[openssl/openssl] ec2906: gate calling of evp_method_id on having a non-zero...

Neil Horman noreply at github.com
Mon Jan 1 18:29:55 UTC 2024


  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: ec290623e3eac42357189bf7c242ca7b18be1bc4
      https://github.com/openssl/openssl/commit/ec290623e3eac42357189bf7c242ca7b18be1bc4
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2024-01-01 (Mon, 01 Jan 2024)

  Changed paths:
    M crypto/evp/evp_fetch.c
    M test/evp_extra_test2.c

  Log Message:
  -----------
  gate calling of evp_method_id on having a non-zero name id

If a name is passed to EVP_<OBJ>_fetch of the form:
name1:name2:name3

The names are parsed on the separator ':' and added to the store, but
during the lookup in inner_evp_generic_fetch, the subsequent search of
the store uses the full name1:name2:name3 string, which fails lookup,
and causes subsequent assertion failures in evp_method_id.

instead catch the failure in inner_evp_generic_fetch and return an error
code if the name_id against a colon separated list of names fails.  This
provides a graceful error return path without asserts, and leaves room
for a future feature in which such formatted names can be parsed and
searched for iteratively

Add a simple test to verify that providing a colon separated name
results in an error indicating an invalid lookup.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Todd Short <todd.short at me.com>
(Merged from https://github.com/openssl/openssl/pull/23110)

(cherry picked from commit 94be985cbcc1f0a5cf4f172d4a8d06c5c623122b)




More information about the openssl-commits mailing list