From 864c70e43ea5f1d7fe20bfea457e53e79fd46b6e Mon Sep 17 00:00:00 2001 From: afshinpir Date: Thu, 23 Mar 2023 12:25:45 +1300 Subject: [PATCH] `EVP_PKEY_CTX_dup` segmentation fault fix CLA: trivial The the provider, context duplication method for signature, key exchange, asymmetric cipher, and key encapsulation is optional. But if they are missing, we will get a segmentation fault in `EVP_PKEY_CTX_dup` because they are called without null pointer checking. Reviewed-by: Paul Dale Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/20581) --- crypto/evp/pmeth_lib.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 249c895a15..caf10b2d5c 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -503,8 +503,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) if (pctx->op.kex.algctx != NULL) { if (!ossl_assert(pctx->op.kex.exchange != NULL)) goto err; - rctx->op.kex.algctx - = pctx->op.kex.exchange->dupctx(pctx->op.kex.algctx); + + if (pctx->op.kex.exchange->dupctx != NULL) + rctx->op.kex.algctx + = pctx->op.kex.exchange->dupctx(pctx->op.kex.algctx); + if (rctx->op.kex.algctx == NULL) { EVP_KEYEXCH_free(rctx->op.kex.exchange); rctx->op.kex.exchange = NULL; @@ -521,8 +524,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) if (pctx->op.sig.algctx != NULL) { if (!ossl_assert(pctx->op.sig.signature != NULL)) goto err; - rctx->op.sig.algctx - = pctx->op.sig.signature->dupctx(pctx->op.sig.algctx); + + if (pctx->op.sig.signature->dupctx != NULL) + rctx->op.sig.algctx + = pctx->op.sig.signature->dupctx(pctx->op.sig.algctx); + if (rctx->op.sig.algctx == NULL) { EVP_SIGNATURE_free(rctx->op.sig.signature); rctx->op.sig.signature = NULL; @@ -539,8 +545,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) if (pctx->op.ciph.algctx != NULL) { if (!ossl_assert(pctx->op.ciph.cipher != NULL)) goto err; - rctx->op.ciph.algctx - = pctx->op.ciph.cipher->dupctx(pctx->op.ciph.algctx); + + if (pctx->op.ciph.cipher->dupctx != NULL) + rctx->op.ciph.algctx + = pctx->op.ciph.cipher->dupctx(pctx->op.ciph.algctx); + if (rctx->op.ciph.algctx == NULL) { EVP_ASYM_CIPHER_free(rctx->op.ciph.cipher); rctx->op.ciph.cipher = NULL; @@ -557,8 +566,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) if (pctx->op.encap.algctx != NULL) { if (!ossl_assert(pctx->op.encap.kem != NULL)) goto err; - rctx->op.encap.algctx - = pctx->op.encap.kem->dupctx(pctx->op.encap.algctx); + + if (pctx->op.encap.kem->dupctx != NULL) + rctx->op.encap.algctx + = pctx->op.encap.kem->dupctx(pctx->op.encap.algctx); + if (rctx->op.encap.algctx == NULL) { EVP_KEM_free(rctx->op.encap.kem); rctx->op.encap.kem = NULL;