[openssl] openssl-3.0 update

tomas at openssl.org tomas at openssl.org
Mon Jan 17 15:23:35 UTC 2022


The branch openssl-3.0 has been updated
       via  8bb90f43aa732efb9530edc2ab3767b228d5d9da (commit)
       via  554addd65b6ce9ee0b8f1d6c4115ef192d693f4f (commit)
      from  ba4f941b081897747e8432296cd14bebafc97920 (commit)


- Log -----------------------------------------------------------------
commit 8bb90f43aa732efb9530edc2ab3767b228d5d9da
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu Jan 13 19:01:33 2022 +0100

    Do not call ossl_ffc_name_to_dh_named_group with NULL argument
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17498)
    
    (cherry picked from commit 3b53f88c008d288e86d2bbdc0c4e2d16c29fcee8)

commit 554addd65b6ce9ee0b8f1d6c4115ef192d693f4f
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu Jan 13 19:00:13 2022 +0100

    Properly return error on EVP_PKEY_CTX_set_dh_nid and EVP_PKEY_CTX_set_dhx_rfc5114
    
    Fixes #17485
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17498)
    
    (cherry picked from commit f58bb2dd00c3004552c5c1e8d0f2c1390c004cf8)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/ctrl_params_translate.c           | 23 +++++++++++++++++------
 crypto/ffc/ffc_backend.c                     |  1 +
 providers/implementations/keymgmt/dh_kmgmt.c |  1 +
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
index f6a2d1d0f8..3dd3e8f995 100644
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -1004,8 +1004,11 @@ static int fix_dh_nid(enum state state,
         return 0;
 
     if (state == PRE_CTRL_TO_PARAMS) {
-        ctx->p2 = (char *)ossl_ffc_named_group_get_name
-            (ossl_ffc_uid_to_dh_named_group(ctx->p1));
+        if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name
+             (ossl_ffc_uid_to_dh_named_group(ctx->p1))) == NULL) {
+            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE);
+            return 0;
+        }
         ctx->p1 = 0;
     }
 
@@ -1028,16 +1031,24 @@ static int fix_dh_nid5114(enum state state,
 
     switch (state) {
     case PRE_CTRL_TO_PARAMS:
-        ctx->p2 = (char *)ossl_ffc_named_group_get_name
-            (ossl_ffc_uid_to_dh_named_group(ctx->p1));
+        if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name
+             (ossl_ffc_uid_to_dh_named_group(ctx->p1))) == NULL) {
+            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE);
+            return 0;
+        }
+
         ctx->p1 = 0;
         break;
 
     case PRE_CTRL_STR_TO_PARAMS:
         if (ctx->p2 == NULL)
             return 0;
-        ctx->p2 = (char *)ossl_ffc_named_group_get_name
-            (ossl_ffc_uid_to_dh_named_group(atoi(ctx->p2)));
+        if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name
+             (ossl_ffc_uid_to_dh_named_group(atoi(ctx->p2)))) == NULL) {
+            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE);
+            return 0;
+        }
+
         ctx->p1 = 0;
         break;
 
diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c
index b227186934..b387f966cc 100644
--- a/crypto/ffc/ffc_backend.c
+++ b/crypto/ffc/ffc_backend.c
@@ -37,6 +37,7 @@ int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[])
         const DH_NAMED_GROUP *group = NULL;
 
         if (prm->data_type != OSSL_PARAM_UTF8_STRING
+            || prm->data == NULL
             || (group = ossl_ffc_name_to_dh_named_group(prm->data)) == NULL
             || !ossl_ffc_named_group_set_pqg(ffc, group))
 #endif
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index 98eb882e3f..ab8ef3ac52 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -532,6 +532,7 @@ static int dh_gen_common_set_params(void *genctx, const OSSL_PARAM params[])
         const DH_NAMED_GROUP *group = NULL;
 
         if (p->data_type != OSSL_PARAM_UTF8_STRING
+            || p->data == NULL
             || (group = ossl_ffc_name_to_dh_named_group(p->data)) == NULL
             || ((gctx->group_nid =
                  ossl_ffc_named_group_get_uid(group)) == NID_undef)) {


More information about the openssl-commits mailing list