mirror of
https://github.com/openssl/openssl.git
synced 2025-01-18 13:44:20 +08:00
Fix PKCS7 potential segfault
As the code that handles libctx, propq for PKCS7 is very similar to CMS code, a similiar fix for issue #13624 needs to be applied. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13668)
This commit is contained in:
Shane Lontis
Tomas Mraz
parent
84af8027c5
commit
038f4dc68e
@ -68,7 +68,7 @@ PKCS7 *d2i_PKCS7(PKCS7 **a, const unsigned char **in, long len)
|
|||||||
PKCS7 *ret;
|
PKCS7 *ret;
|
||||||
|
|
||||||
ret = (PKCS7 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, (PKCS7_it()));
|
ret = (PKCS7 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, (PKCS7_it()));
|
||||||
if (ret != NULL && a != NULL)
|
if (ret != NULL)
|
||||||
pkcs7_resolve_libctx(ret);
|
pkcs7_resolve_libctx(ret);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -69,7 +69,8 @@ static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg,
|
|||||||
name = OBJ_nid2sn(OBJ_obj2nid(alg->algorithm));
|
name = OBJ_nid2sn(OBJ_obj2nid(alg->algorithm));
|
||||||
|
|
||||||
(void)ERR_set_mark();
|
(void)ERR_set_mark();
|
||||||
fetched = EVP_MD_fetch(ctx->libctx, name, ctx->propq);
|
fetched = EVP_MD_fetch(pkcs7_ctx_get0_libctx(ctx), name,
|
||||||
|
pkcs7_ctx_get0_propq(ctx));
|
||||||
if (fetched != NULL)
|
if (fetched != NULL)
|
||||||
md = fetched;
|
md = fetched;
|
||||||
else
|
else
|
||||||
@ -113,7 +114,8 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
|
|||||||
if (pkey == NULL)
|
if (pkey == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
pctx = EVP_PKEY_CTX_new_from_pkey(ctx->libctx, pkey, ctx->propq);
|
pctx = EVP_PKEY_CTX_new_from_pkey(pkcs7_ctx_get0_libctx(ctx), pkey,
|
||||||
|
pkcs7_ctx_get0_propq(ctx));
|
||||||
if (pctx == NULL)
|
if (pctx == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
@ -161,7 +163,8 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
|
|||||||
int ret = -1;
|
int ret = -1;
|
||||||
const PKCS7_CTX *ctx = ri->ctx;
|
const PKCS7_CTX *ctx = ri->ctx;
|
||||||
|
|
||||||
pctx = EVP_PKEY_CTX_new_from_pkey(ctx->libctx, pkey, ctx->propq);
|
pctx = EVP_PKEY_CTX_new_from_pkey(pkcs7_ctx_get0_libctx(ctx), pkey,
|
||||||
|
pkcs7_ctx_get0_propq(ctx));
|
||||||
if (pctx == NULL)
|
if (pctx == NULL)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
@ -222,12 +225,16 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
|
|||||||
PKCS7_RECIP_INFO *ri = NULL;
|
PKCS7_RECIP_INFO *ri = NULL;
|
||||||
ASN1_OCTET_STRING *os = NULL;
|
ASN1_OCTET_STRING *os = NULL;
|
||||||
const PKCS7_CTX *p7_ctx;
|
const PKCS7_CTX *p7_ctx;
|
||||||
|
OSSL_LIB_CTX *libctx;
|
||||||
|
const char *propq;
|
||||||
|
|
||||||
if (p7 == NULL) {
|
if (p7 == NULL) {
|
||||||
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER);
|
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
p7_ctx = pkcs7_get0_ctx(p7);
|
p7_ctx = pkcs7_get0_ctx(p7);
|
||||||
|
libctx = pkcs7_ctx_get0_libctx(p7_ctx);
|
||||||
|
propq = pkcs7_ctx_get0_propq(p7_ctx);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The content field in the PKCS7 ContentInfo is optional, but that really
|
