[1.1.1][EC][ASN1] Detect missing OID when serializing EC parameters and keys#12312
[1.1.1][EC][ASN1] Detect missing OID when serializing EC parameters and keys#12312romen wants to merge 2 commits intoopenssl:OpenSSL_1_1_1-stablefrom
Conversation
…nd keys The following built-in curves do not have an assigned OID: - Oakley-EC2N-3 - Oakley-EC2N-4 In general we shouldn't assume that an OID is always available. This commit detects such cases, raises an error and returns appropriate return values so that the condition can be detected and correctly handled by the callers, when serializing EC parameters or EC keys with the default `ec_param_enc:named_curve`. Fixes openssl#12306
…eters and keys make update
romen
added
branch: 1.1.1
| } | ||
|
|
||
| if ((dsize = i2d(x, NULL)) < 0) { | ||
| if ((dsize = i2d(x, NULL)) <= 0) { |
There was a problem hiding this comment.
Have you checked through git history to find if there was reason not to err on zero?
There was a problem hiding this comment.
@levitte do you have an answer in mind?
As far as I can see this has been checking only for < 0 for 22 years, since 58964a492275ca9a59a0cd9c8155cb2491b4b909 , and before that the return was unchecked.
Functions like i2d_ECPKParameters() return 0 on error conditions.
Lines 953 to 968 in c437fc2
The documentation is a little ambiguous, as the relevant manpage says:
i2d_TYPE() encodes the structure pointed to by a into DER format. If ppout is not NULL, it writes the DER encoded data to the buffer at *ppout, and increments it to point after the data just written. If the return value is negative an error occurred, otherwise it returns the length of the encoded data.
i2d_TYPE() returns the number of bytes successfully encoded or a negative value if an error occurs.
It's another instance of "fix the behavior" vs "fix the documentation" (one might consider "no bytes have been successfully written" as an error condition as well).
There was a problem hiding this comment.
The difference between changing this line and not changing this line is how many times i2d() is called from PEM_ASN1_write_bio():
Lines 335 to 348 in c437fc2
L335determines the required buffer size, on a returned0we then allocate something that has length0 +20to have room for encryption needsL348actually tries to encode, which also returns0- the lines afterwards try then to either encrypt 0 bytes of data or to write 0 bytes into a BIO
To me it seems clearly a bug to consider "0 bytes are required to encode this thing" as a non-error on L335.
We could fix i2d_ECPKParameters() to return negative value on those errors, instead of 0, but that is a public function and it has been behaving that way for some time.
We could keep this as it is, and as far as I can tell the consequence would be limited to raising the missing OID error twice, on each i2d() call.
; # if we patch this line to treat 0 as an error, i2d() is called only once to determine the required buffer size for allocation
; util/shlib_wrap.sh apps/openssl genpkey -genparam -algorithm EC -pkeyopt 'ec_paramgen_curve:Oakley-EC2N-4'
Error writing key
140388092275648:error:101060A7:elliptic curve routines:EC_GROUP_get_ecpkparameters:missing OID:crypto/ec/ec_asn1.c:554:
140388092275648:error:100BF078:elliptic curve routines:i2d_ECPKParameters:group2pkparameters failure:crypto/ec/ec_asn1.c:965:
140388092275648:error:0906900D:PEM routines:PEM_ASN1_write_bio:ASN1 lib:crypto/pem/pem_lib.c:336:
; # without patching L335, the errors from the EC stack are raised twice, and the encoding is halted when PEM_write_bio fails trying to encode 0 bytes
; util/shlib_wrap.sh apps/openssl genpkey -genparam -algorithm EC -pkeyopt 'ec_paramgen_curve:Oakley-EC2N-4'
-----BEGIN EC PARAMETERS-----
-----END EC PARAMETERS-----
Error writing key
139739847752640:error:101060A7:elliptic curve routines:EC_GROUP_get_ecpkparameters:missing OID:crypto/ec/ec_asn1.c:554:
139739847752640:error:100BF078:elliptic curve routines:i2d_ECPKParameters:group2pkparameters failure:crypto/ec/ec_asn1.c:965:
139739847752640:error:101060A7:elliptic curve routines:EC_GROUP_get_ecpkparameters:missing OID:crypto/ec/ec_asn1.c:554:
139739847752640:error:100BF078:elliptic curve routines:i2d_ECPKParameters:group2pkparameters failure:crypto/ec/ec_asn1.c:965:
139739847752640:error:09072007:PEM routines:PEM_write_bio:BUF lib:crypto/pem/pem_lib.c:658:There was a problem hiding this comment.
My analysis is that, even for non EC stuff, it should be safe to error out already on L335 if i2d() returns 0: anyway a failure will be triggered further down the line anyway, when trying to encrypt or encode a 0 bytes buffer.
t8m
added
approval: done
openssl-machine
removed
the
approval: done
|
This pull request is ready to merge |
openssl-machine
added
the
approval: ready to merge
The following built-in curves do not have an assigned OID: - Oakley-EC2N-3 - Oakley-EC2N-4 In general we shouldn't assume that an OID is always available. This commit detects such cases, raises an error and returns appropriate return values so that the condition can be detected and correctly handled by the callers, when serializing EC parameters or EC keys with the default `ec_param_enc:named_curve`. Fixes openssl#12306 Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#12312)
|
Merged to
Thanks! |
This PR is for
1.1.1: it is identical to #12313 but for the commit with themake updateresults.TODO
mastercounterpart of this PR)