Rework DSA_size() and ECDSA_size() - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2022-08-31 13:01:01 +0000
committer	tb <>	2022-08-31 13:01:01 +0000
commit	d1472daedc6c1d5786dbc4b552ac0f1ad19c65d2 (patch)
tree	8991ebe0360b3e90f90f196c1565ac3ed01531ab /src/lib/libcrypto/ecdsa/ecs_vrf.c
parent	15eca26842e04912050d30a972fcce04e046da8a (diff)
download	openbsd-d1472daedc6c1d5786dbc4b552ac0f1ad19c65d2.tar.gz openbsd-d1472daedc6c1d5786dbc4b552ac0f1ad19c65d2.tar.bz2 openbsd-d1472daedc6c1d5786dbc4b552ac0f1ad19c65d2.zip

Rework DSA_size() and ECDSA_size()

DSA_size() and ECDSA_size() have a very special hack. They fudge up an ASN1_INTEGER with a size which is typically > 100 bytes, backed by a buffer of size 4. This was "fine", however, since they set buf[0] = 0xff, where the craziness that was i2c_ASN1_INTEGER() only looks at the first octet (one may then ask why a buffer of size 4 was necessary...). This changed with the rewrite of i2c_ASN1_INTEGER(), which doesn't respect this particular hack and rightly assumes that it is fed an actual ASN1_INTEGER... Instead, create an appropriate signature and use i2d to determine its size. Fixes an out-of-bounds read flagged by ASAN and oss-fuzz. ok jsing

Diffstat (limited to 'src/lib/libcrypto/ecdsa/ecs_vrf.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: