Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactoring if (!pkey) in 'soter_sign_ecdsa.c' for OpenSSL/BoringSSL #315

Merged
merged 10 commits into from
May 11, 2018
Merged

Refactoring if (!pkey) in 'soter_sign_ecdsa.c' for OpenSSL/BoringSSL #315

merged 10 commits into from
May 11, 2018

Conversation

vixentael
Copy link
Contributor

Based on #314

We've added similar check into BoringSSL-related code.

Unfortunately we didn't find any ways to simulate NULL pKey using OpenSSL API.

Thank you @movie-travel-code!

wangliushuai and others added 7 commits May 10, 2018 14:40
Fix the misusage of short-circuit evaluation in 'soter_sign_ecdsa.c'
74aff38 
I'm henry wong, from Qihoo360 CodeSafe Team. We found a possible null
pointer deference caused by the misusage of short-circuit evaluation. If
'pkey' is null, the program will continue execute 'EVP_PKEY_base_id(pkey)',
and this will cause a null pointer dereference.
@vixentael
soter_sign fixes, from PR #314
a047549
@vixentael
test that leads to sigfault
497a021
@vixentael
remove test because we find no way to NULL pkey in EVP_PKEY_CTX
52abc78
@vixentael
Merge pull request #314 from movie-travel-code/master
7e4d45d 
Fix the misusage of short-circuit evaluation in 'soter_sign_ecdsa.c'
@vixentael
Merge branch 'soter_pk_experiments' into soter_pk_fixes
031cbde
@vixentael
Merge branch 'soter_pk_fixes' of github.com:cossacklabs/themis into s…
17a84f7 
…oter_pk_fixes
@vixentael vixentael added bug core Themis Core written in C, its packages labels May 10, 2018
@vixentael vixentael requested a review from Lagovas May 10, 2018 15:38
@vixentael vixentael requested a review from ignatk May 10, 2018 15:46
ignatk
ignatk requested changes May 10, 2018
View reviewed changes
tests/soter/soter_sign_test.c Outdated
@@ -211,7 +211,7 @@ static void soter_sign_api_test()
soter_sign_destroy(sign_ctx);
return;
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

extra space :|

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you! fixed

@vixentael vixentael merged commit 8b87705 into master May 11, 2018
@vixentael vixentael deleted the soter_pk_fixes branch March 27, 2019 22:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ignatk ignatk ignatk requested changes

@Lagovas Lagovas Lagovas approved these changes

Assignees
No one assigned
Labels
bug core Themis Core written in C, its packages
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@vixentael @ignatk @Lagovas