[openssl] OpenSSL_1_1_1-stable update

bernd . edlinger Thu, 07 Oct 2021 07:06:35 -0700

The branch OpenSSL_1_1_1-stable has been updated
       via  14357a51130510d87fe5f31e45baaf70bd5c9027 (commit)
      from  503eb0e108ca5819dacd5ae171aedd37268654d9 (commit)



- Log -----------------------------------------------------------------
commit 14357a51130510d87fe5f31e45baaf70bd5c9027
Author: Bernd Edlinger <bernd.edlin...@hotmail.de>
Date:   Tue Oct 5 21:38:55 2021 +0200

    Fix double-free in e_dasync.c
    
    When the cipher is copied, the inner_cihper_data
    need to be copied as well, using the EVP_CTRL_COPY method.
    The EVP_CIPH_CUSTOM_COPY bit needs to be set as well.
    
    Reviewed-by: Tomas Mraz <to...@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16751)

-----------------------------------------------------------------------

Summary of changes:
 engines/e_dasync.c | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/engines/e_dasync.c b/engines/e_dasync.c
index 07793037df..1f5d4117f2 100644
--- a/engines/e_dasync.c
+++ b/engines/e_dasync.c
@@ -244,7 +244,8 @@ static int bind_dasync(ENGINE *e)
             || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
                                           EVP_CIPH_FLAG_DEFAULT_ASN1
                                           | EVP_CIPH_CBC_MODE
-                                          | EVP_CIPH_FLAG_PIPELINE)
+                                          | EVP_CIPH_FLAG_PIPELINE
+                                          | EVP_CIPH_CUSTOM_COPY)
             || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
                                          dasync_aes128_init_key)
             || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
@@ -270,7 +271,8 @@ static int bind_dasync(ENGINE *e)
                                             EVP_CIPH_CBC_MODE
                                           | EVP_CIPH_FLAG_DEFAULT_ASN1
                                           | EVP_CIPH_FLAG_AEAD_CIPHER
-                                          | EVP_CIPH_FLAG_PIPELINE)
+                                          | EVP_CIPH_FLAG_PIPELINE
+                                          | EVP_CIPH_CUSTOM_COPY)
             || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1,
                                          dasync_aes128_cbc_hmac_sha1_init_key)
             || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1,
@@ -629,6 +631,21 @@ static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, 
int type, int arg,
             }
         }
 
+        case EVP_CTRL_COPY:
+        {
+            const EVP_CIPHER *cipher = aeadcapable
+                                       ? EVP_aes_128_cbc_hmac_sha1()
+                                       : EVP_aes_128_cbc();
+            size_t data_size = EVP_CIPHER_impl_ctx_size(cipher);
+            void *cipher_data = OPENSSL_malloc(data_size);
+
+            if (cipher_data == NULL)
+                return 0;
+            memcpy(cipher_data, pipe_ctx->inner_cipher_data, data_size);
+            pipe_ctx->inner_cipher_data = cipher_data;
+            return 1;
+        }
+
         default:
             return 0;
     }

[openssl] OpenSSL_1_1_1-stable update

Reply via email to