The branch openssl-3.0 has been updated
via 277a8334cd4a213619fe92107dd393eab6d8a801 (commit)
via 86914ceadf2909204485605106cc121036ab091d (commit)
from 6bb8ef9d0fbe62ea39427eb0b1ffad916f6b8d16 (commit)
- Log -----------------------------------------------------------------
commit 277a8334cd4a213619fe92107dd393eab6d8a801
Author: Tomas Mraz <to...@openssl.org>
Date: Tue Jan 4 11:57:54 2022 +0100
Test importing EC key parameters with a bad curve
Reviewed-by: Paul Dale <pa...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17411)
(cherry picked from commit d4d8f163db1d32c98d8f956e6966263a7a22fac1)
commit 86914ceadf2909204485605106cc121036ab091d
Author: Tomas Mraz <to...@openssl.org>
Date: Tue Jan 4 11:53:30 2022 +0100
EVP_PKEY_fromdata(): Do not return newly allocated pkey on failure
Fixes #17407
Reviewed-by: Paul Dale <pa...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17411)
(cherry picked from commit 5b03b89f7f925384c2768874c95f1af7053fd16f)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/pmeth_gn.c | 10 ++++++++--
test/evp_pkey_provided_test.c | 17 +++++++++++++++--
2 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index af3d990869..f9d001fdd0 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -365,6 +365,7 @@ int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey,
int selection,
OSSL_PARAM params[])
{
void *keydata = NULL;
+ EVP_PKEY *allocated_pkey = NULL;
if (ctx == NULL || (ctx->operation & EVP_PKEY_OP_FROMDATA) == 0) {
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
@@ -375,7 +376,7 @@ int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey,
int selection,
return -1;
if (*ppkey == NULL)
- *ppkey = EVP_PKEY_new();
+ allocated_pkey = *ppkey = EVP_PKEY_new();
if (*ppkey == NULL) {
ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
@@ -383,8 +384,13 @@ int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey,
int selection,
}
keydata = evp_keymgmt_util_fromdata(*ppkey, ctx->keymgmt, selection,
params);
- if (keydata == NULL)
+ if (keydata == NULL) {
+ if (allocated_pkey != NULL) {
+ *ppkey = NULL;
+ EVP_PKEY_free(allocated_pkey);
+ }
return 0;
+ }
/* keydata is cached in *ppkey, so we need not bother with it further */
return 1;
}
diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c
index 8b5c7b3457..cf4d8e1294 100644
--- a/test/evp_pkey_provided_test.c
+++ b/test/evp_pkey_provided_test.c
@@ -1113,8 +1113,6 @@ err:
return ret;
}
-#define CURVE_NAME 2
-
static int test_fromdata_ec(void)
{
int ret = 0;
@@ -1126,6 +1124,11 @@ static int test_fromdata_ec(void)
OSSL_PARAM *fromdata_params = NULL;
const char *alg = "EC";
const char *curve = "prime256v1";
+ const char bad_curve[] = "nonexistent-curve";
+ OSSL_PARAM nokey_params[2] = {
+ OSSL_PARAM_END,
+ OSSL_PARAM_END
+ };
/* UNCOMPRESSED FORMAT */
static const unsigned char ec_pub_keydata[] = {
POINT_CONVERSION_UNCOMPRESSED,
@@ -1179,6 +1182,16 @@ static int test_fromdata_ec(void)
if (!TEST_ptr(ctx))
goto err;
+ /* try importing parameters with bad curve first */
+ nokey_params[0] =
+ OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
+ (char *)bad_curve, sizeof(bad_curve));
+ if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
+ || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEY_PARAMETERS,
+ nokey_params), 0)
+ || !TEST_ptr_null(pk))
+ goto err;
+
if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
|| !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
fromdata_params), 1))
