[rpms/openssl] rebase_40beta: allow zero length parameters in KDF_CTX_ctrl()

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

From: Tomas Mraz <tmraz@fedoraproject.org>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: allow zero length parameters in KDF_CTX_ctrl()
Date: Tue, 09 Jun 2026 12:44:37 GMT	[thread overview]
Message-ID: <178100907798.1.10728503730244074494.rpms-openssl-b8a97dc1d8b2@fedoraproject.org> (raw)

A new commit has been pushed.

Repo   : rpms/openssl
Branch : rebase_40beta
Commit : b8a97dc1d8b288034fd445e4bb32480b3c85ca36
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date   : 2019-11-21T14:49:21+01:00
Stats  : +55/-9 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/openssl/c/b8a97dc1d8b288034fd445e4bb32480b3c85ca36?branch=rebase_40beta

Log:
allow zero length parameters in KDF_CTX_ctrl()

---
diff --git a/openssl-1.1.1-krb5-kdf.patch b/openssl-1.1.1-krb5-kdf.patch
index dd5b021..01afa9c 100644
--- a/openssl-1.1.1-krb5-kdf.patch
+++ b/openssl-1.1.1-krb5-kdf.patch
@@ -90,8 +90,8 @@ diff -up openssl-1.1.1d/crypto/kdf/build.info.krb5-kdf openssl-1.1.1d/crypto/kdf
 +        tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c sshkdf.c kbkdf.c krb5kdf.c sskdf.c
 diff -up openssl-1.1.1d/crypto/kdf/kbkdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/kbkdf.c
 --- openssl-1.1.1d/crypto/kdf/kbkdf.c.krb5-kdf	2019-11-14 15:07:05.343094112 +0100
-+++ openssl-1.1.1d/crypto/kdf/kbkdf.c	2019-11-14 16:07:15.385324361 +0100
-@@ -0,0 +1,530 @@
++++ openssl-1.1.1d/crypto/kdf/kbkdf.c	2019-11-18 17:21:58.326635901 +0100
+@@ -0,0 +1,540 @@
 +/*
 + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
 + * Copyright 2019 Red Hat, Inc.
@@ -127,12 +127,16 @@ diff -up openssl-1.1.1d/crypto/kdf/kbkdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/kb
 +#include <openssl/cmac.h>
 +#include <openssl/kdf.h>
 +
++#include "internal/numbers.h"
 +#include "internal/cryptlib.h"
 +#include "internal/evp_int.h"
 +#include "kdf_local.h"
 +
 +#include "e_os.h"
 +
++#ifdef MIN
++# undef MIN
++#endif
 +#define MIN(a, b) ((a) < (b)) ? (a) : (b)
 +
 +typedef struct {
@@ -451,6 +455,12 @@ diff -up openssl-1.1.1d/crypto/kdf/kbkdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/kb
 +    p = va_arg(args, const unsigned char *);
 +    len = va_arg(args, size_t);
 +    OPENSSL_clear_free(*dst, *dst_len);
++    if (len == 0) {
++        *dst = NULL;
++        *dst_len = 0;
++        return 1;
++    }
++
 +    *dst = OPENSSL_memdup(p, len);
 +    if (*dst == NULL)
 +        return 0;
@@ -711,8 +721,8 @@ diff -up openssl-1.1.1d/crypto/kdf/kdf_util.c.krb5-kdf openssl-1.1.1d/crypto/kdf
 +}
 diff -up openssl-1.1.1d/crypto/kdf/krb5kdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/krb5kdf.c
 --- openssl-1.1.1d/crypto/kdf/krb5kdf.c.krb5-kdf	2019-11-14 15:07:05.344094093 +0100
-+++ openssl-1.1.1d/crypto/kdf/krb5kdf.c	2019-11-14 16:11:17.761978261 +0100
-@@ -0,0 +1,417 @@
++++ openssl-1.1.1d/crypto/kdf/krb5kdf.c	2019-11-18 17:18:13.056604404 +0100
+@@ -0,0 +1,423 @@
 +/*
 + * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
 + *
@@ -811,6 +821,12 @@ diff -up openssl-1.1.1d/crypto/kdf/krb5kdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/
