summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp/p5_crpt.c
diff options
context:
space:
mode:
authormiod <>2016-11-08 20:01:06 +0000
committermiod <>2016-11-08 20:01:06 +0000
commit5605f577187336e02b609bad906ab42478c7340a (patch)
tree39318fe771bd94c87998e1dd5db6fa0412737647 /src/lib/libcrypto/evp/p5_crpt.c
parentb7cb70902c58c927b969ecac46828718a5ff0497 (diff)
downloadopenbsd-5605f577187336e02b609bad906ab42478c7340a.tar.gz
openbsd-5605f577187336e02b609bad906ab42478c7340a.tar.bz2
openbsd-5605f577187336e02b609bad906ab42478c7340a.zip
Stricter checks of ASN1_INTEGER to reject ASN1_NEG_INTEGER in places when
they don't make sense. ok beck@
Diffstat (limited to 'src/lib/libcrypto/evp/p5_crpt.c')
-rw-r--r--src/lib/libcrypto/evp/p5_crpt.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c
index 626910fd7a..1d02cbf4a6 100644
--- a/src/lib/libcrypto/evp/p5_crpt.c
+++ b/src/lib/libcrypto/evp/p5_crpt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p5_crpt.c,v 1.16 2015/09/10 15:56:25 jsing Exp $ */ 1/* $OpenBSD: p5_crpt.c,v 1.17 2016/11/08 20:01:06 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -106,8 +106,11 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
106 106
107 if (!pbe->iter) 107 if (!pbe->iter)
108 iter = 1; 108 iter = 1;
109 else 109 else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
110 iter = ASN1_INTEGER_get (pbe->iter); 110 EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,
111 EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
112 return 0;
113 }
111 salt = pbe->salt->data; 114 salt = pbe->salt->data;
112 saltlen = pbe->salt->length; 115 saltlen = pbe->salt->length;
113 116