Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix d2i_AutoPrivateKey_ex so that is uses the new decoder (and produces non legacy keys). #13591

Closed
wants to merge 1 commit into from
Closed

Fix d2i_AutoPrivateKey_ex so that is uses the new decoder (and produces non legacy keys). #13591

wants to merge 1 commit into from

Conversation

slontis
Copy link
Member

@slontis slontis commented Dec 2, 2020

Fixes #13522

Checklist
  • documentation is added or updated
  • tests are added or updated

@slontis slontis added branch: master Merge to master branch triaged: OTC evaluated This issue/pr was triaged by OTC labels Dec 2, 2020
@slontis slontis added this to the 3.0.0 beta1 milestone Dec 2, 2020
@slontis
Copy link
Member Author

slontis commented Dec 2, 2020

@levitte - this produces an interesting failure in the fuzz tests..

dumpasn1 fuzz/corpora/asn1/2b5bdcbf1810066fcc04831b9b60365150e5340c
0 18: SEQUENCE {
2 9: SEQUENCE {
4 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: }
13 5: BIT STRING
: '11000100000000001000000001000000'B
: }

Basically there are no domain params in this data so when it goes to cache it tries to access dsa->param and falls over..
I am not sure where we need to check for bad data during the decoding process, but this is obviously a bit of a problem.

slontis
slontis commented Dec 2, 2020
View reviewed changes
crypto/asn1/d2i_pr.c Outdated Show resolved Hide resolved
@slontis slontis changed the title Fix d2i_AutoPrivateKey_ex so that is uses the new decoder (and produces non legay keys). Fix d2i_AutoPrivateKey_ex so that is uses the new decoder (and produces non legacy keys). Dec 2, 2020
levitte
levitte requested changes Dec 2, 2020
View reviewed changes
crypto/asn1/d2i_pr.c Outdated Show resolved Hide resolved
crypto/asn1/d2i_pr.c Outdated Show resolved Hide resolved
levitte
levitte reviewed Dec 2, 2020
View reviewed changes
crypto/asn1/d2i_pr.c Outdated Show resolved Hide resolved
levitte
levitte reviewed Dec 2, 2020
View reviewed changes
crypto/asn1/d2i_pr.c Outdated Show resolved Hide resolved
@kroeckx
Copy link
Member

kroeckx commented Dec 2, 2020

Why doesn't the ci fuzz target complain about the issue?

@kroeckx kroeckx mentioned this pull request Dec 2, 2020
Open
@slontis
Copy link
Member Author

slontis commented Dec 2, 2020

Why doesn't the ci fuzz target complain about the issue?

Not sure. It was failing locally..

@kroeckx
Copy link
Member

kroeckx commented Dec 2, 2020

I've opened an issue at google/oss-fuzz#4767

@slontis slontis mentioned this pull request Dec 4, 2020
Closed
levitte
levitte reviewed Dec 4, 2020
View reviewed changes
crypto/evp/p_lib.c Outdated Show resolved Hide resolved
levitte
levitte previously approved these changes Dec 4, 2020
View reviewed changes
@levitte levitte added approval: done This pull request has the required number of approvals and removed approval: done This pull request has the required number of approvals labels Dec 4, 2020
@levitte levitte dismissed their stale review December 4, 2020 06:45

I approved too soon... CIs are unhappy

@slontis
Copy link
Member Author

slontis commented Dec 4, 2020

They are unhappy because of the issue I just reported :)

@slontis slontis closed this Dec 7, 2020
@slontis slontis reopened this Dec 7, 2020
@slontis
Copy link
Member Author

slontis commented Dec 7, 2020

CI loop is happy now that the DSA_size() NULL checks have been added.

@levitte levitte added the approval: done This pull request has the required number of approvals label Dec 8, 2020
@openssl-machine openssl-machine removed the approval: done This pull request has the required number of approvals label Dec 9, 2020
@openssl-machine
Copy link
Collaborator

This pull request is ready to merge

@openssl-machine openssl-machine added the approval: ready to merge The 24 hour grace period has passed, ready to merge label Dec 9, 2020
@t8m t8m added the hold: need otc decision The OTC needs to make a decision label Dec 9, 2020
@jon-oracle
Copy link
Contributor

Ping

@t8m t8m added approval: review pending This pull request needs review by a committer and removed approval: ready to merge The 24 hour grace period has passed, ready to merge labels Jan 18, 2021
@slontis
Copy link
Member Author

slontis commented Jan 20, 2021

ping

@levitte levitte mentioned this pull request Jan 25, 2021
Merged
@slontis slontis closed this Feb 1, 2021
@slontis slontis reopened this Feb 1, 2021
@paulnelsontx paulnelsontx self-assigned this Feb 4, 2021
@slontis
Copy link
Member Author

slontis commented Feb 8, 2021

ping

@slontis slontis closed this Feb 8, 2021
@slontis slontis reopened this Feb 8, 2021
@slontis
Copy link
Member Author

slontis commented Feb 8, 2021

looks like this doesnt build now :)

@slontis
Copy link
Member Author

slontis commented Feb 8, 2021

Rebase and removed duplicate function evp_pkey_type2name.

@slontis slontis closed this Feb 12, 2021
@slontis slontis reopened this Feb 12, 2021
@slontis
Copy link
Member Author

slontis commented Feb 12, 2021

Rebased again..
ping.

@jon-oracle jon-oracle mentioned this pull request Feb 16, 2021
Closed
@slontis
Copy link
Member Author

slontis commented Feb 16, 2021

ping

@paulidale paulidale added the approval: done This pull request has the required number of approvals label Feb 18, 2021
@openssl-machine openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Feb 19, 2021
@openssl-machine
Copy link
Collaborator

This pull request is ready to merge

@slontis slontis removed the approval: review pending This pull request needs review by a committer label Feb 19, 2021
openssl-machine pushed a commit that referenced this pull request Feb 19, 2021
@slontis
Fix d2i_AutoPrivateKey_ex so that is uses the new decoder (and produces
576892d 
non legacy keys).

Fixes #13522

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from #13591)
@slontis
Copy link
Member Author

slontis commented Feb 19, 2021

Thanks for reviewing. Merged to master.

@slontis slontis closed this Feb 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulidale paulidale paulidale approved these changes

@levitte levitte Awaiting requested review from levitte

Assignees

@paulnelsontx paulnelsontx

Labels
approval: ready to merge The 24 hour grace period has passed, ready to merge branch: master Merge to master branch triaged: OTC evaluated This issue/pr was triaged by OTC
Projects
None yet
Milestone
3.0.0 beta1
Development

Successfully merging this pull request may close these issues.

Cannot retrieve parameters from DH key created using d2i_AutoPrivateKey_ex()
8 participants
@slontis @kroeckx @openssl-machine @t8m @levitte @jon-oracle @paulidale @paulnelsontx