Skip to content

Comments

Fix double-free in e_dasync.c#16751

Closed
bernd-edlinger wants to merge 1 commit intoopenssl:OpenSSL_1_1_1-stablefrom
bernd-edlinger:fix_double_free_in_dasync_engine
Closed

Fix double-free in e_dasync.c#16751
bernd-edlinger wants to merge 1 commit intoopenssl:OpenSSL_1_1_1-stablefrom
bernd-edlinger:fix_double_free_in_dasync_engine

Conversation

@bernd-edlinger
Copy link
Member

@bernd-edlinger bernd-edlinger commented Oct 5, 2021

When the cipher is copied, the inner_cihper_data
need to be copied as well, using the EVP_CTRL_COPY method.
The EVP_CIPH_CUSTOM_COPY bit needs to be set as well.

I've discovered this issue when playing with #16750
without this the test_cmac and test_evp fail with a double free.
This patch is for 1.1.1 only because the dasync engine is totally broken
in master, see #16734

@bernd-edlinger
Fix double-free in e_dasync.c
16b388e 
When the cipher is copied, the inner_cihper_data
need to be copied as well, using the EVP_CTRL_COPY method.
The EVP_CIPH_CUSTOM_COPY bit needs to be set as well.
@bernd-edlinger bernd-edlinger added the branch: 1.1.1 Applies to OpenSSL_1_1_1-stable branch (EOL) label Oct 5, 2021
@bernd-edlinger bernd-edlinger mentioned this pull request Oct 5, 2021
Closed
@t8m t8m added the triaged: bug The issue/pr is/fixes a bug label Oct 6, 2021
@t8m
Copy link
Member

t8m commented Oct 6, 2021

I wonder if it makes sense to try to fix the dasync engine. Apparently it was broken by many ways and nobody really used it.

@bernd-edlinger
Copy link
Member Author

bernd-edlinger commented Oct 6, 2021

Yeah, it is probably not really useful in practice, is it just defers everything to a real crypto provider,
but for testing the engine subsystem having something that has no real hardware dependency is quite handy.
And of course having a proven correct sample implementation as a starting point for own code is helpful as well.

@bernd-edlinger
Copy link
Member Author

bernd-edlinger commented Oct 6, 2021

But while there are obviously some minor problems in 1.1.1, because of missing tests,
I am not sure if it is at all possible to fix the engine problems in master. See #16749

@t8m t8m added the approval: done This pull request has the required number of approvals label Oct 6, 2021
@openssl-machine openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Oct 7, 2021
@openssl-machine
Copy link
Collaborator

openssl-machine commented Oct 7, 2021

This pull request is ready to merge

openssl-machine pushed a commit that referenced this pull request Oct 7, 2021
@bernd-edlinger
Fix double-free in e_dasync.c
14357a5 
When the cipher is copied, the inner_cihper_data
need to be copied as well, using the EVP_CTRL_COPY method.
The EVP_CIPH_CUSTOM_COPY bit needs to be set as well.

Reviewed-by: Tomas Mraz <[email protected]>
(Merged from #16751)
@bernd-edlinger
Copy link
Member Author

bernd-edlinger commented Oct 7, 2021

Merged to 1.1.1 as 14357a5. Thanks!

@mattcaswell
Copy link
Member

mattcaswell commented Oct 19, 2021

It seems that this would have applied just fine to master/3.0. I independently fixed the same problem there in #16846, and I only came to notice this PR when attempting to backport it to 1.1.1 and I realised it had already been fixed.

@mattcaswell mattcaswell mentioned this pull request Oct 19, 2021
Closed
dstebila pushed a commit to open-quantum-safe/openssl that referenced this pull request Mar 15, 2022
@baentsch @levitte
@dongbeiouba @t8m @mattcaswell @NanXiao @yursha @mohd-akram @dcoombs @tmshort @paulidale @niclasr @slontis @tomato42 @beldmit @iguessthislldo @devnexen @bonniegong @kaduk @botovq @tiran @jpboivin @DDvO @p-steuer @goodpaperman @larsimmisch-adobe @luyahan @davidben @ueno @ischwarze @bbbrumley @ifranzki @romen @bernd-edlinger @uudiin @zhaozg @Dani-Hub @ellert @lprimak @mspncp @PeiweiHu @x2018 @allanjude @KanPlus @roussosalex @pkubaj @jmgdjgpp @Thomas1664 @JiangJias @faramir-dev @hlandau
1.1.1n merge (#361