Skip to content

Commit e544577

Browse files
ifranzkiifranzki
committed
provider: Fix segfault with 'openssl list -key-managers -verbose'
Command 'openssl list -key-managers -verbose' calls OpenSSL function EVP_KEYMGMT_gen_settable_params() which in turn calls the provider's gen_settable_params() function, but with NULL for the keygen operation context. This causes segfaults in IBMCAs gen_settable_params() functions, as they assume that the keygen operation context is not NULL. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
1 parent 4ea48e0 commit e544577

File tree

2 files changed

+70
-12
lines changed

2 files changed

+70
-12
lines changed

src/provider/dh_keymgmt.c

Lines changed: 46 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,8 @@ static OSSL_FUNC_keymgmt_gen_set_template_fn ibmca_keymgmt_dh_gen_set_template;
4343
static OSSL_FUNC_keymgmt_gen_set_params_fn ibmca_keymgmt_dh_gen_set_params;
4444
static OSSL_FUNC_keymgmt_gen_settable_params_fn
4545
ibmca_keymgmt_dh_gen_settable_params;
46+
static OSSL_FUNC_keymgmt_gen_settable_params_fn
47+
ibmca_keymgmt_dhx_gen_settable_params;
4648
static OSSL_FUNC_keymgmt_gen_fn ibmca_keymgmt_dh_gen;
4749
static OSSL_FUNC_keymgmt_has_fn ibmca_keymgmt_dh_has;
4850
static OSSL_FUNC_keymgmt_match_fn ibmca_keymgmt_dh_match;
@@ -529,23 +531,62 @@ static int ibmca_keymgmt_dh_gen_set_params(void *vgenctx,
529531
return 1;
530532
}
531533

534+
static const OSSL_PARAM ibmca_dh_op_ctx_settable_params[] = {
535+
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0),
536+
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
537+
OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL),
538+
OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_PBITS, NULL),
539+
OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_GENERATOR, NULL),
540+
OSSL_PARAM_END
541+
};
542+
543+
static const OSSL_PARAM ibmca_dhx_op_ctx_settable_params[] = {
544+
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0),
545+
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
546+
OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL),
547+
OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_PBITS, NULL),
548+
OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_QBITS, NULL),
549+
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, NULL, 0),
550+
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, NULL, 0),
551+
OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL),
552+
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0),
553+
OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL),
554+
OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL),
555+
OSSL_PARAM_END
556+
};
557+
532558
static const OSSL_PARAM *ibmca_keymgmt_dh_gen_settable_params(void *vgenctx,
533559
void *vprovctx)
534560
{
535561
const struct ibmca_op_ctx *genctx = vgenctx;
536562
const struct ibmca_prov_ctx *provctx = vprovctx;
537-
const OSSL_PARAM *p, *params;
563+
const OSSL_PARAM *params, *p;
538564

539565
UNUSED(genctx);
540566

541567
if (provctx == NULL)
542568
return NULL;
543569

544-
if (genctx->dh.gen.pctx == NULL)
545-
return NULL;
570+
params = ibmca_dh_op_ctx_settable_params;
571+
for (p = params; p != NULL && p->key != NULL; p++)
572+
ibmca_debug_ctx(provctx, "param: %s", p->key);
546573

547-
params = EVP_PKEY_CTX_settable_params(genctx->dh.gen.pctx);
574+
return params;
575+
}
548576

577+
static const OSSL_PARAM *ibmca_keymgmt_dhx_gen_settable_params(void *vgenctx,
578+
void *vprovctx)
579+
{
580+
const struct ibmca_op_ctx *genctx = vgenctx;
581+
const struct ibmca_prov_ctx *provctx = vprovctx;
582+
const OSSL_PARAM *params, *p;
583+
584+
UNUSED(genctx);
585+
586+
if (provctx == NULL)
587+
return NULL;
588+
589+
params = ibmca_dhx_op_ctx_settable_params;
549590
for (p = params; p != NULL && p->key != NULL; p++)
550591
ibmca_debug_ctx(provctx, "param: %s", p->key);
551592