* The content field in the PKCS7 ContentInfo is optional, but that really
|
||||||
@ -304,13 +311,13 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
|
|||||||
ivlen = EVP_CIPHER_iv_length(evp_cipher);
|
ivlen = EVP_CIPHER_iv_length(evp_cipher);
|
||||||
xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
|
xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
|
||||||
if (ivlen > 0)
|
if (ivlen > 0)
|
||||||
if (RAND_bytes_ex(p7_ctx->libctx, iv, ivlen) <= 0)
|
if (RAND_bytes_ex(libctx, iv, ivlen) <= 0)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
(void)ERR_set_mark();
|
(void)ERR_set_mark();
|
||||||
fetched_cipher = EVP_CIPHER_fetch(p7_ctx->libctx,
|
fetched_cipher = EVP_CIPHER_fetch(libctx,
|
||||||
EVP_CIPHER_name(evp_cipher),
|
EVP_CIPHER_name(evp_cipher),
|
||||||
p7_ctx->propq);
|
propq);
|
||||||
(void)ERR_pop_to_mark();
|
(void)ERR_pop_to_mark();
|
||||||
if (fetched_cipher != NULL)
|
if (fetched_cipher != NULL)
|
||||||
cipher = fetched_cipher;
|
cipher = fetched_cipher;
|
||||||
@ -411,6 +418,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
|||||||
int eklen = 0, tkeylen = 0;
|
int eklen = 0, tkeylen = 0;
|
||||||
const char *name;
|
const char *name;
|
||||||
const PKCS7_CTX *p7_ctx;
|
const PKCS7_CTX *p7_ctx;
|
||||||
|
OSSL_LIB_CTX *libctx;
|
||||||
|
const char *propq;
|
||||||
|
|
||||||
if (p7 == NULL) {
|
if (p7 == NULL) {
|
||||||
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER);
|
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER);
|
||||||
@ -418,6 +427,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
|||||||
}
|
}
|
||||||
|
|
||||||
p7_ctx = pkcs7_get0_ctx(p7);
|
p7_ctx = pkcs7_get0_ctx(p7);
|
||||||
|
libctx = pkcs7_ctx_get0_libctx(p7_ctx);
|
||||||
|
propq = pkcs7_ctx_get0_propq(p7_ctx);
|
||||||
|
|
||||||
if (p7->d.ptr == NULL) {
|
if (p7->d.ptr == NULL) {
|
||||||
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
|
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
|
||||||
@ -452,7 +463,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
|||||||
name = OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm));
|
name = OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm));
|
||||||
|
|
||||||
(void)ERR_set_mark();
|
(void)ERR_set_mark();
|
||||||
evp_cipher = EVP_CIPHER_fetch(p7_ctx->libctx, name, p7_ctx->propq);
|
evp_cipher = EVP_CIPHER_fetch(libctx, name, propq);
|
||||||
if (evp_cipher != NULL)
|
if (evp_cipher != NULL)
|
||||||
cipher = evp_cipher;
|
cipher = evp_cipher;
|
||||||
else
|
else
|
||||||
@ -473,7 +484,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
|||||||
name = OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm));
|
name = OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm));
|
||||||
|
|
||||||
(void)ERR_set_mark();
|
(void)ERR_set_mark();
|
||||||
evp_cipher = EVP_CIPHER_fetch(p7_ctx->libctx, name, p7_ctx->propq);
|
evp_cipher = EVP_CIPHER_fetch(libctx, name, propq);
|
||||||
if (evp_cipher != NULL)
|
if (evp_cipher != NULL)
|
||||||
cipher = evp_cipher;
|
cipher = evp_cipher;
|
||||||
else
|
else
|
||||||
@ -509,7 +520,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
|||||||
