diff options
| author | miod <> | 2014-07-13 12:46:44 +0000 |
|---|---|---|
| committer | miod <> | 2014-07-13 12:46:44 +0000 |
| commit | 19e9baa82a5d67c6fa2f5695d30f290bbf838772 (patch) | |
| tree | 520f0beabb718396b79052534cca5b6789a92781 | |
| parent | ed37355a7f49beb3c1560dc4e8b68cbd94157da3 (diff) | |
| download | openbsd-19e9baa82a5d67c6fa2f5695d30f290bbf838772.tar.gz openbsd-19e9baa82a5d67c6fa2f5695d30f290bbf838772.tar.bz2 openbsd-19e9baa82a5d67c6fa2f5695d30f290bbf838772.zip | |
Possible PBEPARAM leak in the error path.
| -rw-r--r-- | src/lib/libcrypto/evp/p5_crpt.c | 14 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/evp/p5_crpt.c | 14 |
2 files changed, 16 insertions, 12 deletions
diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c index ec8d816f32..3b1419b545 100644 --- a/src/lib/libcrypto/evp/p5_crpt.c +++ b/src/lib/libcrypto/evp/p5_crpt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p5_crpt.c,v 1.13 2014/07/11 08:44:48 jsing Exp $ */ | 1 | /* $OpenBSD: p5_crpt.c,v 1.14 2014/07/13 12:46:44 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -86,7 +86,6 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, | |||
| 86 | const unsigned char *pbuf; | 86 | const unsigned char *pbuf; |
| 87 | int mdsize; | 87 | int mdsize; |
| 88 | int rv = 0; | 88 | int rv = 0; |
| 89 | EVP_MD_CTX_init(&ctx); | ||
| 90 | 89 | ||
| 91 | /* Extract useful info from parameter */ | 90 | /* Extract useful info from parameter */ |
| 92 | if (param == NULL || param->type != V_ASN1_SEQUENCE || | 91 | if (param == NULL || param->type != V_ASN1_SEQUENCE || |
| @@ -95,6 +94,10 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, | |||
| 95 | return 0; | 94 | return 0; |
| 96 | } | 95 | } |
| 97 | 96 | ||
| 97 | mdsize = EVP_MD_size(md); | ||
| 98 | if (mdsize < 0) | ||
| 99 | return 0; | ||
| 100 | |||
| 98 | pbuf = param->value.sequence->data; | 101 | pbuf = param->value.sequence->data; |
| 99 | if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { | 102 | if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { |
| 100 | EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); | 103 | EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); |
| @@ -113,18 +116,16 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, | |||
| 113 | else if (passlen == -1) | 116 | else if (passlen == -1) |
| 114 | passlen = strlen(pass); | 117 | passlen = strlen(pass); |
| 115 | 118 | ||
| 119 | EVP_MD_CTX_init(&ctx); | ||
| 120 | |||
| 116 | if (!EVP_DigestInit_ex(&ctx, md, NULL)) | 121 | if (!EVP_DigestInit_ex(&ctx, md, NULL)) |
| 117 | goto err; | 122 | goto err; |
| 118 | if (!EVP_DigestUpdate(&ctx, pass, passlen)) | 123 | if (!EVP_DigestUpdate(&ctx, pass, passlen)) |
| 119 | goto err; | 124 | goto err; |
| 120 | if (!EVP_DigestUpdate(&ctx, salt, saltlen)) | 125 | if (!EVP_DigestUpdate(&ctx, salt, saltlen)) |
| 121 | goto err; | 126 | goto err; |
| 122 | PBEPARAM_free(pbe); | ||
| 123 | if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) | 127 | if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) |
| 124 | goto err; | 128 | goto err; |
| 125 | mdsize = EVP_MD_size(md); | ||
| 126 | if (mdsize < 0) | ||
| 127 | return 0; | ||
| 128 | for (i = 1; i < iter; i++) { | 129 | for (i = 1; i < iter; i++) { |
| 129 | if (!EVP_DigestInit_ex(&ctx, md, NULL)) | 130 | if (!EVP_DigestInit_ex(&ctx, md, NULL)) |
