Fix for a segv in fix_dh_rfc5114 #16913
Conversation
crypto/evp/ctrl_params_translate.c
Outdated
| @@ -1026,9 +1026,9 @@ static int fix_dh_nid5114(enum state state, | |||
| if (ctx->action_type != SET) | |||
| return 0; | |||
|
|
|||
| if (state == PRE_CTRL_STR_TO_PARAMS) { | |||
| if (state == PRE_CTRL_TO_PARAMS || state == PRE_CTRL_STR_TO_PARAMS) { | |||
There was a problem hiding this comment.
I would separate the ifs for PRE_CTRL_TO_PARAMS and PRE_CTRL_STR_TO_PARAMS so that the ctx->p1 and ctx->p2 is used only in the appropriate cases.
There was a problem hiding this comment.
Thanks for the suggestion. I hadn't made a clear connection between the state values and the p* use.
test/dhtest.c
Outdated
| static int dh_rfc5114_fix_nid_test(void) | ||
| { | ||
| int ok = 0; | ||
| /**pretest initial */ |
test/dhtest.c
Outdated
| { | ||
| int ok = 0; | ||
| /**pretest initial */ | ||
| EVP_PKEY* params; |
There was a problem hiding this comment.
A space should be before * and not after.
test/dhtest.c
Outdated
| int ok = 0; | ||
| /**pretest initial */ | ||
| EVP_PKEY* params; | ||
| EVP_PKEY_CTX* paramgen_ctx; |
test/dhtest.c
Outdated
| if (1 == EVP_PKEY_paramgen_init(paramgen_ctx)) { | ||
| /* erronious function is called here */ | ||
| if (1 == EVP_PKEY_CTX_set_dhx_rfc5114(paramgen_ctx, 3)) { | ||
| /* if we're still running then the test passed. */ |
There was a problem hiding this comment.
- please do not use this reversed order of
==arguments. First should be the function invocation, second should be the constant. - the comments should be indented as the block/statement under that
- indentation is wrong - we use 4 spaces per level
t8m
added
branch: 3.0
| @@ -1026,10 +1026,22 @@ static int fix_dh_nid5114(enum state state, | |||
| if (ctx->action_type != SET) | |||
| return 0; | |||
|
|
|||
| if (state == PRE_CTRL_STR_TO_PARAMS) { | |||
| switch (state) { | |||
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
crypto/evp/ctrl_params_translate.c
Outdated
| ctx->p2 = (char *)ossl_ffc_named_group_get_name | ||
| (ossl_ffc_uid_to_dh_named_group(atoi(ctx->p2))); | ||
| ctx->p1 = 0; | ||
| break; | ||
| } | ||
| default:; |
crypto/evp/ctrl_params_translate.c
Outdated
| @@ -1026,10 +1026,22 @@ static int fix_dh_nid5114(enum state state, | |||
| if (ctx->action_type != SET) | |||
| return 0; | |||
|
|
|||
| if (state == PRE_CTRL_STR_TO_PARAMS) { | |||
| switch (state) { | |||
| case PRE_CTRL_TO_PARAMS: { | |||
There was a problem hiding this comment.
Do not use the unnecessary extra block {} marks.
test/dhtest.c
Outdated
| EVP_PKEY *params; | ||
| EVP_PKEY_CTX *paramgen_ctx; | ||
|
|
||
| /* run the test. success is any time the test does not cause a SIGSEGV interrupt */ |
There was a problem hiding this comment.
Nit: Please use uppercase at the beginning of sentences.
test/dhtest.c
Outdated
| params = EVP_PKEY_new(); | ||
| paramgen_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DHX, 0); | ||
| if (EVP_PKEY_paramgen_init(paramgen_ctx) == 1) { | ||
| /* erronious function is called here */ |
test/dhtest.c
Outdated
| EVP_PKEY_CTX *paramgen_ctx; | ||
|
|
||
| /* run the test. success is any time the test does not cause a SIGSEGV interrupt */ | ||
| params = EVP_PKEY_new(); |
There was a problem hiding this comment.
Please look how the other test cases handle checking of function call results via the TEST_ptr() and other TEST_xyz calls. Please use that everywhere throughout the test case.
t8m
added
the
approval: review pending
|
Oops, this is wrong. There must be no merge commits. |
|
I am terribly sorry but I may need to abandon this branch and resubmit. I noticed that somehow I had picked up a change to the gost-engine submodule that was in master but not yet in openssl-3.0. in the process of addressing that, i lsao performed a rebase from the upstream to update both my forked openssl-3.0 branch and my opensssl-3.0-dhparam branch on which this pr is based. Now in my forked repository these two branches differ only by the 2 files I modified, and my forked openssl-3.0 branch is identical to yours, as you can see this pr now shows many changed files. So I propose abandoning this PR and creating a new one off of a clean fork. Do you agree? |
|
You can also just force push changes to this branch. For example - reset the openssl-3.0-dhparam branch via git reset to the branch point from openssl-3.0 and commit the changes at once with 1 commit. Then force push. |
ctx->p2 being a null pointer.
pmesnier
force-pushed
the
openssl-3.0-dhparam
branch
from
c362a61
to
cecf261
Compare
|
Thanks for the suggestion, that seems to ahve done the trick. |
|
Hi, I realize there is no obligation on your part to do anything with this PR. But is it possible for you to suggest when it might be reviewed for approval and ultimately accepted or rejected? |
paulidale
added
approval: done
openssl-machine
removed
the
approval: done
|
This pull request is ready to merge |
openssl-machine
added
the
approval: ready to merge
ctx->p2 being a null pointer. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #16913)
|
Merged to 3.0 and master. Thanks for this fix. |
I found that when a call stack starting with EVP_PKEY_CTX_set_dhx_rfc5114 is invoked. The function in question, fix_dh_rfc5114() evaluates the value ctx->p2 using atoi(). However in this case p2 is null, triggering a segv interrupt, crashing the program. Further, fix_dh_rfc5114() is called by evp_pkey_ctx_ctrl_to_param() which explicitly sets the state parameter to PRE_CTRL_TO_PARAM but fix_dh_rfc5114() only evaluates the ctx values of p1 and p2 when the supplied state is PRE_CTRL_STR_TO_PARAM. This patch addresses these issues.
Checklist