@@ -1964,7 +2005,7 @@ static const OSSL_DISPATCH ibmca_dhx_keymgmt_functions[] = {
19642005
{ OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS,
19652006
(void (*)(void))ibmca_keymgmt_dh_gen_set_params },
19662007
{ OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
1967-
(void (*)(void))ibmca_keymgmt_dh_gen_settable_params },
2008+
(void (*)(void))ibmca_keymgmt_dhx_gen_settable_params },
19682009
{ OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))ibmca_keymgmt_dh_gen },
19692010
{ OSSL_FUNC_KEYMGMT_GEN_CLEANUP,
19702011
(void (*)(void))ibmca_keymgmt_gen_cleanup },

src/provider/rsa_keymgmt.c

Lines changed: 24 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,8 @@ static OSSL_FUNC_keymgmt_gen_set_template_fn ibmca_keymgmt_rsa_gen_set_template;
5353
static OSSL_FUNC_keymgmt_gen_set_params_fn ibmca_keymgmt_rsa_gen_set_params;
5454
static OSSL_FUNC_keymgmt_gen_settable_params_fn
5555
ibmca_keymgmt_rsa_gen_settable_params;
56+
static OSSL_FUNC_keymgmt_gen_settable_params_fn
57+
ibmca_keymgmt_rsa_pss_gen_settable_params;
5658
static OSSL_FUNC_keymgmt_gen_fn ibmca_keymgmt_rsa_gen;
5759
static OSSL_FUNC_keymgmt_has_fn ibmca_keymgmt_rsa_has;
5860
static OSSL_FUNC_keymgmt_match_fn ibmca_keymgmt_rsa_match;
@@ -1071,19 +1073,34 @@ static const OSSL_PARAM *ibmca_keymgmt_rsa_gen_settable_params(void *vgenctx,
10711073
{
10721074
const struct ibmca_op_ctx *genctx = vgenctx;
10731075
const struct ibmca_prov_ctx *provctx = vprovctx;
1074-
10751076
const OSSL_PARAM *params, *p;
10761077

1078+
UNUSED(genctx);
1079+
10771080
if (provctx == NULL)
10781081
return NULL;
10791082

1080-
ibmca_debug_ctx(provctx, "type: %d", genctx->type);
1083+
params = ibmca_rsa_op_ctx_settable_params;
1084+
for (p = params; p != NULL && p->key != NULL; p++)
1085+
ibmca_debug_ctx(provctx, "param: %s", p->key);
10811086

1082-
if (genctx->type == EVP_PKEY_RSA_PSS)
1083-
params = ibmca_rsa_pss_op_ctx_settable_params;
1084-
else
1085-
params = ibmca_rsa_op_ctx_settable_params;
1087+
return params;
1088+
}
10861089

1090+
static const OSSL_PARAM *ibmca_keymgmt_rsa_pss_gen_settable_params(
1091+
void *vgenctx,
1092+
void *vprovctx)
1093+
{
1094+
const struct ibmca_op_ctx *genctx = vgenctx;
1095+
const struct ibmca_prov_ctx *provctx = vprovctx;
1096+
const OSSL_PARAM *params, *p;
1097+
1098+
UNUSED(genctx);
1099+
1100+
if (provctx == NULL)
1101+
return NULL;
1102+
1103+
params = ibmca_rsa_pss_op_ctx_settable_params;
10871104
for (p = params; p != NULL && p->key != NULL; p++)
10881105
ibmca_debug_ctx(provctx, "param: %s", p->key);
10891106

@@ -2256,7 +2273,7 @@ static const OSSL_DISPATCH ibmca_rsapss_keymgmt_functions[] = {
22562273
{ OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS,
22572274
(void (*)(void))ibmca_keymgmt_rsa_gen_set_params },
22582275
{ OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
2259-
(void (*)(void))ibmca_keymgmt_rsa_gen_settable_params },
2276+
(void (*)(void))ibmca_keymgmt_rsa_pss_gen_settable_params },
22602277
{ OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))ibmca_keymgmt_rsa_gen },
22612278
{ OSSL_FUNC_KEYMGMT_GEN_CLEANUP,
22622279
(void (*)(void))ibmca_keymgmt_gen_cleanup },

0 commit comments

Comments
 (0)