diff options
| author | slontis <shane.lontis@oracle.com> | 2023-01-11 11:05:04 +1000 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2023-02-07 17:05:10 +0100 |
| commit | bcec03c33cc00a7b5eb89ebeeee59e604570a86a (patch) | |
| tree | dfad452c9fd62d3a7492b04edfb2e6227a1f0345 /test/ffc_internal_test.c | |
| parent | 3436f9c24ab90c1661e4798e7944f028d5d251ce (diff) | |
| download | openssl-new-bcec03c33cc00a7b5eb89ebeeee59e604570a86a.tar.gz | |
Fix NULL deference when validating FFC public key.
Fixes CVE-2023-0217
When attempting to do a BN_Copy of params->p there was no NULL check.
Since BN_copy does not check for NULL this is a NULL reference.
As an aside BN_cmp() does do a NULL check, so there are other checks
that fail because a NULL is passed. A more general check for NULL params
has been added for both FFC public and private key validation instead.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Diffstat (limited to 'test/ffc_internal_test.c')
| -rw-r--r-- | test/ffc_internal_test.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/test/ffc_internal_test.c b/test/ffc_internal_test.c index f3df4ab4fd..94920eb60e 100644 --- a/test/ffc_internal_test.c +++ b/test/ffc_internal_test.c @@ -510,6 +510,27 @@ static int ffc_public_validate_test(void) if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) goto err; + /* Fail if params is NULL */ + if (!TEST_false(ossl_ffc_validate_public_key(NULL, pub, &res))) + goto err; + if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) + goto err; + res = -1; + /* Fail if pubkey is NULL */ + if (!TEST_false(ossl_ffc_validate_public_key(params, NULL, &res))) + goto err; + if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) + goto err; + res = -1; + + BN_free(params->p); + params->p = NULL; + /* Fail if params->p is NULL */ + if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res))) + goto err; + if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) + goto err; + ret = 1; err: DH_free(dh); @@ -567,6 +588,16 @@ static int ffc_private_validate_test(void) if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res))) goto err; + if (!TEST_false(ossl_ffc_validate_private_key(NULL, priv, &res))) + goto err; + if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) + goto err; + res = -1; + if (!TEST_false(ossl_ffc_validate_private_key(params->q, NULL, &res))) + goto err; + if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) + goto err; + ret = 1; err: DH_free(dh); |