Various fixes in {dh,dsa}_priv_encode()

Avoid creating an ASN1_STRING with negative length, set type, data and length via ASN1_STRING_type_new() and ASN1_STRING_set0() instead of doing this manually. Check return value for i2d_ASN1_INTEGER() and use an intermediate ASN1_OBJECT instead of nested function calls. Finally, clear sensitive data with freezero(). ok jsing
author: tb <> 2023-08-10 09:43:51 +0000
committer: tb <> 2023-08-10 09:43:51 +0000
commit: 16cca863e0409e2a511a758a5cbf5d41b6a3a852 (patch)
tree: c6bcc699c6aecd20537e77897245dd9a46589ca8
parent: 0c08015642e4fb2a5ce32565ab942ffc9579d487 (diff)
download: openbsd-16cca863e0409e2a511a758a5cbf5d41b6a3a852.tar.gz
openbsd-16cca863e0409e2a511a758a5cbf5d41b6a3a852.tar.bz2
openbsd-16cca863e0409e2a511a758a5cbf5d41b6a3a852.zip
2 files changed, 48 insertions, 40 deletions
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c
index cc594cfd38..12f2db7b8e 100644
--- a/src/lib/libcrypto/dh/dh_ameth.c
+++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_ameth.c,v 1.30 2023/07/08 15:29:03 beck Exp $ */
+/* $OpenBSD: dh_ameth.c,v 1.31 2023/08/10 09:43:51 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -236,48 +236,51 @@ dherr:
 static int
 dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 {
+        const DH *dh = pkey->pkey.dh;
        ASN1_STRING *params = NULL;
        ASN1_INTEGER *prkey = NULL;
-        unsigned char *dp = NULL;
+        ASN1_OBJECT *aobj;
-        int dplen;
+        unsigned char *data = NULL, *dp = NULL;
+        int datalen = 0, dplen = 0;
-        params = ASN1_STRING_new();
+        if ((datalen = i2d_DHparams(dh, &data)) <= 0) {
-        if (!params) {
                DHerror(ERR_R_MALLOC_FAILURE);
+                datalen = 0;
                goto err;
        }
+        if ((params = ASN1_STRING_type_new(V_ASN1_SEQUENCE)) == NULL) {
-        params->length = i2d_DHparams(pkey->pkey.dh, &params->data);
-        if (params->length <= 0) {
                DHerror(ERR_R_MALLOC_FAILURE);
                goto err;
        }
-        params->type = V_ASN1_SEQUENCE;
+        ASN1_STRING_set0(params, data, datalen);
+        data = NULL;
-        /* Get private key into integer */
+        datalen = 0;
-        prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
-        if (!prkey) {
+        if ((prkey = BN_to_ASN1_INTEGER(dh->priv_key, NULL)) == NULL) {
                DHerror(DH_R_BN_ERROR);
                goto err;
        }
+        if ((dplen = i2d_ASN1_INTEGER(prkey, &dp)) <= 0) {
-        dplen = i2d_ASN1_INTEGER(prkey, &dp);
+                DHerror(ERR_R_MALLOC_FAILURE);
+                dplen = 0;
+                goto err;
+        }
        ASN1_INTEGER_free(prkey);
        prkey = NULL;
-        if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0,
+        if ((aobj = OBJ_nid2obj(NID_dhKeyAgreement)) == NULL)
-            V_ASN1_SEQUENCE, params, dp, dplen))
+                goto err;
+        if (!PKCS8_pkey_set0(p8, aobj, 0, V_ASN1_SEQUENCE, params, dp, dplen))
                goto err;
        return 1;
-err:
+ err:
-        free(dp);
        ASN1_STRING_free(params);
        ASN1_INTEGER_free(prkey);
+        freezero(data, datalen);
+        freezero(dp, dplen);
        return 0;
 }
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c
index 5a0c3116aa..ad5aa09cd0 100644
--- a/src/lib/libcrypto/dsa/dsa_ameth.c
+++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ameth.c,v 1.43 2023/07/07 06:59:18 tb Exp $ */
+/* $OpenBSD: dsa_ameth.c,v 1.44 2023/08/10 09:43:51 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -265,46 +265,51 @@ done:
 static int
 dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 {
+        const DSA *dsa = pkey->pkey.dsa;
        ASN1_STRING *params = NULL;
        ASN1_INTEGER *prkey = NULL;
