diff options
author | Juergen Christ <jchrist@linux.ibm.com> | 2020-12-14 17:36:22 +0100 |
---|---|---|
committer | Patrick Steuer <patrick.steuer@de.ibm.com> | 2021-01-28 16:05:50 +0100 |
commit | 270a5ce1d9ea579a2f1d45887971582b1ef2b6a1 (patch) | |
tree | 5a7d1948571240b57b30cfbf83eaae47b1ee67fc /providers | |
parent | 732a4d15b0da7c04437ea828b2915a691b6e38db (diff) |
Fix parameter types in sshkdf
Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string
parameters. This caused endianness problems on big-endian machines. As a
result, it is not possible to pass FIPS tests since the parameter was stored
with an integer value but read via a cast to char pointer. While this works
on little endian machines, big endian s390 read the most significant bits
instead of the least significant (as done by, e.g., x86). Change the
parameter to char array and fix the usages.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13781)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/fips/self_test_data.inc | 4 | ||||
-rw-r--r-- | providers/implementations/kdfs/sshkdf.c | 12 |
2 files changed, 9 insertions, 7 deletions
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc index 4a9bcf450e..7631d682e5 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc @@ -351,7 +351,7 @@ static const ST_KAT_PARAM pbkdf2_params[] = { }; static const char sshkdf_digest[] = "SHA1"; -static int sshkdf_type = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV; +static const char sshkdf_type[] = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV; static const unsigned char sshkdf_key[] = { 0x00, 0x00, 0x00, 0x80, 0x55, 0xba, 0xe9, 0x31, 0xc0, 0x7f, 0xd8, 0x24, 0xbf, 0x10, 0xad, 0xd1, @@ -386,7 +386,7 @@ static const unsigned char sshkdf_expected[] = { }; static const ST_KAT_PARAM sshkdf_params[] = { ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sshkdf_digest), - ST_KAT_PARAM_INT(OSSL_KDF_PARAM_SSHKDF_TYPE, sshkdf_type), + ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_SSHKDF_TYPE, sshkdf_type), ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, sshkdf_key), ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SSHKDF_XCGHASH, sshkdf_xcghash), ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SSHKDF_SESSION_ID, sshkdf_session_id), diff --git a/providers/implementations/kdfs/sshkdf.c b/providers/implementations/kdfs/sshkdf.c index daf0dd2e87..e86c502184 100644 --- a/providers/implementations/kdfs/sshkdf.c +++ b/providers/implementations/kdfs/sshkdf.c @@ -135,7 +135,6 @@ static int kdf_sshkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) const OSSL_PARAM *p; KDF_SSHKDF *ctx = vctx; OSSL_LIB_CTX *provctx = PROV_LIBCTX_OF(ctx->provctx); - int t; if (!ossl_prov_digest_load_from_params(&ctx->digest, params, provctx)) return 0; @@ -156,14 +155,17 @@ static int kdf_sshkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SSHKDF_TYPE)) != NULL) { - if (p->data == NULL || p->data_size == 0) + const char *kdftype; + + if (!OSSL_PARAM_get_utf8_string_ptr(p, &kdftype)) + return 0; + if (kdftype == NULL || kdftype[0] == '\0' || kdftype[1] != '\0') return 0; - t = *(unsigned char *)p->data; - if (t < 65 || t > 70) { + if (kdftype[0] < 65 || kdftype[0] > 70) { ERR_raise(ERR_LIB_PROV, PROV_R_VALUE_ERROR); return 0; } - ctx->type = (char)t; + ctx->type = kdftype[0]; } return 1; } |