diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2021-10-05 21:38:55 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2021-10-07 16:05:53 +0200 |
commit | 14357a51130510d87fe5f31e45baaf70bd5c9027 (patch) | |
tree | 29e36d783426695165823c28325c6137709d02c9 /engines | |
parent | 503eb0e108ca5819dacd5ae171aedd37268654d9 (diff) |
Fix double-free in e_dasync.c
When the cipher is copied, the inner_cihper_data
need to be copied as well, using the EVP_CTRL_COPY method.
The EVP_CIPH_CUSTOM_COPY bit needs to be set as well.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16751)
Diffstat (limited to 'engines')
-rw-r--r-- | engines/e_dasync.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/engines/e_dasync.c b/engines/e_dasync.c index 07793037df..1f5d4117f2 100644 --- a/engines/e_dasync.c +++ b/engines/e_dasync.c @@ -244,7 +244,8 @@ static int bind_dasync(ENGINE *e) || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc, EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE - | EVP_CIPH_FLAG_PIPELINE) + | EVP_CIPH_FLAG_PIPELINE + | EVP_CIPH_CUSTOM_COPY) || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc, dasync_aes128_init_key) || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc, @@ -270,7 +271,8 @@ static int bind_dasync(ENGINE *e) EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER - | EVP_CIPH_FLAG_PIPELINE) + | EVP_CIPH_FLAG_PIPELINE + | EVP_CIPH_CUSTOM_COPY) || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1, dasync_aes128_cbc_hmac_sha1_init_key) || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1, @@ -629,6 +631,21 @@ static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg, } } + case EVP_CTRL_COPY: + { + const EVP_CIPHER *cipher = aeadcapable + ? EVP_aes_128_cbc_hmac_sha1() + : EVP_aes_128_cbc(); + size_t data_size = EVP_CIPHER_impl_ctx_size(cipher); + void *cipher_data = OPENSSL_malloc(data_size); + + if (cipher_data == NULL) + return 0; + memcpy(cipher_data, pipe_ctx->inner_cipher_data, data_size); + pipe_ctx->inner_cipher_data = cipher_data; + return 1; + } + default: return 0; } |