diff options
| author | Nicola Tuveri <nic.tuv@gmail.com> | 2018-04-10 03:19:30 +0300 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-04-25 10:24:43 +0100 |
| commit | 67cc2bae02fdcc0d9409861d1e941e72774411ba (patch) | |
| tree | 3a68baf94077be32e45712a6116b5d618a908b69 /crypto/sm2 | |
| parent | ca50cd911ca3c9dc9ec8dd956f8eb45557585a98 (diff) | |
[SM2_sign] fix double free and return value
Currently, critical bugs prevent using SM2 signatures through the
`EVP_PKEY` interface: any application that managed to satisfy the
requirement of forcing SM3 as the message digest – even if this is
currently not possible transparently through the `EVP_PKEY` interface
and requires manually forcing the MD selection – would crash with a
segmentation fault upon calling the `SM2_sign()` function.
This is easily verified using the OpenSSL CLI to execute this critical
code path under the right conditions:
`openssl dgst -sm3 -hex -sign sm2.eckey /path/to/file/to/sign`
The issue is caused by a double free at the end of `SM2_sign()` in
`crypto/sm2/sm2_sign.c` in case of successful signature generation.
In addition, even if the double free was not causing segfaults,
the function returns the wrong return value in case of success (it
would return 0 rather than 1).
This patch fixes both problems.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6066)
Diffstat (limited to 'crypto/sm2')
| -rw-r--r-- | crypto/sm2/sm2_sign.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index 12ccd28bcf..e12eca12fb 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -279,9 +279,7 @@ int SM2_sign(int type, const unsigned char *dgst, int dgstlen, *siglen = i2d_ECDSA_SIG(s, &sig); - ECDSA_SIG_free(s); - - ret = 0; + ret = 1; done: ECDSA_SIG_free(s); |