name = OBJ_nid2sn(OBJ_obj2nid(xa->algorithm));
|
name = OBJ_nid2sn(OBJ_obj2nid(xa->algorithm));
|
||||||
|
|
||||||
(void)ERR_set_mark();
|
(void)ERR_set_mark();
|
||||||
evp_md = EVP_MD_fetch(p7_ctx->libctx, name, p7_ctx->propq);
|
evp_md = EVP_MD_fetch(libctx, name, propq);
|
||||||
if (evp_md != NULL)
|
if (evp_md != NULL)
|
||||||
md = evp_md;
|
md = evp_md;
|
||||||
else
|
else
|
||||||
@ -843,7 +854,8 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
|
|||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
if (!EVP_SignFinal_ex(ctx_tmp, abuf, &abuflen, si->pkey,
|
if (!EVP_SignFinal_ex(ctx_tmp, abuf, &abuflen, si->pkey,
|
||||||
p7_ctx->libctx, p7_ctx->propq)) {
|
pkcs7_ctx_get0_libctx(p7_ctx),
|
||||||
|
pkcs7_ctx_get0_propq(p7_ctx))) {
|
||||||
OPENSSL_free(abuf);
|
OPENSSL_free(abuf);
|
||||||
ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB);
|
ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB);
|
||||||
goto err;
|
goto err;
|
||||||
@ -914,8 +926,9 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (EVP_DigestSignInit_ex(mctx, &pctx, EVP_MD_name(md), ctx->libctx,
|
if (EVP_DigestSignInit_ex(mctx, &pctx, EVP_MD_name(md),
|
||||||
ctx->propq, si->pkey) <= 0)
|
pkcs7_ctx_get0_libctx(ctx),
|
||||||
|
pkcs7_ctx_get0_propq(ctx), si->pkey) <= 0)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -1063,6 +1076,8 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
|
|||||||
BIO *btmp;
|
BIO *btmp;
|
||||||
EVP_PKEY *pkey;
|
EVP_PKEY *pkey;
|
||||||
const PKCS7_CTX *ctx = pkcs7_get0_ctx(p7);
|
const PKCS7_CTX *ctx = pkcs7_get0_ctx(p7);
|
||||||
|
OSSL_LIB_CTX *libctx = pkcs7_ctx_get0_libctx(ctx);
|
||||||
|
const char *propq = pkcs7_ctx_get0_propq(ctx);
|
||||||
|
|
||||||
mdc_tmp = EVP_MD_CTX_new();
|
mdc_tmp = EVP_MD_CTX_new();
|
||||||
if (mdc_tmp == NULL) {
|
if (mdc_tmp == NULL) {
|
||||||
@ -1129,7 +1144,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
|
|||||||
}
|
}
|
||||||
|
|
||||||
(void)ERR_set_mark();
|
(void)ERR_set_mark();
|
||||||
fetched_md = EVP_MD_fetch(ctx->libctx, OBJ_nid2sn(md_type), ctx->propq);
|
fetched_md = EVP_MD_fetch(libctx, OBJ_nid2sn(md_type), propq);
|
||||||
|
|
||||||
if (fetched_md != NULL)
|
if (fetched_md != NULL)
|
||||||
md = fetched_md;
|
md = fetched_md;
|
||||||
@ -1162,8 +1177,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
i = EVP_VerifyFinal_ex(mdc_tmp, os->data, os->length, pkey, ctx->libctx,
|
i = EVP_VerifyFinal_ex(mdc_tmp, os->data, os->length, pkey, libctx, propq);
|
||||||
ctx->propq);
|
|
||||||
if (i <= 0) {
|
if (i <= 0) {
|
||||||
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SIGNATURE_FAILURE);
|
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SIGNATURE_FAILURE);
|
||||||
ret = -1;
|
ret = -1;
|
||||||
|
|||||||
@ -401,6 +401,8 @@ void pkcs7_resolve_libctx(PKCS7 *p7)
|
|||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
const PKCS7_CTX *ctx = pkcs7_get0_ctx(p7);
|
const PKCS7_CTX *ctx = pkcs7_get0_ctx(p7);
|
||||||
|
OSSL_LIB_CTX *libctx = pkcs7_ctx_get0_libctx(ctx);
|
||||||
|
const char *propq = pkcs7_ctx_get0_propq(ctx);
|
||||||
STACK_OF(PKCS7_RECIP_INFO) *rinfos = pkcs7_get_recipient_info(p7);
