wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make EVP_PKEY_asn1_new() stricter with its input

Browse source 
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6880)
This commit is contained in:
Richard Levitte 2018-08-07 04:55:47 +02:00
parent 3ef97bd8cb
commit 38eca7fed0
3 changed files with 36 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
CHANGES
View file

@ -9,6 +9,11 @@
Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] Changes between 1.1.0h and 1.1.1 [xx XXX xxxx]
*) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
parameter is no longer accepted, as it leads to a corrupt table. NULL
pem_str is reserved for alias entries only.
[Richard Levitte]
*) Use the new ec_scalar_mul_ladder scaffold to implement a specialized ladder *) Use the new ec_scalar_mul_ladder scaffold to implement a specialized ladder
step for prime curves. The new implementation is based on formulae from step for prime curves. The new implementation is based on formulae from
differential addition-and-doubling in homogeneous projective coordinates differential addition-and-doubling in homogeneous projective coordinates

12
crypto/asn1/ameth_lib.c
View file

@ -216,6 +216,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
goto err; goto err;
} }
/*
* One of the following must be true:
*
* pem_str == NULL AND ASN1_PKEY_ALIAS is set
* pem_str != NULL AND ASN1_PKEY_ALIAS is clear
*
* Anything else is an error and may lead to a corrupt ASN1 method table
*/
if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
|| (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
goto err;
if (pem_str) { if (pem_str) {
ameth->pem_str = OPENSSL_strdup(pem_str); ameth->pem_str = OPENSSL_strdup(pem_str);
if (!ameth->pem_str) if (!ameth->pem_str)

20
test/asn1_internal_test.c
View file

@ -67,6 +67,7 @@ static int test_standard_methods(void)
const EVP_PKEY_ASN1_METHOD **tmp; const EVP_PKEY_ASN1_METHOD **tmp;
int last_pkey_id = -1; int last_pkey_id = -1;
size_t i; size_t i;
int ok = 1;
for (tmp = standard_methods, i = 0; i < OSSL_NELEM(standard_methods); for (tmp = standard_methods, i = 0; i < OSSL_NELEM(standard_methods);
i++, tmp++) { i++, tmp++) {
@ -75,11 +76,28 @@ static int test_standard_methods(void)
break; break;
} }
last_pkey_id = (*tmp)->pkey_id; last_pkey_id = (*tmp)->pkey_id;
/*
* One of the following must be true:
*
* pem_str == NULL AND ASN1_PKEY_ALIAS is set
* pem_str != NULL AND ASN1_PKEY_ALIAS is clear
*
* Anything else is an error and may lead to a corrupt ASN1 method table
*/
if (!TEST_true((*tmp)->pem_str == NULL &&
((*tmp)->pkey_flags & ASN1_PKEY_ALIAS) != 0)
&& !TEST_true((*tmp)->pem_str != NULL &&
((*tmp)->pkey_flags & ASN1_PKEY_ALIAS) == 0)) {
TEST_note("asn1 standard methods: Index %zu, pkey ID %d, Name=%s",
i, (*tmp)->pkey_id, OBJ_nid2sn((*tmp)->pkey_id));
ok = 0;
}
} }
if (TEST_int_ne(last_pkey_id, 0)) { if (TEST_int_ne(last_pkey_id, 0)) {
TEST_info("asn1 standard methods: Table order OK"); TEST_info("asn1 standard methods: Table order OK");
return 1; return ok;
} }
TEST_note("asn1 standard methods: out of order"); TEST_note("asn1 standard methods: out of order");