Make EVP_PKEY_asn1_new() stricter with its input

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6880)

3 files changed, 36 insertions, 1 deletions

diff --git a/CHANGES b/CHANGES
index 780591290b..4b31ac79ba 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,11 @@
 
  Changes between 1.1.0h and 1.1.1 [xx XXX xxxx]
 
+  *) Make EVP_PKEY_asn1_new() a bit stricter about its input.  A NULL pem_str
+     parameter is no longer accepted, as it leads to a corrupt table.  NULL
+     pem_str is reserved for alias entries only.
+     [Richard Levitte]
+
   *) Use the new ec_scalar_mul_ladder scaffold to implement a specialized ladder
      step for prime curves. The new implementation is based on formulae from
      differential addition-and-doubling in homogeneous projective coordinates
diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index 9b3274bc4e..9a1644148a 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -216,6 +216,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
             goto err;
     }
 
+    /*
+     * One of the following must be true:
+     *
+     * pem_str == NULL AND ASN1_PKEY_ALIAS is set
+     * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
+     *
+     * Anything else is an error and may lead to a corrupt ASN1 method table
+     */
+    if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
+          || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
+        goto err;
+
     if (pem_str) {
         ameth->pem_str = OPENSSL_strdup(pem_str);
         if (!ameth->pem_str)
diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c
index ab4dc353c4..fa69dc7a9e 100644
--- a/test/asn1_internal_test.c
+++ b/test/asn1_internal_test.c
@@ -67,6 +67,7 @@ static int test_standard_methods(void)
     const EVP_PKEY_ASN1_METHOD **tmp;
     int last_pkey_id = -1;
     size_t i;
+    int ok = 1;
 
     for (tmp = standard_methods, i = 0; i < OSSL_NELEM(standard_methods);
          i++, tmp++) {
@@ -75,11 +76,28 @@ static int test_standard_methods(void)
             break;
         }
         last_pkey_id = (*tmp)->pkey_id;
+
+        /*
+         * One of the following must be true:
+         *
+         * pem_str == NULL AND ASN1_PKEY_ALIAS is set
+         * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
+         *
+         * Anything else is an error and may lead to a corrupt ASN1 method table
+         */
+        if (!TEST_true((*tmp)->pem_str == NULL &&
+                       ((*tmp)->pkey_flags & ASN1_PKEY_ALIAS) != 0)
+            && !TEST_true((*tmp)->pem_str != NULL &&
+                          ((*tmp)->pkey_flags & ASN1_PKEY_ALIAS) == 0)) {
+            TEST_note("asn1 standard methods: Index %zu, pkey ID %d, Name=%s",
+                      i, (*tmp)->pkey_id, OBJ_nid2sn((*tmp)->pkey_id));
+            ok = 0;
+        }
     }
 
     if (TEST_int_ne(last_pkey_id, 0)) {
         TEST_info("asn1 standard methods: Table order OK");
-        return 1;
+        return ok;
     }
 
     TEST_note("asn1 standard methods: out of order");