Fix for a segv interrupt that occurs when fix_dh_rfc5114 is called with

ctx->p2 being a null pointer. Reviewed-by: N Tomas Mraz <tomas@openssl.org> Reviewed-by: N Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16913)

Fix for a segv interrupt that occurs when fix_dh_rfc5114 is called with
ctx->p2 being a null pointer. Reviewed-by: N Tomas Mraz <tomas@openssl.org> Reviewed-by: N Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16913)
07e6c857 · Phil Mesnier · Pauli · d355c879 · 07e6c857 · 07e6c857
隐藏空白更改
内联并排

Showing with 36 addition and 2 deletion

crypto/evp/ctrl_params_translate.c crypto/evp/ctrl_params_translate.c +14 -2

test/dhtest.c test/dhtest.c +22 -0

未找到文件。
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -1026,10 +1026,23 @@ static int fix_dh_nid5114(enum state state,
    if (ctx->action_type != SET)
        return 0;

-    if (state == PRE_CTRL_STR_TO_PARAMS) {
+    switch (state) {
+    case PRE_CTRL_TO_PARAMS:
+        ctx->p2 = (char *)ossl_ffc_named_group_get_name
+            (ossl_ffc_uid_to_dh_named_group(ctx->p1));
+        ctx->p1 = 0;
+        break;
+
+    case PRE_CTRL_STR_TO_PARAMS:
+        if (ctx->p2 == NULL)
+            return 0;
        ctx->p2 = (char *)ossl_ffc_named_group_get_name
            (ossl_ffc_uid_to_dh_named_group(atoi(ctx->p2)));
        ctx->p1 = 0;
+        break;
+
+    default:
+        break;
    }

    return default_fixup_args(state, translation, ctx);
@@ -2741,4 +2754,3 @@ int evp_pkey_get_params_to_ctrl(const EVP_PKEY *pkey, OSSL_PARAM *params)
 {
    return evp_pkey_setget_params_to_ctrl(pkey, GET, params);
 }
-
--- a/test/dhtest.c
+++ b/test/dhtest.c
@@ -730,6 +730,27 @@ err:
    return ok;
 }

+static int dh_rfc5114_fix_nid_test(void)
+{
+    int ok = 0;
+    EVP_PKEY_CTX *paramgen_ctx;
+
+    /* Run the test. Success is any time the test does not cause a SIGSEGV interrupt */
+    paramgen_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DHX, 0);
+    if (!TEST_ptr(paramgen_ctx))
+        goto err;
+    if (!TEST_int_eq(EVP_PKEY_paramgen_init(paramgen_ctx), 1))
+        goto err;
+    /* Tested function is called here */
+    if (!TEST_int_eq(EVP_PKEY_CTX_set_dhx_rfc5114(paramgen_ctx, 3), 1))
+        goto err;
+    /* If we're still running then the test passed. */
+    ok = 1;
+err:
+    EVP_PKEY_CTX_free(paramgen_ctx);
+    return ok;
+}
+
 static int dh_get_nid(void)
 {
    int ok = 0;
@@ -876,6 +897,7 @@ int setup_tests(void)
    ADD_ALL_TESTS(dh_test_prime_groups, OSSL_NELEM(prime_groups));
    ADD_TEST(dh_get_nid);
    ADD_TEST(dh_load_pkcs3_namedgroup_privlen_test);
+    ADD_TEST(dh_rfc5114_fix_nid_test);
 #endif
    return 1;
 }