diff options
| author | Juergen Christ <jchrist@linux.ibm.com> | 2020-12-14 17:36:22 +0100 |
|---|---|---|
| committer | Patrick Steuer <patrick.steuer@de.ibm.com> | 2021-01-28 16:05:50 +0100 |
| commit | 270a5ce1d9ea579a2f1d45887971582b1ef2b6a1 (patch) | |
| tree | 5a7d1948571240b57b30cfbf83eaae47b1ee67fc /providers/implementations/kdfs | |
| parent | 732a4d15b0da7c04437ea828b2915a691b6e38db (diff) | |
Fix parameter types in sshkdf
Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string
parameters. This caused endianness problems on big-endian machines. As a
result, it is not possible to pass FIPS tests since the parameter was stored
with an integer value but read via a cast to char pointer. While this works
on little endian machines, big endian s390 read the most significant bits
instead of the least significant (as done by, e.g., x86). Change the
parameter to char array and fix the usages.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13781)
Diffstat (limited to 'providers/implementations/kdfs')
| -rw-r--r-- | providers/implementations/kdfs/sshkdf.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/providers/implementations/kdfs/sshkdf.c b/providers/implementations/kdfs/sshkdf.c index daf0dd2e87..e86c502184 100644 --- a/providers/implementations/kdfs/sshkdf.c +++ b/providers/implementations/kdfs/sshkdf.c @@ -135,7 +135,6 @@ static int kdf_sshkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) const OSSL_PARAM *p; KDF_SSHKDF *ctx = vctx; OSSL_LIB_CTX *provctx = PROV_LIBCTX_OF(ctx->provctx); - int t; if (!ossl_prov_digest_load_from_params(&ctx->digest, params, provctx)) return 0; @@ -156,14 +155,17 @@ static int kdf_sshkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SSHKDF_TYPE)) != NULL) { - if (p->data == NULL || p->data_size == 0) + const char *kdftype; + + if (!OSSL_PARAM_get_utf8_string_ptr(p, &kdftype)) + return 0; + if (kdftype == NULL || kdftype[0] == '\0' || kdftype[1] != '\0') return 0; - t = *(unsigned char *)p->data; - if (t < 65 || t > 70) { + if (kdftype[0] < 65 || kdftype[0] > 70) { ERR_raise(ERR_LIB_PROV, PROV_R_VALUE_ERROR); return 0; } - ctx->type = (char)t; + ctx->type = kdftype[0]; } return 1; } |