Skip to content

Cleanup EVP_DH asn1 parsing#3047

Open
justsmth wants to merge 1 commit intoaws:mainfrom
justsmth:cleanup-p_dh_asn1
Open

Cleanup EVP_DH asn1 parsing#3047
justsmth wants to merge 1 commit intoaws:mainfrom
justsmth:cleanup-p_dh_asn1

Conversation

@justsmth
Copy link
Contributor

@justsmth justsmth commented Feb 26, 2026

Description of changes:

Fixes several issues in crypto/evp_extra/p_dh_asn1.c:

  1. dh_pub_decode: Fixed an unreachable double-free. After ownership of pubkey is transferred to the DH object via dh->pub_key = pubkey, the error path would free it twice — once through DH_free(dh) and again via BN_free(pubkey). This is currently unreachable because EVP_PKEY_assign_DH always succeeds when dh is non-NULL, but a future refactor could easily trigger it. Fixed by nulling the local pointer after the ownership transfer.

  2. dh_pub_decode: Added a CBS_len(key) != 0 check after parsing the public key to reject trailing data, consistent with the RSA, DSA, and EC pub_decode implementations.

  3. dh_param_copy: Fixed a NULL dereference when to->pkey.dh is NULL by allocating a new DH object on demand.

  4. dh_pub_encode: Added an early NULL check for the DH object and its public key.

Call-outs:

These are defensive fixes hardening error paths and edge cases.

Testing:

Existing tests continue to pass.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@justsmth justsmth requested a review from a team as a code owner February 26, 2026 14:32
@justsmth justsmth requested a review from nebeid February 26, 2026 14:32
@codecov-commenter
Copy link

codecov-commenter commented Feb 26, 2026

Codecov Report

❌ Patch coverage is 50.00000% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.35%. Comparing base (04e7dc0) to head (c3a42d6).

Files with missing lines Patch % Lines
crypto/evp_extra/p_dh_asn1.c 50.00% 5 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #3047   +/-   ##
=======================================
  Coverage   78.35%   78.35%           
=======================================
  Files         689      689           
  Lines      121041   121050    +9     
  Branches    16968    16973    +5     
=======================================
+ Hits        94839    94854   +15     
+ Misses      25306    25300    -6     
  Partials      896      896

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nebeid nebeid Awaiting requested review from nebeid

@torben-hansen torben-hansen Awaiting requested review from torben-hansen

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@justsmth @codecov-commenter