diff options
| author | miod <> | 2015-07-16 18:21:57 +0000 |
|---|---|---|
| committer | miod <> | 2015-07-16 18:21:57 +0000 |
| commit | 63fb30f13be4914c162f55b19f7f12e6f281bc78 (patch) | |
| tree | 9727f8fc02832b7cad559de01843df9f7eda5afe | |
| parent | 353f8b309a9d89a2bafa3dbf4ff13587c2f60eb2 (diff) | |
| download | openbsd-63fb30f13be4914c162f55b19f7f12e6f281bc78.tar.gz openbsd-63fb30f13be4914c162f55b19f7f12e6f281bc78.tar.bz2 openbsd-63fb30f13be4914c162f55b19f7f12e6f281bc78.zip | |
Enforce V_ASN1_OCTET_STRING type before accessing the object as octet string;
from OpenSSL (RT #3683)
ok doug@ jsing@
| -rw-r--r-- | src/lib/libcrypto/asn1/p8_pkey.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/asn1/p8_pkey.c | 6 |
2 files changed, 8 insertions, 4 deletions
diff --git a/src/lib/libcrypto/asn1/p8_pkey.c b/src/lib/libcrypto/asn1/p8_pkey.c index e7edda714b..2f7a469673 100644 --- a/src/lib/libcrypto/asn1/p8_pkey.c +++ b/src/lib/libcrypto/asn1/p8_pkey.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p8_pkey.c,v 1.15 2015/02/11 04:00:39 jsing Exp $ */ | 1 | /* $OpenBSD: p8_pkey.c,v 1.16 2015/07/16 18:21:57 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -68,7 +68,9 @@ pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) | |||
| 68 | /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ | 68 | /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ |
| 69 | if (operation == ASN1_OP_FREE_PRE) { | 69 | if (operation == ASN1_OP_FREE_PRE) { |
| 70 | PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; | 70 | PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; |
| 71 | if (key->pkey->value.octet_string) | 71 | if (key->pkey != NULL && |
| 72 | key->pkey->type == V_ASN1_OCTET_STRING && | ||
| 73 | key->pkey->value.octet_string != NULL) | ||
| 72 | OPENSSL_cleanse(key->pkey->value.octet_string->data, | 74 | OPENSSL_cleanse(key->pkey->value.octet_string->data, |
| 73 | key->pkey->value.octet_string->length); | 75 | key->pkey->value.octet_string->length); |
| 74 | } | 76 | } |
diff --git a/src/lib/libssl/src/crypto/asn1/p8_pkey.c b/src/lib/libssl/src/crypto/asn1/p8_pkey.c index e7edda714b..2f7a469673 100644 --- a/src/lib/libssl/src/crypto/asn1/p8_pkey.c +++ b/src/lib/libssl/src/crypto/asn1/p8_pkey.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p8_pkey.c,v 1.15 2015/02/11 04:00:39 jsing Exp $ */ | 1 | /* $OpenBSD: p8_pkey.c,v 1.16 2015/07/16 18:21:57 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -68,7 +68,9 @@ pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) | |||
| 68 | /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ | 68 | /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ |
| 69 | if (operation == ASN1_OP_FREE_PRE) { | 69 | if (operation == ASN1_OP_FREE_PRE) { |
| 70 | PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; | 70 | PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; |
| 71 | if (key->pkey->value.octet_string) | 71 | if (key->pkey != NULL && |
| 72 | key->pkey->type == V_ASN1_OCTET_STRING && | ||
| 73 | key->pkey->value.octet_string != NULL) | ||
| 72 | OPENSSL_cleanse(key->pkey->value.octet_string->data, | 74 | OPENSSL_cleanse(key->pkey->value.octet_string->data, |
| 73 | key->pkey->value.octet_string->length); | 75 | key->pkey->value.octet_string->length); |
| 74 | } | 76 | } |