Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
  1. 07 9月, 2018 2 次提交
  3. 31 7月, 2018 1 次提交
  5. 26 7月, 2018 1 次提交
  7. 07 7月, 2018 1 次提交
  9. 25 6月, 2018 1 次提交
  11. 19 6月, 2018 1 次提交
  13. 04 6月, 2018 4 次提交
  15. 25 4月, 2018 1 次提交
    • N
      [SM2_sign] fix double free and return value · 67cc2bae
      Nicola Tuveri 提交于 
      Currently, critical bugs prevent using SM2 signatures through the
`EVP_PKEY` interface: any application that managed to satisfy the
requirement of forcing SM3 as the message digest – even if this is
currently not possible transparently through the `EVP_PKEY` interface
and requires manually forcing the MD selection – would crash with a
segmentation fault upon calling the `SM2_sign()` function.

This is easily verified using the OpenSSL CLI to execute this critical
code path under the right conditions:
`openssl dgst -sm3 -hex -sign sm2.eckey /path/to/file/to/sign`

The issue is caused by a double free at the end of `SM2_sign()` in
`crypto/sm2/sm2_sign.c` in case of successful signature generation.
In addition, even if the double free was not causing segfaults,
the function returns the wrong return value in case of success (it
would return 0 rather than 1).

This patch fixes both problems.
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6066)
      67cc2bae
  17. 20 3月, 2018 1 次提交
  19. 19 3月, 2018 1 次提交