mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix PKCS7 potential segfault

Browse Source 
As the code that handles libctx, propq for PKCS7 is very similar to CMS
code, a similiar fix for issue #13624 needs to be applied.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13668)
This commit is contained in:
Shane Lontis 2020-12-11 19:24:46 +10:00 committed by Tomas Mraz
parent 84af8027c5
commit 038f4dc68e
6 changed files with 39 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/pkcs7/pk7_asn1.c
View File

@ -68,7 +68,7 @@ PKCS7 *d2i_PKCS7(PKCS7 **a, const unsigned char **in, long len)
PKCS7 *ret;
ret = (PKCS7 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, (PKCS7_it()));
if (ret != NULL && a != NULL)
if (ret != NULL)
pkcs7_resolve_libctx(ret);
return ret;
}

44
crypto/pkcs7/pk7_doit.c
View File

@ -69,7 +69,8 @@ static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg,
name = OBJ_nid2sn(OBJ_obj2nid(alg->algorithm));
(void)ERR_set_mark();
fetched = EVP_MD_fetch(ctx->libctx, name, ctx->propq);
fetched = EVP_MD_fetch(pkcs7_ctx_get0_libctx(ctx), name,
pkcs7_ctx_get0_propq(ctx));
if (fetched != NULL)
md = fetched;
else
@ -113,7 +114,8 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
if (pkey == NULL)
return 0;
pctx = EVP_PKEY_CTX_new_from_pkey(ctx->libctx, pkey, ctx->propq);
pctx = EVP_PKEY_CTX_new_from_pkey(pkcs7_ctx_get0_libctx(ctx), pkey,
pkcs7_ctx_get0_propq(ctx));
if (pctx == NULL)
return 0;
@ -161,7 +163,8 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
int ret = -1;
const PKCS7_CTX *ctx = ri->ctx;
pctx = EVP_PKEY_CTX_new_from_pkey(ctx->libctx, pkey, ctx->propq);
pctx = EVP_PKEY_CTX_new_from_pkey(pkcs7_ctx_get0_libctx(ctx), pkey,
pkcs7_ctx_get0_propq(ctx));
if (pctx == NULL)
return -1;
@ -222,12 +225,16 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
PKCS7_RECIP_INFO *ri = NULL;
ASN1_OCTET_STRING *os = NULL;
const PKCS7_CTX *p7_ctx;
OSSL_LIB_CTX *libctx;
const char *propq;
if (p7 == NULL) {
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER);
return NULL;
}
p7_ctx = pkcs7_get0_ctx(p7);
libctx = pkcs7_ctx_get0_libctx(p7_ctx);
propq = pkcs7_ctx_get0_propq(p7_ctx);
/*
* The content field in the PKCS7 ContentInfo is optional, but that really
@ -304,13 +311,13 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
ivlen = EVP_CIPHER_iv_length(evp_cipher);
xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
if (ivlen > 0)
if (RAND_bytes_ex(p7_ctx->libctx, iv, ivlen) <= 0)
if (RAND_bytes_ex(libctx, iv, ivlen) <= 0)
goto err;
(void)ERR_set_mark();
fetched_cipher = EVP_CIPHER_fetch(p7_ctx->libctx,
fetched_cipher = EVP_CIPHER_fetch(libctx,
EVP_CIPHER_name(evp_cipher),
p7_ctx->propq);
propq);
(void)ERR_pop_to_mark();
if (fetched_cipher != NULL)
cipher = fetched_cipher;
@ -411,6 +418,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
int eklen = 0, tkeylen = 0;
const char *name;
const PKCS7_CTX *p7_ctx;
OSSL_LIB_CTX *libctx;
const char *propq;
if (p7 == NULL) {
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER);
@ -418,6 +427,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
}
p7_ctx = pkcs7_get0_ctx(p7);
libctx = pkcs7_ctx_get0_libctx(p7_ctx);
propq = pkcs7_ctx_get0_propq(p7_ctx);
if (p7->d.ptr == NULL) {
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
@ -452,7 +463,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
name = OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm));
(void)ERR_set_mark();
evp_cipher = EVP_CIPHER_fetch(p7_ctx->libctx, name, p7_ctx->propq);
evp_cipher = EVP_CIPHER_fetch(libctx, name, propq);
if (evp_cipher != NULL)
cipher = evp_cipher;
else
@ -473,7 +484,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
name = OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm));
(void)ERR_set_mark();
evp_cipher = EVP_CIPHER_fetch(p7_ctx->libctx, name, p7_ctx->propq);
evp_cipher = EVP_CIPHER_fetch(libctx, name, propq);
if (evp_cipher != NULL)
cipher = evp_cipher;
else
@ -509,7 +520,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
name = OBJ_nid2sn(OBJ_obj2nid(xa->algorithm));
(void)ERR_set_mark();
evp_md = EVP_MD_fetch(p7_ctx->libctx, name, p7_ctx->propq);
evp_md = EVP_MD_fetch(libctx, name, propq);
if (evp_md != NULL)
md = evp_md;
else
@ -843,7 +854,8 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
goto err;
if (!EVP_SignFinal_ex(ctx_tmp, abuf, &abuflen, si->pkey,
p7_ctx->libctx, p7_ctx->propq)) {
pkcs7_ctx_get0_libctx(p7_ctx),
pkcs7_ctx_get0_propq(p7_ctx))) {
OPENSSL_free(abuf);
ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB);
goto err;
@ -914,8 +926,9 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
goto err;
}
if (EVP_DigestSignInit_ex(mctx, &pctx, EVP_MD_name(md), ctx->libctx,
ctx->propq, si->pkey) <= 0)
if (EVP_DigestSignInit_ex(mctx, &pctx, EVP_MD_name(md),
pkcs7_ctx_get0_libctx(ctx),
pkcs7_ctx_get0_propq(ctx), si->pkey) <= 0)
goto err;
/*
@ -1063,6 +1076,8 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
BIO *btmp;
EVP_PKEY *pkey;
const PKCS7_CTX *ctx = pkcs7_get0_ctx(p7);
OSSL_LIB_CTX *libctx = pkcs7_ctx_get0_libctx(ctx);
const char *propq = pkcs7_ctx_get0_propq(ctx);
mdc_tmp = EVP_MD_CTX_new();
if (mdc_tmp == NULL) {
@ -1129,7 +1144,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
}
(void)ERR_set_mark();
fetched_md = EVP_MD_fetch(ctx->libctx, OBJ_nid2sn(md_type), ctx->propq);
fetched_md = EVP_MD_fetch(libctx, OBJ_nid2sn(md_type), propq);
if (fetched_md != NULL)
md = fetched_md;
@ -1162,8 +1177,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
goto err;
}
i = EVP_VerifyFinal_ex(mdc_tmp, os->data, os->length, pkey, ctx->libctx,
ctx->propq);
i = EVP_VerifyFinal_ex(mdc_tmp, os->data, os->length, pkey, libctx, propq);
if (i <= 0) {
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SIGNATURE_FAILURE);
ret = -1;