-        unsigned char *dp = NULL;
+        ASN1_OBJECT *aobj;
-        int dplen;
+        unsigned char *data = NULL, *dp = NULL;
+        int datalen = 0, dplen = 0;
-        params = ASN1_STRING_new();
+        if ((datalen = i2d_DSAparams(dsa, &data)) <= 0) {
-        if (!params) {
                DSAerror(ERR_R_MALLOC_FAILURE);
+                datalen = 0;
                goto err;
        }
+        if ((params = ASN1_STRING_type_new(V_ASN1_SEQUENCE)) == NULL) {
-        params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
-        if (params->length <= 0) {
                DSAerror(ERR_R_MALLOC_FAILURE);
                goto err;
        }
-        params->type = V_ASN1_SEQUENCE;
+        ASN1_STRING_set0(params, data, datalen);
+        data = NULL;
+        datalen = 0;
-        /* Get private key into integer */
+        if ((prkey = BN_to_ASN1_INTEGER(dsa->priv_key, NULL)) == NULL) {
-        prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
-        if (!prkey) {
                DSAerror(DSA_R_BN_ERROR);
                goto err;
        }
+        if ((dplen = i2d_ASN1_INTEGER(prkey, &dp)) <= 0) {
-        dplen = i2d_ASN1_INTEGER(prkey, &dp);
+                DSAerror(ERR_R_MALLOC_FAILURE);
+                dplen = 0;
+                goto err;
+        }
        ASN1_INTEGER_free(prkey);
        prkey = NULL;
-        if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE,
+        if ((aobj = OBJ_nid2obj(NID_dsa)) == NULL)
-            params, dp, dplen))
+                goto err;
+        if (!PKCS8_pkey_set0(p8, aobj, 0, V_ASN1_SEQUENCE, params, dp, dplen))
                goto err;
        return 1;
-err:
+ err:
-        free(dp);
        ASN1_STRING_free(params);
        ASN1_INTEGER_free(prkey);
+        freezero(data, datalen);
+        freezero(dp, dplen);
        return 0;
 }
author	tb <>	2023-08-10 09:43:51 +0000
committer	tb <>	2023-08-10 09:43:51 +0000
commit	16cca863e0409e2a511a758a5cbf5d41b6a3a852 (patch)
tree	c6bcc699c6aecd20537e77897245dd9a46589ca8
parent	0c08015642e4fb2a5ce32565ab942ffc9579d487 (diff)
download	openbsd-16cca863e0409e2a511a758a5cbf5d41b6a3a852.tar.gz openbsd-16cca863e0409e2a511a758a5cbf5d41b6a3a852.tar.bz2 openbsd-16cca863e0409e2a511a758a5cbf5d41b6a3a852.zip

diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c index cc594cfd38..12f2db7b8e 100644 --- a/src/lib/libcrypto/dh/dh_ameth.c +++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dh_ameth.c,v 1.30 2023/07/08 15:29:03 beck Exp $ */	1	/* $OpenBSD: dh_ameth.c,v 1.31 2023/08/10 09:43:51 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -236,48 +236,51 @@ dherr:
236	static int	236	static int
237	dh_priv_encode(PKCS8_PRIV_KEY_INFO p8, const EVP_PKEY pkey)	237	dh_priv_encode(PKCS8_PRIV_KEY_INFO p8, const EVP_PKEY pkey)
238	{	238	{
		239	const DH *dh = pkey->pkey.dh;
239	ASN1_STRING *params = NULL;	240	ASN1_STRING *params = NULL;
240	ASN1_INTEGER *prkey = NULL;	241	ASN1_INTEGER *prkey = NULL;
241	unsigned char *dp = NULL;	242	ASN1_OBJECT *aobj;
242	int dplen;	243	unsigned char data = NULL, dp = NULL;
		244	int datalen = 0, dplen = 0;
243		245
244	params = ASN1_STRING_new();	246	if ((datalen = i2d_DHparams(dh, &data)) <= 0) {
245
246	if (!params) {
247	DHerror(ERR_R_MALLOC_FAILURE);	247	DHerror(ERR_R_MALLOC_FAILURE);
		248	datalen = 0;
248	goto err;	249	goto err;
249	}	250	}
250		251	if ((params = ASN1_STRING_type_new(V_ASN1_SEQUENCE)) == NULL) {
251	params->length = i2d_DHparams(pkey->pkey.dh, &params->data);
252	if (params->length <= 0) {
253	DHerror(ERR_R_MALLOC_FAILURE);	252	DHerror(ERR_R_MALLOC_FAILURE);
254	goto err;	253	goto err;
255	}	254	}
256	params->type = V_ASN1_SEQUENCE;	255	ASN1_STRING_set0(params, data, datalen);
257		256	data = NULL;
258	/* Get private key into integer */	257	datalen = 0;
