diff options
| author | tb <> | 2025-01-17 08:50:07 +0000 |
|---|---|---|
| committer | tb <> | 2025-01-17 08:50:07 +0000 |
| commit | 2b683d542e3fd3eddb68600c2c38c58c6341a332 (patch) | |
| tree | abeb9ab7392929638134ed9f420389664639a03d | |
| parent | 7c8d3db53539fc8c79560e74c827a3f111dfd2c3 (diff) | |
| download | openbsd-2b683d542e3fd3eddb68600c2c38c58c6341a332.tar.gz openbsd-2b683d542e3fd3eddb68600c2c38c58c6341a332.tar.bz2 openbsd-2b683d542e3fd3eddb68600c2c38c58c6341a332.zip | |
Fix two incorrect strtonum() conversions
The atoi() would also accept the magic negative values and old openssl
releases would expose these as arguments to -pkeyopt rsa_pss_saltlen:-1
in the openssl pkeyutl "app". While modern openssl switched to having
readable alternatives to these, the oseid component of opensc would use
the old syntax until yesterday.
Still, this is our bug and we need to keep accepting the magic values as
such, so do so. Everything below -3 will be rejected by the RSA_ctrl()
handler later.
Debugged by Doug Engert in https://github.com/OpenSC/OpenSC/issues/3317
ok jsing op
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa_pmeth.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c index a1bdeb3b36..b4e0448ef2 100644 --- a/src/lib/libcrypto/rsa/rsa_pmeth.c +++ b/src/lib/libcrypto/rsa/rsa_pmeth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rsa_pmeth.c,v 1.41 2024/08/26 22:01:28 op Exp $ */ | 1 | /* $OpenBSD: rsa_pmeth.c,v 1.42 2025/01/17 08:50:07 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -668,7 +668,12 @@ pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) | |||
| 668 | else if (!strcmp(value, "auto")) | 668 | else if (!strcmp(value, "auto")) |
| 669 | saltlen = RSA_PSS_SALTLEN_AUTO; | 669 | saltlen = RSA_PSS_SALTLEN_AUTO; |
| 670 | else { | 670 | else { |
| 671 | saltlen = strtonum(value, 0, INT_MAX, &errstr); | 671 | /* |
| 672 | * Accept the special values -1, -2, -3 since that's | ||
| 673 | * what atoi() historically did. Lower values are later | ||
| 674 | * rejected in EVP_PKEY_CTRL_RSA_PSS_SALTLEN anyway. | ||
| 675 | */ | ||
| 676 | saltlen = strtonum(value, -3, INT_MAX, &errstr); | ||
| 672 | if (errstr != NULL) { | 677 | if (errstr != NULL) { |
| 673 | RSAerror(RSA_R_INVALID_PSS_SALTLEN); | 678 | RSAerror(RSA_R_INVALID_PSS_SALTLEN); |
| 674 | return -2; | 679 | return -2; |
| @@ -718,7 +723,12 @@ pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) | |||
| 718 | if (strcmp(type, "rsa_pss_keygen_saltlen") == 0) { | 723 | if (strcmp(type, "rsa_pss_keygen_saltlen") == 0) { |
| 719 | int saltlen; | 724 | int saltlen; |
| 720 | 725 | ||
| 721 | saltlen = strtonum(value, 0, INT_MAX, &errstr); | 726 | /* |
| 727 | * Accept the special values -1, -2, -3 since that's | ||
| 728 | * what atoi() historically did. Lower values are later | ||
| 729 | * rejected in EVP_PKEY_CTRL_RSA_PSS_SALTLEN anyway. | ||
| 730 | */ | ||
| 731 | saltlen = strtonum(value, -3, INT_MAX, &errstr); | ||
| 722 | if (errstr != NULL) { | 732 | if (errstr != NULL) { |
| 723 | RSAerror(RSA_R_INVALID_PSS_SALTLEN); | 733 | RSAerror(RSA_R_INVALID_PSS_SALTLEN); |
| 724 | return -2; | 734 | return -2; |