[Openvpn-devel,1/3] OpenSSL: check EVP_PKEY key types before returning the pkey

Message ID e8333f0b838670e558a9fe292cea8988484cd77f.1515775195.git.logout@free.fr
State Accepted
Headers show
Series Fix EVP_PKEY key types handling | expand

Commit Message

Emmanuel Deloget Jan. 12, 2018, 5:48 a.m. UTC
The internal EVP_PKEY::pkey member is an union thus we need to check for
the real key type before we can return the corresponding RSA, DSA or EC
public key.

Reported-by: Selva Nair <selva.nair@gmail.com>
Signed-off-by: Emmanuel Deloget <logout@free.fr>

Comments

Steffan Karger Jan. 13, 2018, 11:06 p.m. UTC | #1
Hi,

On 12-01-18 17:48, Emmanuel Deloget wrote:
> The internal EVP_PKEY::pkey member is an union thus we need to check for
> the real key type before we can return the corresponding RSA, DSA or EC
> public key.
> 
> Reported-by: Selva Nair <selva.nair@gmail.com>
> Signed-off-by: Emmanuel Deloget <logout@free.fr>
> 
> diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
> index 70b19aea..8b29cdaf 100644
> --- a/src/openvpn/openssl_compat.h
> +++ b/src/openvpn/openssl_compat.h
> @@ -240,7 +240,7 @@ X509_OBJECT_get_type(const X509_OBJECT *obj)
>  static inline RSA *
>  EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
>  {
> -    return pkey ? pkey->pkey.rsa : NULL;
> +    return (pkey && pkey->type == EVP_PKEY_RSA) ? pkey->pkey.rsa : NULL;
>  }
>  #endif
>  
> @@ -254,7 +254,7 @@ EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
>  static inline EC_KEY *
>  EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
>  {
> -    return pkey ? pkey->pkey.ec : NULL;
> +    return (pkey && pkey->type == EVP_PKEY_EC) ? pkey->pkey.ec : NULL;
>  }
>  #endif
>  
> @@ -282,7 +282,7 @@ EVP_PKEY_id(const EVP_PKEY *pkey)
>  static inline DSA *
>  EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
>  {
> -    return pkey ? pkey->pkey.dsa : NULL;
> +    return (pkey && pkey->type == EVP_PKEY_DSA) ? pkey->pkey.dsa : NULL;
>  }
>  #endif
>  
> 

Looks good and passes my tests.

Acked-by: Steffan Karger <steffan@karger.me>

-Steffan

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Gert Doering Jan. 14, 2018, 7:03 a.m. UTC | #2
Your patch has been applied to the master and release/2.4 branch.

commit e603afabb845d2552198843a987b5d9b0b7ac404 (master)
commit  (release/2.4)
Author: Emmanuel Deloget
Date:   Fri Jan 12 17:48:24 2018 +0100

     OpenSSL: check EVP_PKEY key types before returning the pkey

     Signed-off-by: Emmanuel Deloget <logout@free.fr>
     Acked-by: Steffan Karger <steffan.karger@fox-it.com>
     Message-Id: <e8333f0b838670e558a9fe292cea8988484cd77f.1515775195.git.logout@free.fr>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16202.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

Patch

diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index 70b19aea..8b29cdaf 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -240,7 +240,7 @@  X509_OBJECT_get_type(const X509_OBJECT *obj)
 static inline RSA *
 EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
 {
-    return pkey ? pkey->pkey.rsa : NULL;
+    return (pkey && pkey->type == EVP_PKEY_RSA) ? pkey->pkey.rsa : NULL;
 }
 #endif
 
@@ -254,7 +254,7 @@  EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
 static inline EC_KEY *
 EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
 {
-    return pkey ? pkey->pkey.ec : NULL;
+    return (pkey && pkey->type == EVP_PKEY_EC) ? pkey->pkey.ec : NULL;
 }
 #endif
 
@@ -282,7 +282,7 @@  EVP_PKEY_id(const EVP_PKEY *pkey)
 static inline DSA *
 EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
 {
-    return pkey ? pkey->pkey.dsa : NULL;
+    return (pkey && pkey->type == EVP_PKEY_DSA) ? pkey->pkey.dsa : NULL;
 }
 #endif