diff options
| author | tb <> | 2022-03-30 07:17:48 +0000 |
|---|---|---|
| committer | tb <> | 2022-03-30 07:17:48 +0000 |
| commit | e37e2d88f1b7f6fa2c53768b8e72b0feb994f303 (patch) | |
| tree | 72b724c025f962efef48775cfbde97ec5e9a05be | |
| parent | 61f74e26e813f57f5d3216e979c10957e0548893 (diff) | |
| download | openbsd-e37e2d88f1b7f6fa2c53768b8e72b0feb994f303.tar.gz openbsd-e37e2d88f1b7f6fa2c53768b8e72b0feb994f303.tar.bz2 openbsd-e37e2d88f1b7f6fa2c53768b8e72b0feb994f303.zip | |
Avoid segfaults in EVP_PKEY_CTX_free()
It is possible to call pmeth->cleanup() with an EVP_PKEY_CTX whose data
is NULL. If pmeth->init() in int_ctx_new() fails, EVP_PKEY_CTX_free() is
called with such a context. This in turn calls pmeth->cleanup(), and thus
these cleanup functions must be careful not to use NULL data. Most of
them are, but one of GOST's functions and HMAC's aren't.
Reported for HMAC by Masaru Masada
https://github.com/libressl-portable/openbsd/issues/129
ok bcook jsing
| -rw-r--r-- | src/lib/libcrypto/gost/gostr341001_pmeth.c | 7 | ||||
| -rw-r--r-- | src/lib/libcrypto/hmac/hm_pmeth.c | 7 |
2 files changed, 10 insertions, 4 deletions
diff --git a/src/lib/libcrypto/gost/gostr341001_pmeth.c b/src/lib/libcrypto/gost/gostr341001_pmeth.c index b668761e67..ae39b05901 100644 --- a/src/lib/libcrypto/gost/gostr341001_pmeth.c +++ b/src/lib/libcrypto/gost/gostr341001_pmeth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: gostr341001_pmeth.c,v 1.15 2022/01/07 09:40:03 tb Exp $ */ | 1 | /* $OpenBSD: gostr341001_pmeth.c,v 1.16 2022/03/30 07:17:48 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 3 | * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> |
| 4 | * Copyright (c) 2005-2006 Cryptocom LTD | 4 | * Copyright (c) 2005-2006 Cryptocom LTD |
| @@ -175,7 +175,10 @@ pkey_gost01_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) | |||
| 175 | static void | 175 | static void |
| 176 | pkey_gost01_cleanup(EVP_PKEY_CTX *ctx) | 176 | pkey_gost01_cleanup(EVP_PKEY_CTX *ctx) |
| 177 | { | 177 | { |
| 178 | struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); | 178 | struct gost_pmeth_data *data; |
| 179 | |||
| 180 | if ((data = EVP_PKEY_CTX_get_data(ctx)) == NULL) | ||
| 181 | return; | ||
| 179 | 182 | ||
| 180 | free(data->shared_ukm); | 183 | free(data->shared_ukm); |
| 181 | free(data); | 184 | free(data); |
diff --git a/src/lib/libcrypto/hmac/hm_pmeth.c b/src/lib/libcrypto/hmac/hm_pmeth.c index 676305fdcb..4017f570b8 100644 --- a/src/lib/libcrypto/hmac/hm_pmeth.c +++ b/src/lib/libcrypto/hmac/hm_pmeth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: hm_pmeth.c,v 1.12 2022/03/30 07:12:30 tb Exp $ */ | 1 | /* $OpenBSD: hm_pmeth.c,v 1.13 2022/03/30 07:17:48 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2007. | 3 | * project 2007. |
| 4 | */ | 4 | */ |
| @@ -116,7 +116,10 @@ pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) | |||
| 116 | static void | 116 | static void |
| 117 | pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) | 117 | pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) |
| 118 | { | 118 | { |
| 119 | HMAC_PKEY_CTX *hctx = ctx->data; | 119 | HMAC_PKEY_CTX *hctx; |
| 120 | |||
| 121 | if ((hctx = ctx->data) == NULL) | ||
| 122 | return; | ||
| 120 | 123 | ||
| 121 | HMAC_CTX_cleanup(&hctx->ctx); | 124 | HMAC_CTX_cleanup(&hctx->ctx); |
| 122 | freezero(hctx->ktmp.data, hctx->ktmp.length); | 125 | freezero(hctx->ktmp.data, hctx->ktmp.length); |