[openssl-dev] [openssl.org #4149] [PATCH] ssl_set_pkey() unnecessarily updates certificates
Short, Todd via RT
rt at openssl.org
Sat Nov 21 03:12:28 UTC 2015
Hello OpenSSL.org
We have found the following issue in 1.0.2 and master branches of OpenSSL:
ssl_set_pkey() unnecessarily updates certificates
Some key types types (EC, DSA, DH, but not RSA) have separate parameters that are needed for correct operation. When ssl_set_pkey() is called (via SSL_use_PrivateKey), it copies these parameters from the newly set private key into the public key of the CERT structure. This could lead to a modification of the X509 structure while it is being used in another thread.
This parameter copy is unconditional, and always occurs during ssl_set_pkey(). The proposed solution is to modify the copy routine EVP_PKEY_copy_parameters() to check for parameter equality via the EVP_PKEY_cmp_parameters() function before doing the actual copy. If the parameters match, then success is returned and no copy is performed. (But also check to see if the parameters are there before the compare.)
This avoids unnecessary modification of the certificate structure and avoids the crash. The parameters may be copied on the first setting of the private key, but after that, the parameters will be equal and not copied any more.
There is minimal locking around the SSL_use_PrivateKey() and other corresponding code, so adding additional locking would not suffice.
A patch will be sent via github pull request, once a RT number is assigned.
--
-Todd Short
// tshort at akamai.com
// "One if by land, two if by sea, three if by the Internet."
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list