[openssl] openssl-3.0 update
tomas at openssl.org
tomas at openssl.org
Mon Jan 17 15:23:35 UTC 2022
The branch openssl-3.0 has been updated
via 8bb90f43aa732efb9530edc2ab3767b228d5d9da (commit)
via 554addd65b6ce9ee0b8f1d6c4115ef192d693f4f (commit)
from ba4f941b081897747e8432296cd14bebafc97920 (commit)
- Log -----------------------------------------------------------------
commit 8bb90f43aa732efb9530edc2ab3767b228d5d9da
Author: Tomas Mraz <tomas at openssl.org>
Date: Thu Jan 13 19:01:33 2022 +0100
Do not call ossl_ffc_name_to_dh_named_group with NULL argument
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)
(cherry picked from commit 3b53f88c008d288e86d2bbdc0c4e2d16c29fcee8)
commit 554addd65b6ce9ee0b8f1d6c4115ef192d693f4f
Author: Tomas Mraz <tomas at openssl.org>
Date: Thu Jan 13 19:00:13 2022 +0100
Properly return error on EVP_PKEY_CTX_set_dh_nid and EVP_PKEY_CTX_set_dhx_rfc5114
Fixes #17485
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)
(cherry picked from commit f58bb2dd00c3004552c5c1e8d0f2c1390c004cf8)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/ctrl_params_translate.c | 23 +++++++++++++++++------
crypto/ffc/ffc_backend.c | 1 +
providers/implementations/keymgmt/dh_kmgmt.c | 1 +
3 files changed, 19 insertions(+), 6 deletions(-)
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
index f6a2d1d0f8..3dd3e8f995 100644
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -1004,8 +1004,11 @@ static int fix_dh_nid(enum state state,
return 0;
if (state == PRE_CTRL_TO_PARAMS) {
- ctx->p2 = (char *)ossl_ffc_named_group_get_name
- (ossl_ffc_uid_to_dh_named_group(ctx->p1));
+ if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name
+ (ossl_ffc_uid_to_dh_named_group(ctx->p1))) == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE);
+ return 0;
+ }
ctx->p1 = 0;
}
@@ -1028,16 +1031,24 @@ static int fix_dh_nid5114(enum state state,
switch (state) {
case PRE_CTRL_TO_PARAMS:
- ctx->p2 = (char *)ossl_ffc_named_group_get_name
- (ossl_ffc_uid_to_dh_named_group(ctx->p1));
+ if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name
+ (ossl_ffc_uid_to_dh_named_group(ctx->p1))) == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE);
+ return 0;
+ }
+
ctx->p1 = 0;
break;
case PRE_CTRL_STR_TO_PARAMS:
if (ctx->p2 == NULL)
return 0;
- ctx->p2 = (char *)ossl_ffc_named_group_get_name
- (ossl_ffc_uid_to_dh_named_group(atoi(ctx->p2)));
+ if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name
+ (ossl_ffc_uid_to_dh_named_group(atoi(ctx->p2)))) == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE);
+ return 0;
+ }
+
ctx->p1 = 0;
break;
diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c
index b227186934..b387f966cc 100644
--- a/crypto/ffc/ffc_backend.c
+++ b/crypto/ffc/ffc_backend.c
@@ -37,6 +37,7 @@ int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[])
const DH_NAMED_GROUP *group = NULL;
if (prm->data_type != OSSL_PARAM_UTF8_STRING
+ || prm->data == NULL
|| (group = ossl_ffc_name_to_dh_named_group(prm->data)) == NULL
|| !ossl_ffc_named_group_set_pqg(ffc, group))
#endif
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index 98eb882e3f..ab8ef3ac52 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -532,6 +532,7 @@ static int dh_gen_common_set_params(void *genctx, const OSSL_PARAM params[])
const DH_NAMED_GROUP *group = NULL;
if (p->data_type != OSSL_PARAM_UTF8_STRING
+ || p->data == NULL
|| (group = ossl_ffc_name_to_dh_named_group(p->data)) == NULL
|| ((gctx->group_nid =
ossl_ffc_named_group_get_uid(group)) == NID_undef)) {
More information about the openssl-commits
mailing list