 +    p = va_arg(args, const unsigned char *);
 +    len = va_arg(args, size_t);
 +    OPENSSL_clear_free(*dst, *dst_len);
++    if (len == 0) {
++        *dst = NULL;
++        *dst_len = 0;
++        return 1;
++    }
++
 +    *dst = OPENSSL_memdup(p, len);
 +    if (*dst == NULL)
 +        return 0;
@@ -1130,10 +1146,34 @@ diff -up openssl-1.1.1d/crypto/kdf/krb5kdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/
 +    krb5kdf_derive,
 +};
 +
+diff -up openssl-1.1.1d/crypto/kdf/sshkdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/sshkdf.c
+--- openssl-1.1.1d/crypto/kdf/sshkdf.c.krb5-kdf	2019-11-14 15:07:05.327094396 +0100
++++ openssl-1.1.1d/crypto/kdf/sshkdf.c	2019-11-18 17:18:25.343388314 +0100
+@@ -12,6 +12,7 @@
+ #include <string.h>
+ #include <openssl/evp.h>
+ #include <openssl/kdf.h>
++#include "internal/numbers.h"
+ #include "internal/cryptlib.h"
+ #include "internal/evp_int.h"
+ #include "kdf_local.h"
+@@ -68,6 +69,12 @@ static int kdf_sshkdf_parse_buffer_arg(u
+     p = va_arg(args, const unsigned char *);
+     len = va_arg(args, size_t);
+     OPENSSL_clear_free(*dst, *dst_len);
++    if (len == 0) {
++        *dst = NULL;
++        *dst_len = 0;
++        return 1;
++    }
++
+     *dst = OPENSSL_memdup(p, len);
+     if (*dst == NULL)
+         return 0;
 diff -up openssl-1.1.1d/crypto/kdf/sskdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/sskdf.c
 --- openssl-1.1.1d/crypto/kdf/sskdf.c.krb5-kdf	2019-11-14 15:07:05.344094093 +0100
-+++ openssl-1.1.1d/crypto/kdf/sskdf.c	2019-11-14 15:43:17.603150203 +0100
-@@ -0,0 +1,252 @@
++++ openssl-1.1.1d/crypto/kdf/sskdf.c	2019-11-18 17:21:40.349952802 +0100
+@@ -0,0 +1,255 @@
 +/*
 + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
 + * Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
@@ -1287,10 +1327,13 @@ diff -up openssl-1.1.1d/crypto/kdf/sskdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/ss
 +
 +    p = va_arg(args, const unsigned char *);
 +    len = va_arg(args, size_t);
-+    if (len == 0 || p == NULL)
++    OPENSSL_clear_free(*out, *out_len);
++    if (len == 0) {
++        *out = NULL;
++        *out_len = 0;
 +        return 1;
++    }
 +
-+    OPENSSL_free(*out);
 +    *out = OPENSSL_memdup(p, len);
 +    if (*out == NULL)
 +        return 0;

diff --git a/openssl.spec b/openssl.spec
index ad32820..f85d6e8 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -22,7 +22,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.1.1d
-Release: 4%{?dist}
+Release: 5%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -458,6 +458,9 @@ export LD_LIBRARY_PATH
 %ldconfig_scriptlets libs
 
 %changelog
+* Thu Nov 21 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1d-5
+- allow zero length parameters in KDF_CTX_ctrl()
+
 * Thu Nov 14 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1d-4
 - backport of SSKDF from master

                 reply	other threads:[~2026-06-09 12:44 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=178100907798.1.10728503730244074494.rpms-openssl-b8a97dc1d8b2@fedoraproject.org \
    --to=tmraz@fedoraproject.org \
    --cc=git-commits@fedoraproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox