Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Openssl DH key size #4753

Merged
merged 7 commits into from
Nov 11, 2024
Merged

Openssl DH key size #4753

merged 7 commits into from
Nov 11, 2024

Conversation

aleks-f
Copy link
Member

@aleks-f aleks-f commented Oct 31, 2024
edited
Loading

replacement for #4663

This simple program crashes POCO (tested under Red Hat Enterprise Linux 9.4):

#include <Poco/Net/Context.h>

int main()
{
    const Poco::Net::Context context(Poco::Net::Context::CLIENT_USE, "/tmp", Poco::Net::Context::VERIFY_STRICT, 9, false, "ALL");
    return 0;
}

The problem is an incorrect usage of SSL_CTX_set0_tmp_dh_pkey() in Context::initDH(). The return value is not evaluated and the key is freed even if it has been successfully transferred to the SSL Context.

The relevant part of the OpenSSL manpage https://docs.openssl.org/3.1/man3/SSL_CTX_set_tmp_dh_callback/:

Ownership of the dhpkey value is passed to the SSL_CTX or SSL object as a result of this call, and so the caller should not free it if the function call is successful.

@pkl97

@aleks-f aleks-f added the bug label Oct 31, 2024
@aleks-f aleks-f added this to the Release 1.14.0 milestone Oct 31, 2024
@aleks-f aleks-f mentioned this pull request Oct 31, 2024
Closed
@aleks-f aleks-f changed the title Openssl fix Openssl DH key size Oct 31, 2024
@aleks-f aleks-f requested a review from matejk November 11, 2024 17:01
@matejk matejk merged commit c4f66d5 into main Nov 11, 2024
44 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matejk matejk matejk approved these changes

@obiltschnig obiltschnig Awaiting requested review from obiltschnig

Assignees

@obiltschnig obiltschnig

Labels
bug
Projects
1.14
Status: Done
Milestone
Release 1.14.0
Development

Successfully merging this pull request may close these issues.
4 participants
@aleks-f @matejk @obiltschnig @pkl97