diff options
author | slontis <shane.lontis@oracle.com> | 2021-09-02 16:39:21 +1000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-09-03 12:31:59 +0200 |
commit | 85407b77543a2d4330dbb40f6b8520ea0894a716 (patch) | |
tree | 79891f58a905b7724ad6a5c1660bd59dc021ff9b /test/evp_pkey_provided_test.c | |
parent | 6f2f59944826b5b7e033af438f5831493d0362c9 (diff) | |
download | openssl-85407b77543a2d4330dbb40f6b8520ea0894a716.zip openssl-85407b77543a2d4330dbb40f6b8520ea0894a716.tar.gz openssl-85407b77543a2d4330dbb40f6b8520ea0894a716.tar.bz2 |
Fix double free in EVP_PKEY_CTX_dup()
If the internal operations dupctx() fails then a free is done (e.g. EVP_KEYEXCH_free()). If this is not set to NULL the EVP_PKEY_CTX_free() will do a double free.
This was found by testing kdf_dupctx() in kdf_exch.c (Note this always
fails since the internal KDF's do not have a dup method).
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16495)
Diffstat (limited to 'test/evp_pkey_provided_test.c')
-rw-r--r-- | test/evp_pkey_provided_test.c | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index 593f709..15c8ce7 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -14,6 +14,7 @@ #include <openssl/provider.h> #include <openssl/param_build.h> #include <openssl/core_names.h> +#include <openssl/sha.h> #include "crypto/ecx.h" #include "crypto/evp.h" /* For the internal API */ #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */ @@ -1622,6 +1623,52 @@ static int test_check_dsa(void) #endif /* OPENSSL_NO_DSA */ +static OSSL_PARAM *do_construct_hkdf_params(char *digest, char *key, + size_t keylen, char *salt) +{ + OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5); + OSSL_PARAM *p = params; + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, digest, 0); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, + salt, strlen(salt)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, + (unsigned char *)key, keylen); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, + "EXTRACT_ONLY", 0); + *p = OSSL_PARAM_construct_end(); + + return params; +} + +/* Test that EVP_PKEY_CTX_dup() fails gracefully for a KDF */ +static int test_evp_pkey_ctx_dup_kdf_fail(void) +{ + int ret = 0; + size_t len = 0; + EVP_PKEY_CTX *pctx = NULL, *dctx = NULL; + OSSL_PARAM *params = NULL; + + if (!TEST_ptr(params = do_construct_hkdf_params("sha256", "secret", 6, + "salt"))) + goto err; + if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "HKDF", NULL))) + goto err; + if (!TEST_int_eq(EVP_PKEY_derive_init_ex(pctx, params), 1)) + goto err; + if (!TEST_int_eq(EVP_PKEY_derive(pctx, NULL, &len), 1) + || !TEST_size_t_eq(len, SHA256_DIGEST_LENGTH)) + goto err; + if (!TEST_ptr_null(dctx = EVP_PKEY_CTX_dup(pctx))) + goto err; + ret = 1; +err: + OPENSSL_free(params); + EVP_PKEY_CTX_free(dctx); + EVP_PKEY_CTX_free(pctx); + return ret; +} + int setup_tests(void) { if (!test_skip_common_options()) { @@ -1632,6 +1679,7 @@ int setup_tests(void) if (!TEST_ptr(datadir = test_get_argument(0))) return 0; + ADD_TEST(test_evp_pkey_ctx_dup_kdf_fail); ADD_TEST(test_evp_pkey_get_bn_param_large); ADD_TEST(test_fromdata_rsa); #ifndef OPENSSL_NO_DH |