6
crypto/pkcs7/pk7_lib.c
View File

@ -401,6 +401,8 @@ void pkcs7_resolve_libctx(PKCS7 *p7)
{
int i;
const PKCS7_CTX *ctx = pkcs7_get0_ctx(p7);
OSSL_LIB_CTX *libctx = pkcs7_ctx_get0_libctx(ctx);
const char *propq = pkcs7_ctx_get0_propq(ctx);
STACK_OF(PKCS7_RECIP_INFO) *rinfos = pkcs7_get_recipient_info(p7);
STACK_OF(PKCS7_SIGNER_INFO) *sinfos = PKCS7_get_signer_info(p7);
STACK_OF(X509) *certs = pkcs7_get_signer_certs(p7);
@ -409,12 +411,12 @@ void pkcs7_resolve_libctx(PKCS7 *p7)
return;
for (i = 0; i < sk_X509_num(certs); i++)
x509_set0_libctx(sk_X509_value(certs, i), ctx->libctx, ctx->propq);
x509_set0_libctx(sk_X509_value(certs, i), libctx, propq);
for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rinfos); i++) {
PKCS7_RECIP_INFO *ri = sk_PKCS7_RECIP_INFO_value(rinfos, i);
x509_set0_libctx(ri->cert, ctx->libctx, ctx->propq);
x509_set0_libctx(ri->cert, libctx, propq);
}
for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {

2
crypto/pkcs7/pk7_mime.c
View File

@ -52,7 +52,7 @@ PKCS7 *SMIME_read_PKCS7_ex(BIO *bio, BIO **bcont, PKCS7 **p7)
ret = (PKCS7 *)SMIME_read_ASN1_ex(bio, bcont, ASN1_ITEM_rptr(PKCS7),
(ASN1_VALUE **)p7);
if (ret != NULL && p7 != NULL)
if (ret != NULL)
pkcs7_resolve_libctx(ret);
return ret;
}

3
crypto/pkcs7/pk7_smime.c
View File

@ -266,7 +266,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
/* Now verify the certificates */
p7_ctx = pkcs7_get0_ctx(p7);
cert_ctx = X509_STORE_CTX_new_ex(p7_ctx->libctx, p7_ctx->propq);
cert_ctx = X509_STORE_CTX_new_ex(pkcs7_ctx_get0_libctx(p7_ctx),
pkcs7_ctx_get0_propq(p7_ctx));
if (cert_ctx == NULL)
goto err;
if (!(flags & PKCS7_NOVERIFY))

4
crypto/x509/x_all.c
View File

@ -178,7 +178,7 @@ PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
PKCS7 *ret;
ret = ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
if (ret != NULL && p7 != NULL)
if (ret != NULL)
pkcs7_resolve_libctx(ret);
return ret;
}
@ -194,7 +194,7 @@ PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
PKCS7 *ret;
ret = ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
if (ret != NULL && p7 != NULL)
if (ret != NULL)
pkcs7_resolve_libctx(ret);
return ret;
}