Fix pvk format processing in libcrypto

- Return the valid pointer in i2b_PVK() - Use EVP_Decrypt* instead of EVP_Encrypt* - Fix error handling after BIO_write() in i2b_PVK_bio() ok tb@
author: inoguchi <> 2019-07-07 10:52:56 +0000
committer: inoguchi <> 2019-07-07 10:52:56 +0000
commit: ebeed0dda0133e10c0a166666be50c05d13fff22 (patch)
tree: f3aa432dee40ec4654624b83bfd44a08ef78132e
parent: fde0151092090c39c777d90dc9c0b0db6a3517c2 (diff)
download: openbsd-ebeed0dda0133e10c0a166666be50c05d13fff22.tar.gz
openbsd-ebeed0dda0133e10c0a166666be50c05d13fff22.tar.bz2
openbsd-ebeed0dda0133e10c0a166666be50c05d13fff22.zip
1 files changed, 11 insertions, 11 deletions
diff --git a/src/lib/libcrypto/pem/pvkfmt.c b/src/lib/libcrypto/pem/pvkfmt.c
index 76cc6fefe3..c7b7207964 100644
--- a/src/lib/libcrypto/pem/pvkfmt.c
+++ b/src/lib/libcrypto/pem/pvkfmt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pvkfmt.c,v 1.20 2018/08/05 11:19:25 bcook Exp $ */
+/* $OpenBSD: pvkfmt.c,v 1.21 2019/07/07 10:52:56 inoguchi Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2005.
 */
@@ -837,7 +837,7 @@ i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, pem_password_cb *cb,
    void *u)
 {
        int outlen = 24, pklen;
-        unsigned char *p, *salt = NULL;
+        unsigned char *p = NULL, *start = NULL, *salt = NULL;
        EVP_CIPHER_CTX cctx;
        EVP_CIPHER_CTX_init(&cctx);
@@ -847,7 +847,7 @@ i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, pem_password_cb *cb,
        if (pklen < 0)
                return -1;
        outlen += pklen;
-        p = malloc(outlen);
+        start = p = malloc(outlen);
        if (!p) {
                PEMerror(ERR_R_MALLOC_FAILURE);
                return -1;
@@ -869,7 +869,7 @@ i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, pem_password_cb *cb,
        }
        do_i2b(&p, pk, 0);
        if (enclevel == 0) {
-                *out = p;
+                *out = start;
                return outlen;
        } else {
                char psbuf[PEM_BUFSIZE];
@@ -892,18 +892,18 @@ i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, pem_password_cb *cb,
                if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
                        goto error;
                explicit_bzero(keybuf, 20);
-                if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8))
+                if (!EVP_EncryptUpdate(&cctx, p, &enctmplen, p, pklen - 8))
                        goto error;
-                if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen))
+                if (!EVP_EncryptFinal_ex(&cctx, p + enctmplen, &enctmplen))
                        goto error;
        }
        EVP_CIPHER_CTX_cleanup(&cctx);
-        *out = p;
+        *out = start;
        return outlen;
 error:
        EVP_CIPHER_CTX_cleanup(&cctx);
-        free(p);
+        free(start);
        return -1;
 }
@@ -918,11 +918,11 @@ i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, pem_password_cb *cb, void *u)
                return -1;
        wrlen = BIO_write(out, tmp, outlen);
        free(tmp);
-        if (wrlen == outlen) {
+        if (wrlen != outlen) {
                PEMerror(PEM_R_BIO_WRITE_FAILURE);
-                return outlen;
+                return -1;
        }
-        return -1;
+        return outlen;
 }
 #endif
author	inoguchi <>	2019-07-07 10:52:56 +0000
committer	inoguchi <>	2019-07-07 10:52:56 +0000
commit	ebeed0dda0133e10c0a166666be50c05d13fff22 (patch)
tree	f3aa432dee40ec4654624b83bfd44a08ef78132e
parent	fde0151092090c39c777d90dc9c0b0db6a3517c2 (diff)
download	openbsd-ebeed0dda0133e10c0a166666be50c05d13fff22.tar.gz openbsd-ebeed0dda0133e10c0a166666be50c05d13fff22.tar.bz2 openbsd-ebeed0dda0133e10c0a166666be50c05d13fff22.zip

diff --git a/src/lib/libcrypto/pem/pvkfmt.c b/src/lib/libcrypto/pem/pvkfmt.c index 76cc6fefe3..c7b7207964 100644 --- a/src/lib/libcrypto/pem/pvkfmt.c +++ b/src/lib/libcrypto/pem/pvkfmt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pvkfmt.c,v 1.20 2018/08/05 11:19:25 bcook Exp $ */	1	/* $OpenBSD: pvkfmt.c,v 1.21 2019/07/07 10:52:56 inoguchi Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2005.	3	* project 2005.