|
STACK_OF(PKCS7_RECIP_INFO) *rinfos = pkcs7_get_recipient_info(p7);
|
||||||
STACK_OF(PKCS7_SIGNER_INFO) *sinfos = PKCS7_get_signer_info(p7);
|
STACK_OF(PKCS7_SIGNER_INFO) *sinfos = PKCS7_get_signer_info(p7);
|
||||||
STACK_OF(X509) *certs = pkcs7_get_signer_certs(p7);
|
STACK_OF(X509) *certs = pkcs7_get_signer_certs(p7);
|
||||||
@ -409,12 +411,12 @@ void pkcs7_resolve_libctx(PKCS7 *p7)
|
|||||||
return;
|
return;
|
||||||
|
|
||||||
for (i = 0; i < sk_X509_num(certs); i++)
|
for (i = 0; i < sk_X509_num(certs); i++)
|
||||||
x509_set0_libctx(sk_X509_value(certs, i), ctx->libctx, ctx->propq);
|
x509_set0_libctx(sk_X509_value(certs, i), libctx, propq);
|
||||||
|
|
||||||
for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rinfos); i++) {
|
for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rinfos); i++) {
|
||||||
PKCS7_RECIP_INFO *ri = sk_PKCS7_RECIP_INFO_value(rinfos, i);
|
PKCS7_RECIP_INFO *ri = sk_PKCS7_RECIP_INFO_value(rinfos, i);
|
||||||
|
|
||||||
x509_set0_libctx(ri->cert, ctx->libctx, ctx->propq);
|
x509_set0_libctx(ri->cert, libctx, propq);
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
|
for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
|
||||||
|
|||||||
@ -52,7 +52,7 @@ PKCS7 *SMIME_read_PKCS7_ex(BIO *bio, BIO **bcont, PKCS7 **p7)
|
|||||||
|
|
||||||
ret = (PKCS7 *)SMIME_read_ASN1_ex(bio, bcont, ASN1_ITEM_rptr(PKCS7),
|
ret = (PKCS7 *)SMIME_read_ASN1_ex(bio, bcont, ASN1_ITEM_rptr(PKCS7),
|
||||||
(ASN1_VALUE **)p7);
|
(ASN1_VALUE **)p7);
|
||||||
if (ret != NULL && p7 != NULL)
|
if (ret != NULL)
|
||||||
pkcs7_resolve_libctx(ret);
|
pkcs7_resolve_libctx(ret);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -266,7 +266,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
|
|||||||
|
|
||||||
/* Now verify the certificates */
|
/* Now verify the certificates */
|
||||||
p7_ctx = pkcs7_get0_ctx(p7);
|
p7_ctx = pkcs7_get0_ctx(p7);
|
||||||
cert_ctx = X509_STORE_CTX_new_ex(p7_ctx->libctx, p7_ctx->propq);
|
cert_ctx = X509_STORE_CTX_new_ex(pkcs7_ctx_get0_libctx(p7_ctx),
|
||||||
|
pkcs7_ctx_get0_propq(p7_ctx));
|
||||||
if (cert_ctx == NULL)
|
if (cert_ctx == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
if (!(flags & PKCS7_NOVERIFY))
|
if (!(flags & PKCS7_NOVERIFY))
|
||||||
|
|||||||
@ -178,7 +178,7 @@ PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
|
|||||||
PKCS7 *ret;
|
PKCS7 *ret;
|
||||||
|
|
||||||
ret = ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
|
ret = ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
|
||||||
if (ret != NULL && p7 != NULL)
|
if (ret != NULL)
|
||||||
pkcs7_resolve_libctx(ret);
|
pkcs7_resolve_libctx(ret);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@ -194,7 +194,7 @@ PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
|
|||||||
PKCS7 *ret;
|
PKCS7 *ret;
|
||||||
|
|
||||||
ret = ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
|
ret = ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
|
||||||
if (ret != NULL && p7 != NULL)
|
if (ret != NULL)
|
||||||
pkcs7_resolve_libctx(ret);
|
pkcs7_resolve_libctx(ret);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user