allow zero length parameters in KDF_CTX_ctrl()
This commit is contained in:
parent
0536b721ef
commit
b8a97dc1d8
@ -90,8 +90,8 @@ diff -up openssl-1.1.1d/crypto/kdf/build.info.krb5-kdf openssl-1.1.1d/crypto/kdf
|
|||||||
+ tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c sshkdf.c kbkdf.c krb5kdf.c sskdf.c
|
+ tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c sshkdf.c kbkdf.c krb5kdf.c sskdf.c
|
||||||
diff -up openssl-1.1.1d/crypto/kdf/kbkdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/kbkdf.c
|
diff -up openssl-1.1.1d/crypto/kdf/kbkdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/kbkdf.c
|
||||||
--- openssl-1.1.1d/crypto/kdf/kbkdf.c.krb5-kdf 2019-11-14 15:07:05.343094112 +0100
|
--- openssl-1.1.1d/crypto/kdf/kbkdf.c.krb5-kdf 2019-11-14 15:07:05.343094112 +0100
|
||||||
+++ openssl-1.1.1d/crypto/kdf/kbkdf.c 2019-11-14 16:07:15.385324361 +0100
|
+++ openssl-1.1.1d/crypto/kdf/kbkdf.c 2019-11-18 17:21:58.326635901 +0100
|
||||||
@@ -0,0 +1,530 @@
|
@@ -0,0 +1,540 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
+ * Copyright 2019 Red Hat, Inc.
|
+ * Copyright 2019 Red Hat, Inc.
|
||||||
@ -127,12 +127,16 @@ diff -up openssl-1.1.1d/crypto/kdf/kbkdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/kb
|
|||||||
+#include <openssl/cmac.h>
|
+#include <openssl/cmac.h>
|
||||||
+#include <openssl/kdf.h>
|
+#include <openssl/kdf.h>
|
||||||
+
|
+
|
||||||
|
+#include "internal/numbers.h"
|
||||||
+#include "internal/cryptlib.h"
|
+#include "internal/cryptlib.h"
|
||||||
+#include "internal/evp_int.h"
|
+#include "internal/evp_int.h"
|
||||||
+#include "kdf_local.h"
|
+#include "kdf_local.h"
|
||||||
+
|
+
|
||||||
+#include "e_os.h"
|
+#include "e_os.h"
|
||||||
+
|
+
|
||||||
|
+#ifdef MIN
|
||||||
|
+# undef MIN
|
||||||
|
+#endif
|
||||||
+#define MIN(a, b) ((a) < (b)) ? (a) : (b)
|
+#define MIN(a, b) ((a) < (b)) ? (a) : (b)
|
||||||
+
|
+
|
||||||
+typedef struct {
|
+typedef struct {
|
||||||
@ -451,6 +455,12 @@ diff -up openssl-1.1.1d/crypto/kdf/kbkdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/kb
|
|||||||
+ p = va_arg(args, const unsigned char *);
|
+ p = va_arg(args, const unsigned char *);
|
||||||
+ len = va_arg(args, size_t);
|
+ len = va_arg(args, size_t);
|
||||||
+ OPENSSL_clear_free(*dst, *dst_len);
|
+ OPENSSL_clear_free(*dst, *dst_len);
|
||||||
|
+ if (len == 0) {
|
||||||
|
+ *dst = NULL;
|
||||||
|
+ *dst_len = 0;
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
+ *dst = OPENSSL_memdup(p, len);
|
+ *dst = OPENSSL_memdup(p, len);
|
||||||
+ if (*dst == NULL)
|
+ if (*dst == NULL)
|
||||||
+ return 0;
|
+ return 0;
|
||||||
@ -711,8 +721,8 @@ diff -up openssl-1.1.1d/crypto/kdf/kdf_util.c.krb5-kdf openssl-1.1.1d/crypto/kdf
|
|||||||
+}
|
+}
|
||||||
diff -up openssl-1.1.1d/crypto/kdf/krb5kdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/krb5kdf.c
|
diff -up openssl-1.1.1d/crypto/kdf/krb5kdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/krb5kdf.c
|
||||||
--- openssl-1.1.1d/crypto/kdf/krb5kdf.c.krb5-kdf 2019-11-14 15:07:05.344094093 +0100
|
--- openssl-1.1.1d/crypto/kdf/krb5kdf.c.krb5-kdf 2019-11-14 15:07:05.344094093 +0100
|
||||||
+++ openssl-1.1.1d/crypto/kdf/krb5kdf.c 2019-11-14 16:11:17.761978261 +0100
|
+++ openssl-1.1.1d/crypto/kdf/krb5kdf.c 2019-11-18 17:18:13.056604404 +0100
|
||||||
@@ -0,0 +1,417 @@
|
@@ -0,0 +1,423 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
|
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
+ *
|
+ *
|
||||||
@ -811,6 +821,12 @@ diff -up openssl-1.1.1d/crypto/kdf/krb5kdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/
|
|||||||
+ p = va_arg(args, const unsigned char *);
|
+ p = va_arg(args, const unsigned char *);
|
||||||
+ len = va_arg(args, size_t);
