Added check for the return value of the RAND_bytes() function #21706
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
the
severity: fips change
t8m
reviewed
Aug 10, 2023
apps/speed.c
Outdated
Comment on lines
4750
to
4757
| if (RAND_bytes(out, 16) > 0) { | ||
| len += 16; | ||
| aad[11] = (unsigned char)(len >> 8); | ||
| aad[12] = (unsigned char)(len); | ||
| pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, | ||
| EVP_AEAD_TLS1_AAD_LEN, aad); | ||
| ciph_success = EVP_Cipher(ctx, out, inp, len + pad); | ||
| } |
There was a problem hiding this comment.
Instead, I would use app_bail_out() in case of RAND_bytes() failure. However it is not clear to me why the RAND_bytes() call is there at all - the out buffer should be overwritten by the EVP_Cipher call anyway.
@mattcaswell any idea why the RAND_bytes() call is there?
There was a problem hiding this comment.
No, I don't see an obvious reason for it.
There was a problem hiding this comment.
In that case I wouldn't bother checking the return value, just explicitly cast to (void) as we do not want to change what is the speed command measuring to keep the results stable.
There was a problem hiding this comment.
Hmm, I wonder if it's meant to be setting inp rather than out, since - unless OPENSSL_malloc() initialises the memory it returns - it doesn't look like inp is being initialised here
There was a problem hiding this comment.
What should we do about this issue?
There was a problem hiding this comment.
Use app_bail_out if RAND_bytes() fails instead. And also change the output parameter of RAND_bytes() to inp.
t8m
added
branch: master
paulidale
added
the
stalled: awaiting contributor response
Changed the output parameter of RAND_bytes() to inp.
paulidale
removed
the
stalled: awaiting contributor response
paulidale
reviewed
Oct 5, 2023
apps/speed.c
Outdated
| len += 16; | ||
| aad[11] = (unsigned char)(len >> 8); | ||
| aad[12] = (unsigned char)(len); | ||
| pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, | ||
| EVP_AEAD_TLS1_AAD_LEN, aad); | ||
| EVP_AEAD_TLS1_AAD_LEN, aad); |
There was a problem hiding this comment.
Please don't fix the indentation here, it was already correct as per our coding style.
github-actions
bot
removed
the
severity: fips change
t8m
approved these changes
Oct 9, 2023
t8m
added
triaged: bug
mattcaswell
approved these changes
Oct 9, 2023
tom-cosgrove-arm
approved these changes
Oct 9, 2023
tom-cosgrove-arm
added
approval: done
paulidale
approved these changes
Oct 9, 2023
openssl-machine
added
approval: ready to merge
|
This pull request is ready to merge |
|
Squashed and merged to master, 3.1 and 3.0 branches. Thank you for your contribution. |
openssl-machine
pushed a commit
that referenced
this pull request
Oct 10, 2023
Call app_bail_out if RAND_bytes() fails. Also changed the output parameter of RAND_bytes() to inp as writing to encrypted output buffer does not make sense. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #21706) (cherry picked from commit 8d120ae)
openssl-machine
pushed a commit
that referenced
this pull request
Oct 10, 2023
Call app_bail_out if RAND_bytes() fails. Also changed the output parameter of RAND_bytes() to inp as writing to encrypted output buffer does not make sense. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #21706)
openssl-machine
pushed a commit
that referenced
this pull request
Oct 10, 2023
Call app_bail_out if RAND_bytes() fails. Also changed the output parameter of RAND_bytes() to inp as writing to encrypted output buffer does not make sense. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #21706) (cherry picked from commit 8d120ae)
wanghao75
pushed a commit
to openeuler-mirror/openssl
that referenced
this pull request
Oct 16, 2023
Call app_bail_out if RAND_bytes() fails. Also changed the output parameter of RAND_bytes() to inp as writing to encrypted output buffer does not make sense. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl/openssl#21706) Signed-off-by: fly2x <fly2x@hitls.org>
wanghao75
pushed a commit
to openeuler-mirror/openssl
that referenced
this pull request
Oct 16, 2023
Call app_bail_out if RAND_bytes() fails. Also changed the output parameter of RAND_bytes() to inp as writing to encrypted output buffer does not make sense. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl/openssl#21706) (cherry picked from commit 8d120ae) Signed-off-by: fly2x <fly2x@hitls.org>
wanghao75
pushed a commit
to openeuler-mirror/openssl
that referenced
this pull request
Oct 16, 2023
Call app_bail_out if RAND_bytes() fails. Also changed the output parameter of RAND_bytes() to inp as writing to encrypted output buffer does not make sense. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl/openssl#21706) (cherry picked from commit 8d120ae) Signed-off-by: fly2x <fly2x@hitls.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The return value of the
RAND_bytes()function is not checked. At the same time, the function might return0without changing the value of theoutvariable passed to it. This variable will be used later on, so a check for the function's return value has been added.Perhaps this would be more correct: