[openssl/openssl] 42a8ef: Fix usage of deallocated EVP_RAND_CTX after execut...

kabr noreply at github.com
Mon Jun 24 17:04:57 UTC 2024


  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 42a8ef844e5fca55abb608beb62695abe80c6b6d
      https://github.com/openssl/openssl/commit/42a8ef844e5fca55abb608beb62695abe80c6b6d
  Author: Karol Brzuskiewicz <kabr at arista.com>
  Date:   2024-06-24 (Mon, 24 Jun 2024)

  Changed paths:
    M providers/fips/self_test_kats.c
    M test/provider_status_test.c

  Log Message:
  -----------
  Fix usage of deallocated EVP_RAND_CTX after execution of FIPS on-demand self tests

Once RNG is used, triggering FIPS on-demand self tests (via
OSSL_PROVIDER_self_test() API) crashes the application. This happens because the
RNG context is stored before self tests, and restored after their execution.
In the meantime - before context restoration - RAND_set0_private() function is
called, which decrements the stored RNG context reference counter and frees it.
To resolve the issue, the stored RNG context refcount has been incremented via
the EVP_RAND_CTX_up_ref() API to avoid its deallocation during the RNG context
switch performed by the self test function.
The provider_status_test test has been updated to reproduce the issue as
a regression test.

Signed-off-by: Karol Brzuskiewicz <kabr at arista.com>

Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove at arm.com>
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24599)



To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications


More information about the openssl-commits mailing list