summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/engine/tb_eckey.c
diff options
context:
space:
mode:
authortb <>2022-08-31 13:01:01 +0000
committertb <>2022-08-31 13:01:01 +0000
commit5a012dc99251d6861841dbe500e21ff7a4f63ccc (patch)
tree8991ebe0360b3e90f90f196c1565ac3ed01531ab /src/lib/libcrypto/engine/tb_eckey.c
parent5fdcead22234749d49d79e5fc2b4d6bd7f4d5f27 (diff)
downloadopenbsd-5a012dc99251d6861841dbe500e21ff7a4f63ccc.tar.gz
openbsd-5a012dc99251d6861841dbe500e21ff7a4f63ccc.tar.bz2
openbsd-5a012dc99251d6861841dbe500e21ff7a4f63ccc.zip
Rework DSA_size() and ECDSA_size()
DSA_size() and ECDSA_size() have a very special hack. They fudge up an ASN1_INTEGER with a size which is typically > 100 bytes, backed by a buffer of size 4. This was "fine", however, since they set buf[0] = 0xff, where the craziness that was i2c_ASN1_INTEGER() only looks at the first octet (one may then ask why a buffer of size 4 was necessary...). This changed with the rewrite of i2c_ASN1_INTEGER(), which doesn't respect this particular hack and rightly assumes that it is fed an actual ASN1_INTEGER... Instead, create an appropriate signature and use i2d to determine its size. Fixes an out-of-bounds read flagged by ASAN and oss-fuzz. ok jsing
Diffstat (limited to 'src/lib/libcrypto/engine/tb_eckey.c')
0 files changed, 0 insertions, 0 deletions