diff options
| author | Xiaofei Bai <xiaofei.bai@arm.com> | 2021-11-03 03:28:23 +0000 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-11-09 16:11:58 +0100 |
| commit | c37ff82e7c3993292fcc0524e5dde429fa3b65eb (patch) | |
| tree | 3819377a2f5a432ef4d22b530c5e58a15484a7a8 /apps | |
| parent | 419afbf8a3adeffc598e32963bc041599b4007a8 (diff) | |
Fix sigsize usage in apps/speed.c
In a recent upstream change
(43da9a14f0e73f42f28ae34219929b44df5d1a11)
the parameter sigsize become a read/write input in
EVP_PKEY_sign(), and after signing, sigsize will be overwritten with
the actual size and used in the verify step. As the speed program
calls EVP_PKEY_sign() on the same context repeatedly, sigsize value is
no longer the initial available size, and may fail in later buffer
size checks.
This fix adds a new buflen member in struct loopargs (which is only
used within apps/speed.c), to save available buffer size and
to be used as sigsize input in EVP_PKEY_sign() calls.
Sigsize still contains the signature size for the verify step.
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16991)
(cherry picked from commit e7414634a59aa61c7917193a31382ced95d40eeb)
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/speed.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/apps/speed.c b/apps/speed.c index 4dd9ce0885..ada559228d 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -462,6 +462,7 @@ typedef struct loopargs_st { unsigned char *buf_malloc; unsigned char *buf2_malloc; unsigned char *key; + size_t buflen; size_t sigsize; EVP_PKEY_CTX *rsa_sign_ctx[RSA_NUM]; EVP_PKEY_CTX *rsa_verify_ctx[RSA_NUM]; @@ -832,6 +833,7 @@ static int RSA_sign_loop(void *args) int ret, count; for (count = 0; COND(rsa_c[testnum][0]); count++) { + *rsa_num = tempargs->buflen; ret = EVP_PKEY_sign(rsa_sign_ctx[testnum], buf2, rsa_num, buf, 36); if (ret <= 0) { BIO_printf(bio_err, "RSA sign failure\n"); @@ -892,6 +894,7 @@ static int DSA_sign_loop(void *args) int ret, count; for (count = 0; COND(dsa_c[testnum][0]); count++) { + *dsa_num = tempargs->buflen; ret = EVP_PKEY_sign(dsa_sign_ctx[testnum], buf2, dsa_num, buf, 20); if (ret <= 0) { BIO_printf(bio_err, "DSA sign failure\n"); @@ -935,6 +938,7 @@ static int ECDSA_sign_loop(void *args) int ret, count; for (count = 0; COND(ecdsa_c[testnum][0]); count++) { + *ecdsa_num = tempargs->buflen; ret = EVP_PKEY_sign(ecdsa_sign_ctx[testnum], buf2, ecdsa_num, buf, 20); if (ret <= 0) { BIO_printf(bio_err, "ECDSA sign failure\n"); @@ -1779,6 +1783,8 @@ int speed_main(int argc, char **argv) /* Align the start of buffers on a 64 byte boundary */ loopargs[i].buf = loopargs[i].buf_malloc + misalign; loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign; + loopargs[i].buflen = buflen - misalign; + loopargs[i].sigsize = buflen - misalign; loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a"); loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b"); #ifndef OPENSSL_NO_DH @@ -2349,6 +2355,7 @@ int speed_main(int argc, char **argv) for (i = 0; st && i < loopargs_len; i++) { loopargs[i].rsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key, NULL); + loopargs[i].sigsize = loopargs[i].buflen; if (loopargs[i].rsa_sign_ctx[testnum] == NULL || EVP_PKEY_sign_init(loopargs[i].rsa_sign_ctx[testnum]) <= 0 || EVP_PKEY_sign(loopargs[i].rsa_sign_ctx[testnum], @@ -2427,6 +2434,7 @@ int speed_main(int argc, char **argv) for (i = 0; st && i < loopargs_len; i++) { loopargs[i].dsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key, NULL); + loopargs[i].sigsize = loopargs[i].buflen; if (loopargs[i].dsa_sign_ctx[testnum] == NULL || EVP_PKEY_sign_init(loopargs[i].dsa_sign_ctx[testnum]) <= 0 @@ -2505,6 +2513,7 @@ int speed_main(int argc, char **argv) for (i = 0; st && i < loopargs_len; i++) { loopargs[i].ecdsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key, NULL); + loopargs[i].sigsize = loopargs[i].buflen; if (loopargs[i].ecdsa_sign_ctx[testnum] == NULL || EVP_PKEY_sign_init(loopargs[i].ecdsa_sign_ctx[testnum]) <= 0 |