New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DH: Make DH_bits(), DH_size(), and DH_security_bits() check that there are key parameters #13955
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
a0b97e6
to
09ebf14
Compare
…e are key parameters Fixes openssl#13569 Signed-off-by: Sahana Prasad <sahana@redhat.com>
09ebf14
to
31fd062
Compare
I'm concerned that this changes a function that never failed to
something that can fail. It will at least need to update the
manpage that it can now fail, and we should update the internal
callers to check that error.
But I prefer that the code that called this function was changed
instead to not call it, it seems to be it should have seen that
error itself.
|
The fix is similar to #13611. I don't see any reason for these functions to behave differently |
Tomáš Mráz wrote:
@kroeckx A crash is also a failure, isn't it? Anyway, you're right that #13569 indicates some deeper issue in the decoder or related code.
Changes in deprecated API?
Why OpenSSL team would like to invest time to improve deprecated?
Existing code must do checks before to call functions.
New code must not use those functions.
On top on this *size() functions are broken by initial design. Expected results is from size_t type.
Note that for all those functions zero is also invalid value.
If a program chars in *_security_bits() because on NULL argument this program has serious issue at all.
Another point - strlen(). More or less but NULL argument is not described in specifications. To avoid crashed program code do NULL checks before to pass argument.
Why some functions should differ from this?
I cannot see rationale of non stop attribute checks .
To be honest I prefer to mark most of attributes as nonnull instead.
Regards,
Roumen Petrov
|
I'm looking at this PR now, and while I can understand the simplicity, it also indicates a deeper problem. Basically, those parameters should never be NULL, so the problem may lie elsewhere. Incidently, #14191 fixes some problems we have observed, and we have issue #14192 that takes up another aspect where the decoder process lacks precision. I wouldn't be surprised if #14191 is enough a change that trying #13569 with that change gave a different outcome. |
I agree that the true fix for the #13569 lies elsewhere. However that does not mean this PR cannot stand by itself. Currently if you call DH_size() on dh returned directly from DH_new(), it will crash. And IMO that's something that can be corrected on master. |
Ah, that's a good point. So yeahok, and that light, I see no reason not to approve this. |
This pull request is ready to merge |
Merged. Many thanks! |
Fixes #13569
Signed-off-by: Sahana Prasad sahana@redhat.com
Checklist