|
+ len = va_arg(args, size_t);
|
||||||
+ OPENSSL_clear_free(*dst, *dst_len);
|
+ OPENSSL_clear_free(*dst, *dst_len);
|
||||||
|
+ if (len == 0) {
|
||||||
|
+ *dst = NULL;
|
||||||
|
+ *dst_len = 0;
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
+ *dst = OPENSSL_memdup(p, len);
|
+ *dst = OPENSSL_memdup(p, len);
|
||||||
+ if (*dst == NULL)
|
+ if (*dst == NULL)
|
||||||
+ return 0;
|
+ return 0;
|
||||||
@ -1130,10 +1146,34 @@ diff -up openssl-1.1.1d/crypto/kdf/krb5kdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/
|
|||||||
+ krb5kdf_derive,
|
+ krb5kdf_derive,
|
||||||
+};
|
+};
|
||||||
+
|
+
|
||||||
|
diff -up openssl-1.1.1d/crypto/kdf/sshkdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/sshkdf.c
|
||||||
|
--- openssl-1.1.1d/crypto/kdf/sshkdf.c.krb5-kdf 2019-11-14 15:07:05.327094396 +0100
|
||||||
|
+++ openssl-1.1.1d/crypto/kdf/sshkdf.c 2019-11-18 17:18:25.343388314 +0100
|
||||||
|
@@ -12,6 +12,7 @@
|
||||||
|
#include <string.h>
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
#include <openssl/kdf.h>
|
||||||
|
+#include "internal/numbers.h"
|
||||||
|
#include "internal/cryptlib.h"
|
||||||
|
#include "internal/evp_int.h"
|
||||||
|
#include "kdf_local.h"
|
||||||
|
@@ -68,6 +69,12 @@ static int kdf_sshkdf_parse_buffer_arg(u
|
||||||
|
p = va_arg(args, const unsigned char *);
|
||||||
|
len = va_arg(args, size_t);
|
||||||
|
OPENSSL_clear_free(*dst, *dst_len);
|
||||||
|
+ if (len == 0) {
|
||||||
|
+ *dst = NULL;
|
||||||
|
+ *dst_len = 0;
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
*dst = OPENSSL_memdup(p, len);
|
||||||
|
if (*dst == NULL)
|
||||||
|
return 0;
|
||||||
diff -up openssl-1.1.1d/crypto/kdf/sskdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/sskdf.c
|
diff -up openssl-1.1.1d/crypto/kdf/sskdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/sskdf.c
|
||||||
--- openssl-1.1.1d/crypto/kdf/sskdf.c.krb5-kdf 2019-11-14 15:07:05.344094093 +0100
|
--- openssl-1.1.1d/crypto/kdf/sskdf.c.krb5-kdf 2019-11-14 15:07:05.344094093 +0100
|
||||||
+++ openssl-1.1.1d/crypto/kdf/sskdf.c 2019-11-14 15:43:17.603150203 +0100
|
+++ openssl-1.1.1d/crypto/kdf/sskdf.c 2019-11-18 17:21:40.349952802 +0100
|
||||||
@@ -0,0 +1,252 @@
|
@@ -0,0 +1,255 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
|
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
|
||||||
@ -1287,10 +1327,13 @@ diff -up openssl-1.1.1d/crypto/kdf/sskdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/ss
|
|||||||
+
|
+
|
||||||
+ p = va_arg(args, const unsigned char *);
|
+ p = va_arg(args, const unsigned char *);
|
||||||
+ len = va_arg(args, size_t);
|
+ len = va_arg(args, size_t);
|
||||||
+ if (len == 0 || p == NULL)
|
+ OPENSSL_clear_free(*out, *out_len);
|
||||||
|
+ if (len == 0) {
|
||||||
|
+ *out = NULL;
|
||||||
|
+ *out_len = 0;
|
||||||
+ return 1;
|
+ return 1;
|
||||||
|
+ }
|
||||||
+
|
+
|
||||||
+ OPENSSL_free(*out);
|
|
||||||
+ *out = OPENSSL_memdup(p, len);
|
+ *out = OPENSSL_memdup(p, len);
|
||||||
+ if (*out == NULL)
|
+ if (*out == NULL)
|
||||||
+ return 0;
|
+ return 0;
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.1.1d
|
Version: 1.1.1d
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -458,6 +458,9 @@ export LD_LIBRARY_PATH
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Nov 21 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1d-5
|
||||||
|
- allow zero length parameters in KDF_CTX_ctrl()
|
||||||
|
|
||||||
* Thu Nov 14 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1d-4
|
* Thu Nov 14 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1d-4
|
||||||
- backport of SSKDF from master
|
- backport of SSKDF from master
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user