diff options
author | Jack Lloyd <[email protected]> | 2018-10-04 10:28:16 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2018-10-04 10:28:16 -0400 |
commit | 13a626c89047b000a225aa3dc0b03b666f5dd0ce (patch) | |
tree | 29855082775fd9e0997c12a6ff26e72a1113ee28 /src | |
parent | a44ce24409776cea5ffcf36226676eef9ad28361 (diff) | |
parent | deb0ebe8361aee545b67a52032af1cfc6b008724 (diff) |
Merge GH #1698 Resolve leak during ECDSA verify with old OpenSSL
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/prov/openssl/openssl_ec.cpp | 18 | ||||
-rw-r--r-- | src/tests/main.cpp | 12 |
2 files changed, 24 insertions, 6 deletions
diff --git a/src/lib/prov/openssl/openssl_ec.cpp b/src/lib/prov/openssl/openssl_ec.cpp index e8df0598c..5018bb027 100644 --- a/src/lib/prov/openssl/openssl_ec.cpp +++ b/src/lib/prov/openssl/openssl_ec.cpp @@ -171,15 +171,15 @@ class OpenSSL_ECDSA_Verification_Operation final : public PK_Ops::Verification_w std::unique_ptr<ECDSA_SIG, std::function<void (ECDSA_SIG*)>> sig(nullptr, ECDSA_SIG_free); sig.reset(::ECDSA_SIG_new()); +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + sig->r = BN_bin2bn(sig_bytes , sig_len / 2, sig->r); + sig->s = BN_bin2bn(sig_bytes + sig_len / 2, sig_len / 2, sig->s); +#else BIGNUM* r = BN_bin2bn(sig_bytes , sig_len / 2, nullptr); BIGNUM* s = BN_bin2bn(sig_bytes + sig_len / 2, sig_len / 2, nullptr); if(r == nullptr || s == nullptr) throw OpenSSL_Error("BN_bin2bn sig s"); -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - sig->r = r; - sig->s = s; -#else ECDSA_SIG_set0(sig.get(), r, s); #endif @@ -278,7 +278,15 @@ make_openssl_ecdsa_ver_op(const ECDSA_PublicKey& key, const std::string& params) { throw Lookup_Error("OpenSSL ECDSA does not support this curve"); } - return std::unique_ptr<PK_Ops::Verification>(new OpenSSL_ECDSA_Verification_Operation(key, params, nid)); + + try + { + return std::unique_ptr<PK_Ops::Verification>(new OpenSSL_ECDSA_Verification_Operation(key, params, nid)); + } + catch(OpenSSL_Error&) + { + throw Lookup_Error("OpenSSL ECDSA does not support this key"); + } } std::unique_ptr<PK_Ops::Signature> diff --git a/src/tests/main.cpp b/src/tests/main.cpp index ef1a16ba7..6777f85f4 100644 --- a/src/tests/main.cpp +++ b/src/tests/main.cpp @@ -97,7 +97,17 @@ int main(int argc, char* argv[]) Botan_Tests::Test_Runner tests(std::cout); - return tests.run(opts); + int rc = tests.run(opts); + +#if defined(BOTAN_HAS_OPENSSL) + if(opts.provider().empty() || opts.provider() == "openssl") + { + ::ERR_free_strings(); + ::ERR_remove_thread_state(nullptr); + } +#endif + + return rc; } catch(std::exception& e) { |