259	prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
260		258
261	if (!prkey) {	259	if ((prkey = BN_to_ASN1_INTEGER(dh->priv_key, NULL)) == NULL) {
262	DHerror(DH_R_BN_ERROR);	260	DHerror(DH_R_BN_ERROR);
263	goto err;	261	goto err;
264	}	262	}
265		263	if ((dplen = i2d_ASN1_INTEGER(prkey, &dp)) <= 0) {
266	dplen = i2d_ASN1_INTEGER(prkey, &dp);	264	DHerror(ERR_R_MALLOC_FAILURE);
267		265	dplen = 0;
		266	goto err;
		267	}
268	ASN1_INTEGER_free(prkey);	268	ASN1_INTEGER_free(prkey);
269	prkey = NULL;	269	prkey = NULL;
270		270
271	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0,	271	if ((aobj = OBJ_nid2obj(NID_dhKeyAgreement)) == NULL)
272	V_ASN1_SEQUENCE, params, dp, dplen))	272	goto err;
		273	if (!PKCS8_pkey_set0(p8, aobj, 0, V_ASN1_SEQUENCE, params, dp, dplen))
273	goto err;	274	goto err;
274		275
275	return 1;	276	return 1;
276		277
277	err:	278	err:
278	free(dp);
279	ASN1_STRING_free(params);	279	ASN1_STRING_free(params);
280	ASN1_INTEGER_free(prkey);	280	ASN1_INTEGER_free(prkey);
		281	freezero(data, datalen);
		282	freezero(dp, dplen);
		283
281	return 0;	284	return 0;
282	}	285	}
283		286


diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c index 5a0c3116aa..ad5aa09cd0 100644 --- a/src/lib/libcrypto/dsa/dsa_ameth.c +++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dsa_ameth.c,v 1.43 2023/07/07 06:59:18 tb Exp $ */	1	/* $OpenBSD: dsa_ameth.c,v 1.44 2023/08/10 09:43:51 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -265,46 +265,51 @@ done:
265	static int	265	static int
266	dsa_priv_encode(PKCS8_PRIV_KEY_INFO p8, const EVP_PKEY pkey)	266	dsa_priv_encode(PKCS8_PRIV_KEY_INFO p8, const EVP_PKEY pkey)
267	{	267	{
		268	const DSA *dsa = pkey->pkey.dsa;
268	ASN1_STRING *params = NULL;	269	ASN1_STRING *params = NULL;
269	ASN1_INTEGER *prkey = NULL;	270	ASN1_INTEGER *prkey = NULL;
270	unsigned char *dp = NULL;	271	ASN1_OBJECT *aobj;
271	int dplen;	272	unsigned char data = NULL, dp = NULL;
		273	int datalen = 0, dplen = 0;
272		274
273	params = ASN1_STRING_new();	275	if ((datalen = i2d_DSAparams(dsa, &data)) <= 0) {
274	if (!params) {
275	DSAerror(ERR_R_MALLOC_FAILURE);	276	DSAerror(ERR_R_MALLOC_FAILURE);
		277	datalen = 0;
276	goto err;	278	goto err;
277	}	279	}
278		280	if ((params = ASN1_STRING_type_new(V_ASN1_SEQUENCE)) == NULL) {
279	params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
280	if (params->length <= 0) {
281	DSAerror(ERR_R_MALLOC_FAILURE);	281	DSAerror(ERR_R_MALLOC_FAILURE);
282	goto err;	282	goto err;
283	}	283	}
284	params->type = V_ASN1_SEQUENCE;	284	ASN1_STRING_set0(params, data, datalen);
		285	data = NULL;
		286	datalen = 0;
285		287
286	/* Get private key into integer */	288	if ((prkey = BN_to_ASN1_INTEGER(dsa->priv_key, NULL)) == NULL) {
287	prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
288	if (!prkey) {
289	DSAerror(DSA_R_BN_ERROR);	289	DSAerror(DSA_R_BN_ERROR);
290	goto err;	290	goto err;
291	}	291	}
292		292	if ((dplen = i2d_ASN1_INTEGER(prkey, &dp)) <= 0) {
293	dplen = i2d_ASN1_INTEGER(prkey, &dp);	293	DSAerror(ERR_R_MALLOC_FAILURE);
294		294	dplen = 0;
		295	goto err;
		296	}
295	ASN1_INTEGER_free(prkey);	297	ASN1_INTEGER_free(prkey);
296	prkey = NULL;	298	prkey = NULL;
297		299
298	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE,	300	if ((aobj = OBJ_nid2obj(NID_dsa)) == NULL)
299	params, dp, dplen))	301	goto err;
		302	if (!PKCS8_pkey_set0(p8, aobj, 0, V_ASN1_SEQUENCE, params, dp, dplen))
300	goto err;	303	goto err;
301		304
302	return 1;	305	return 1;
303		306
304	err:	307	err:
305	free(dp);
306	ASN1_STRING_free(params);	308	ASN1_STRING_free(params);
307	ASN1_INTEGER_free(prkey);	309	ASN1_INTEGER_free(prkey);
		310	freezero(data, datalen);
		311	freezero(dp, dplen);
		312
308	return 0;	313	return 0;
309	}	314	}
310		315