Fix for a segv interrupt that occurs when fix_dh_rfc5114 is called with

ctx->p2 being a null pointer. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #16913) (cherry picked from commit 07e6c85)
openssl · Nov 5, 2021 · 09d9126 · 09d9126
1 parent cc350c8
commit 09d9126
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 2 deletions.
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
@@ -1026,10 +1026,23 @@ static int fix_dh_nid5114(enum state state,
     if (ctx->action_type != SET)
         return 0;
 
-    if (state == PRE_CTRL_STR_TO_PARAMS) {
+    switch (state) {
+    case PRE_CTRL_TO_PARAMS:
+        ctx->p2 = (char *)ossl_ffc_named_group_get_name
+            (ossl_ffc_uid_to_dh_named_group(ctx->p1));
+        ctx->p1 = 0;
+        break;
+
+    case PRE_CTRL_STR_TO_PARAMS:
+        if (ctx->p2 == NULL)
+            return 0;
         ctx->p2 = (char *)ossl_ffc_named_group_get_name
             (ossl_ffc_uid_to_dh_named_group(atoi(ctx->p2)));
         ctx->p1 = 0;
+        break;
+
+    default:
+        break;
     }
 
     return default_fixup_args(state, translation, ctx);
@@ -2741,4 +2754,3 @@ int evp_pkey_get_params_to_ctrl(const EVP_PKEY *pkey, OSSL_PARAM *params)
 {
     return evp_pkey_setget_params_to_ctrl(pkey, GET, params);
 }
-
diff --git a/test/dhtest.c b/test/dhtest.c
@@ -730,6 +730,27 @@ static int dh_test_prime_groups(int index)
     return ok;
 }
 
+static int dh_rfc5114_fix_nid_test(void)
+{
+    int ok = 0;
+    EVP_PKEY_CTX *paramgen_ctx;
+
+    /* Run the test. Success is any time the test does not cause a SIGSEGV interrupt */
+    paramgen_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DHX, 0);
+    if (!TEST_ptr(paramgen_ctx))
+        goto err;
+    if (!TEST_int_eq(EVP_PKEY_paramgen_init(paramgen_ctx), 1))
+        goto err;
+    /* Tested function is called here */
+    if (!TEST_int_eq(EVP_PKEY_CTX_set_dhx_rfc5114(paramgen_ctx, 3), 1))
+        goto err;
+    /* If we're still running then the test passed. */
+    ok = 1;
+err:
+    EVP_PKEY_CTX_free(paramgen_ctx);
+    return ok;
+}
+
 static int dh_get_nid(void)
 {
     int ok = 0;
@@ -876,6 +897,7 @@ int setup_tests(void)
     ADD_ALL_TESTS(dh_test_prime_groups, OSSL_NELEM(prime_groups));
     ADD_TEST(dh_get_nid);
     ADD_TEST(dh_load_pkcs3_namedgroup_privlen_test);
+    ADD_TEST(dh_rfc5114_fix_nid_test);
 #endif
     return 1;
 }