Branch: refs/heads/openssl-3.2
Home: https://github.com/openssl/openssl
Commit: a7d11644fe5f78cd0ccc5c6334b74365eeca696c
https://github.com/openssl/openssl/commit/a7d11644fe5f78cd0ccc5c6334b74365eeca696c
Author: Karol Brzuskiewicz <k...@arista.com>
Date: 2024-06-24 (Mon, 24 Jun 2024)
Changed paths:
M providers/fips/self_test_kats.c
M test/provider_status_test.c
Log Message:
-----------
Fix usage of deallocated EVP_RAND_CTX after execution of FIPS on-demand self
tests
Once RNG is used, triggering FIPS on-demand self tests (via
OSSL_PROVIDER_self_test() API) crashes the application. This happens because the
RNG context is stored before self tests, and restored after their execution.
In the meantime - before context restoration - RAND_set0_private() function is
called, which decrements the stored RNG context reference counter and frees it.
To resolve the issue, the stored RNG context refcount has been incremented via
the EVP_RAND_CTX_up_ref() API to avoid its deallocation during the RNG context
switch performed by the self test function.
The provider_status_test test has been updated to reproduce the issue as
a regression test.
Signed-off-by: Karol Brzuskiewicz <k...@arista.com>
Reviewed-by: Shane Lontis <shane.lon...@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgr...@arm.com>
Reviewed-by: Paul Dale <ppz...@gmail.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24599)
(cherry picked from commit 42a8ef844e5fca55abb608beb62695abe80c6b6d)
To unsubscribe from these emails, change your notification settings at
https://github.com/openssl/openssl/settings/notifications
