mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix sigsize usage in apps/speed.c

Browse Source 
In a recent upstream change
(43da9a14f0)
the parameter sigsize become a read/write input in
EVP_PKEY_sign(), and after signing, sigsize will be overwritten with
the actual size and used in the verify step. As the speed program
calls EVP_PKEY_sign() on the same context repeatedly, sigsize value is
no longer the initial available size, and may fail in later buffer
size checks.

This fix adds a new buflen member in struct loopargs (which is only
used within apps/speed.c), to save available buffer size and
to be used as sigsize input in EVP_PKEY_sign() calls.
Sigsize still contains the signature size for the verify step.

Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16991)
This commit is contained in:
Xiaofei Bai 2021-11-03 03:28:23 +00:00 committed by Tomas Mraz
parent a18cdd2807
commit e7414634a5
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
apps/speed.c
View File

@ -462,6 +462,7 @@ typedef struct loopargs_st {
unsigned char *buf_malloc;
unsigned char *buf2_malloc;
unsigned char *key;
size_t buflen;
size_t sigsize;
EVP_PKEY_CTX *rsa_sign_ctx[RSA_NUM];
EVP_PKEY_CTX *rsa_verify_ctx[RSA_NUM];
@ -832,6 +833,7 @@ static int RSA_sign_loop(void *args)
int ret, count;
for (count = 0; COND(rsa_c[testnum][0]); count++) {
*rsa_num = tempargs->buflen;
ret = EVP_PKEY_sign(rsa_sign_ctx[testnum], buf2, rsa_num, buf, 36);
if (ret <= 0) {
BIO_printf(bio_err, "RSA sign failure\n");
@ -892,6 +894,7 @@ static int DSA_sign_loop(void *args)
int ret, count;
for (count = 0; COND(dsa_c[testnum][0]); count++) {
*dsa_num = tempargs->buflen;
ret = EVP_PKEY_sign(dsa_sign_ctx[testnum], buf2, dsa_num, buf, 20);
if (ret <= 0) {
BIO_printf(bio_err, "DSA sign failure\n");
@ -935,6 +938,7 @@ static int ECDSA_sign_loop(void *args)
int ret, count;
for (count = 0; COND(ecdsa_c[testnum][0]); count++) {
*ecdsa_num = tempargs->buflen;
ret = EVP_PKEY_sign(ecdsa_sign_ctx[testnum], buf2, ecdsa_num, buf, 20);
if (ret <= 0) {
BIO_printf(bio_err, "ECDSA sign failure\n");
@ -1779,6 +1783,8 @@ int speed_main(int argc, char **argv)
/* Align the start of buffers on a 64 byte boundary */
loopargs[i].buf = loopargs[i].buf_malloc + misalign;
loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
loopargs[i].buflen = buflen - misalign;
loopargs[i].sigsize = buflen - misalign;
loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a");
loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b");
#ifndef OPENSSL_NO_DH
@ -2349,6 +2355,7 @@ int speed_main(int argc, char **argv)
for (i = 0; st && i < loopargs_len; i++) {
loopargs[i].rsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key, NULL);
loopargs[i].sigsize = loopargs[i].buflen;
if (loopargs[i].rsa_sign_ctx[testnum] == NULL
|| EVP_PKEY_sign_init(loopargs[i].rsa_sign_ctx[testnum]) <= 0
|| EVP_PKEY_sign(loopargs[i].rsa_sign_ctx[testnum],
@ -2427,6 +2434,7 @@ int speed_main(int argc, char **argv)
for (i = 0; st && i < loopargs_len; i++) {
loopargs[i].dsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key,
NULL);
loopargs[i].sigsize = loopargs[i].buflen;
if (loopargs[i].dsa_sign_ctx[testnum] == NULL
|| EVP_PKEY_sign_init(loopargs[i].dsa_sign_ctx[testnum]) <= 0
@ -2505,6 +2513,7 @@ int speed_main(int argc, char **argv)
for (i = 0; st && i < loopargs_len; i++) {
loopargs[i].ecdsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key,
NULL);
loopargs[i].sigsize = loopargs[i].buflen;
if (loopargs[i].ecdsa_sign_ctx[testnum] == NULL
|| EVP_PKEY_sign_init(loopargs[i].ecdsa_sign_ctx[testnum]) <= 0