio(ctx->provctx, cout);
-    int ret =
-        ispub ? i2b_PublicKey_bio(out, pkey) : i2b_PrivateKey_bio(out, pkey);
+    int ret;
+
+    if (out == NULL)
+        return 0;
+    ret = ispub ? i2b_PublicKey_bio(out, pkey) : i2b_PrivateKey_bio(out, pkey);
 
     BIO_free(out);
     return ret;
@@ -50,14 +53,15 @@ static int write_pvk(struct key2ms_ctx_st *ctx, OSSL_CORE_BIO *cout,
                      EVP_PKEY *pkey)
 {
     BIO *out = NULL;
-    int ret = 0;
+    int ret;
     OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
 
     out = ossl_bio_new_from_core_bio(ctx->provctx, cout);
+    if (out == NULL)
+        return 0;
     ret = i2b_PVK_bio_ex(out, pkey, ctx->pvk_encr_level,
                          ossl_pw_pvk_password, &ctx->pwdata, libctx, NULL);
     BIO_free(out);
-
     return ret;
 }
 
diff --git a/providers/implementations/encode_decode/endecoder_common.c b/providers/implementations/encode_decode/endecoder_common.c
index 7071bcc23a..337847b661 100644
--- a/providers/implementations/encode_decode/endecoder_common.c
+++ b/providers/implementations/encode_decode/endecoder_common.c
@@ -89,8 +89,11 @@ int ossl_read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin,  unsigned char **data,
 {
     BUF_MEM *mem = NULL;
     BIO *in = ossl_bio_new_from_core_bio(provctx, cin);
-    int ok = (asn1_d2i_read_bio(in, &mem) >= 0);
+    int ok;
 
+    if (in == NULL)
+        return 0;
+    ok = (asn1_d2i_read_bio(in, &mem) >= 0);
     if (ok) {
         *data = (unsigned char *)mem->data;
         *len = (long)mem->length;

More information about the openssl-commits mailing list