| 130 | goto err; | 131 | goto err; |
| @@ -146,5 +147,6 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, | |||
| 146 | rv = 1; | 147 | rv = 1; |
| 147 | err: | 148 | err: |
| 148 | EVP_MD_CTX_cleanup(&ctx); | 149 | EVP_MD_CTX_cleanup(&ctx); |
| 150 | PBEPARAM_free(pbe); | ||
| 149 | return rv; | 151 | return rv; |
| 150 | } | 152 | } |
diff --git a/src/lib/libssl/src/crypto/evp/p5_crpt.c b/src/lib/libssl/src/crypto/evp/p5_crpt.c index ec8d816f32..3b1419b545 100644 --- a/src/lib/libssl/src/crypto/evp/p5_crpt.c +++ b/src/lib/libssl/src/crypto/evp/p5_crpt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p5_crpt.c,v 1.13 2014/07/11 08:44:48 jsing Exp $ */ | 1 | /* $OpenBSD: p5_crpt.c,v 1.14 2014/07/13 12:46:44 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -86,7 +86,6 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, | |||
| 86 | const unsigned char *pbuf; | 86 | const unsigned char *pbuf; |
| 87 | int mdsize; | 87 | int mdsize; |
| 88 | int rv = 0; | 88 | int rv = 0; |
| 89 | EVP_MD_CTX_init(&ctx); | ||
| 90 | 89 | ||
| 91 | /* Extract useful info from parameter */ | 90 | /* Extract useful info from parameter */ |
| 92 | if (param == NULL || param->type != V_ASN1_SEQUENCE || | 91 | if (param == NULL || param->type != V_ASN1_SEQUENCE || |
| @@ -95,6 +94,10 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, | |||
| 95 | return 0; | 94 | return 0; |
| 96 | } | 95 | } |
| 97 | 96 | ||
| 97 | mdsize = EVP_MD_size(md); | ||
| 98 | if (mdsize < 0) | ||
| 99 | return 0; | ||
| 100 | |||
| 98 | pbuf = param->value.sequence->data; | 101 | pbuf = param->value.sequence->data; |
| 99 | if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { | 102 | if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { |
| 100 | EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); | 103 | EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); |
| @@ -113,18 +116,16 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, | |||
| 113 | else if (passlen == -1) | 116 | else if (passlen == -1) |
| 114 | passlen = strlen(pass); | 117 | passlen = strlen(pass); |
| 115 | 118 | ||
| 119 | EVP_MD_CTX_init(&ctx); | ||
| 120 | |||
| 116 | if (!EVP_DigestInit_ex(&ctx, md, NULL)) | 121 | if (!EVP_DigestInit_ex(&ctx, md, NULL)) |
| 117 | goto err; | 122 | goto err; |
| 118 | if (!EVP_DigestUpdate(&ctx, pass, passlen)) | 123 | if (!EVP_DigestUpdate(&ctx, pass, passlen)) |
| 119 | goto err; | 124 | goto err; |
| 120 | if (!EVP_DigestUpdate(&ctx, salt, saltlen)) | 125 | if (!EVP_DigestUpdate(&ctx, salt, saltlen)) |
| 121 | goto err; | 126 | goto err; |
| 122 | PBEPARAM_free(pbe); | ||
| 123 | if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) | 127 | if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) |
| 124 | goto err; | 128 | goto err; |
| 125 | mdsize = EVP_MD_size(md); | ||
| 126 | if (mdsize < 0) | ||
| 127 | return 0; | ||
| 128 | for (i = 1; i < iter; i++) { | 129 | for (i = 1; i < iter; i++) { |
| 129 | if (!EVP_DigestInit_ex(&ctx, md, NULL)) | 130 | if (!EVP_DigestInit_ex(&ctx, md, NULL)) |
| 130 | goto err; | 131 | goto err; |
| @@ -146,5 +147,6 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, | |||
| 146 | rv = 1; | 147 | rv = 1; |
| 147 | err: | 148 | err: |
| 148 | EVP_MD_CTX_cleanup(&ctx); | 149 | EVP_MD_CTX_cleanup(&ctx); |
| 150 | PBEPARAM_free(pbe); | ||
| 149 | return rv; | 151 | return rv; |
| 150 | } | 152 | } |