4	*/	4	*/
@@ -837,7 +837,7 @@ i2b_PVK(unsigned char *out, EVP_PKEYpk, int enclevel, pem_password_cb *cb,
837	void *u)	837	void *u)
838	{	838	{
839	int outlen = 24, pklen;	839	int outlen = 24, pklen;
840	unsigned char p, salt = NULL;	840	unsigned char p = NULL, start = NULL, *salt = NULL;
841	EVP_CIPHER_CTX cctx;	841	EVP_CIPHER_CTX cctx;
842		842
843	EVP_CIPHER_CTX_init(&cctx);	843	EVP_CIPHER_CTX_init(&cctx);
@@ -847,7 +847,7 @@ i2b_PVK(unsigned char *out, EVP_PKEYpk, int enclevel, pem_password_cb *cb,
847	if (pklen < 0)	847	if (pklen < 0)
848	return -1;	848	return -1;
849	outlen += pklen;	849	outlen += pklen;
850	p = malloc(outlen);	850	start = p = malloc(outlen);
851	if (!p) {	851	if (!p) {
852	PEMerror(ERR_R_MALLOC_FAILURE);	852	PEMerror(ERR_R_MALLOC_FAILURE);
853	return -1;	853	return -1;
@@ -869,7 +869,7 @@ i2b_PVK(unsigned char *out, EVP_PKEYpk, int enclevel, pem_password_cb *cb,
869	}	869	}
870	do_i2b(&p, pk, 0);	870	do_i2b(&p, pk, 0);
871	if (enclevel == 0) {	871	if (enclevel == 0) {
872	*out = p;	872	*out = start;
873	return outlen;	873	return outlen;
874	} else {	874	} else {
875	char psbuf[PEM_BUFSIZE];	875	char psbuf[PEM_BUFSIZE];
@@ -892,18 +892,18 @@ i2b_PVK(unsigned char *out, EVP_PKEYpk, int enclevel, pem_password_cb *cb,
892	if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))	892	if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
893	goto error;	893	goto error;
894	explicit_bzero(keybuf, 20);	894	explicit_bzero(keybuf, 20);
895	if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8))	895	if (!EVP_EncryptUpdate(&cctx, p, &enctmplen, p, pklen - 8))
896	goto error;	896	goto error;
897	if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen))	897	if (!EVP_EncryptFinal_ex(&cctx, p + enctmplen, &enctmplen))
898	goto error;	898	goto error;
899	}	899	}
900	EVP_CIPHER_CTX_cleanup(&cctx);	900	EVP_CIPHER_CTX_cleanup(&cctx);
901	*out = p;	901	*out = start;
902	return outlen;	902	return outlen;
903		903
904	error:	904	error:
905	EVP_CIPHER_CTX_cleanup(&cctx);	905	EVP_CIPHER_CTX_cleanup(&cctx);
906	free(p);	906	free(start);
907	return -1;	907	return -1;
908	}	908	}
909		909
@@ -918,11 +918,11 @@ i2b_PVK_bio(BIO out, EVP_PKEY pk, int enclevel, pem_password_cb cb, void u)
918	return -1;	918	return -1;
919	wrlen = BIO_write(out, tmp, outlen);	919	wrlen = BIO_write(out, tmp, outlen);
920	free(tmp);	920	free(tmp);
921	if (wrlen == outlen) {	921	if (wrlen != outlen) {
922	PEMerror(PEM_R_BIO_WRITE_FAILURE);	922	PEMerror(PEM_R_BIO_WRITE_FAILURE);
923	return outlen;	923	return -1;
924	}	924	}
925	return -1;	925	return outlen;
926	}	926	}
927		927
928	#endif	928	#endif