[openssl/openssl] 08cfec: Fix usage of deallocated EVP_RAND_CTX after execut...
kabr
noreply at github.com
Mon Jun 24 17:05:03 UTC 2024
Branch: refs/heads/openssl-3.1
Home: https://github.com/openssl/openssl
Commit: 08cfec5d04748d5aaae856a91b007ae646977a43
https://github.com/openssl/openssl/commit/08cfec5d04748d5aaae856a91b007ae646977a43
Author: Karol Brzuskiewicz <kabr at arista.com>
Date: 2024-06-24 (Mon, 24 Jun 2024)
Changed paths:
M providers/fips/self_test_kats.c
M test/provider_status_test.c
Log Message:
-----------
Fix usage of deallocated EVP_RAND_CTX after execution of FIPS on-demand self tests
Once RNG is used, triggering FIPS on-demand self tests (via
OSSL_PROVIDER_self_test() API) crashes the application. This happens because the
RNG context is stored before self tests, and restored after their execution.
In the meantime - before context restoration - RAND_set0_private() function is
called, which decrements the stored RNG context reference counter and frees it.
To resolve the issue, the stored RNG context refcount has been incremented via
the EVP_RAND_CTX_up_ref() API to avoid its deallocation during the RNG context
switch performed by the self test function.
The provider_status_test test has been updated to reproduce the issue as
a regression test.
Signed-off-by: Karol Brzuskiewicz <kabr at arista.com>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove at arm.com>
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24599)
(cherry picked from commit 42a8ef844e5fca55abb608beb62695abe80c6b6d)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
More information about the openssl-commits
mailing list