diff options
| author | miod <> | 2016-11-08 20:01:06 +0000 |
|---|---|---|
| committer | miod <> | 2016-11-08 20:01:06 +0000 |
| commit | 5605f577187336e02b609bad906ab42478c7340a (patch) | |
| tree | 39318fe771bd94c87998e1dd5db6fa0412737647 /src/lib/libcrypto/evp | |
| parent | b7cb70902c58c927b969ecac46828718a5ff0497 (diff) | |
| download | openbsd-5605f577187336e02b609bad906ab42478c7340a.tar.gz openbsd-5605f577187336e02b609bad906ab42478c7340a.tar.bz2 openbsd-5605f577187336e02b609bad906ab42478c7340a.zip | |
Stricter checks of ASN1_INTEGER to reject ASN1_NEG_INTEGER in places when
they don't make sense.
ok beck@
Diffstat (limited to 'src/lib/libcrypto/evp')
| -rw-r--r-- | src/lib/libcrypto/evp/p5_crpt.c | 9 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/p5_crpt2.c | 8 |
2 files changed, 12 insertions, 5 deletions
diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c index 626910fd7a..1d02cbf4a6 100644 --- a/src/lib/libcrypto/evp/p5_crpt.c +++ b/src/lib/libcrypto/evp/p5_crpt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p5_crpt.c,v 1.16 2015/09/10 15:56:25 jsing Exp $ */ | 1 | /* $OpenBSD: p5_crpt.c,v 1.17 2016/11/08 20:01:06 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -106,8 +106,11 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, | |||
| 106 | 106 | ||
| 107 | if (!pbe->iter) | 107 | if (!pbe->iter) |
| 108 | iter = 1; | 108 | iter = 1; |
| 109 | else | 109 | else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) { |
| 110 | iter = ASN1_INTEGER_get (pbe->iter); | 110 | EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, |
| 111 | EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); | ||
| 112 | return 0; | ||
| 113 | } | ||
| 111 | salt = pbe->salt->data; | 114 | salt = pbe->salt->data; |
| 112 | saltlen = pbe->salt->length; | 115 | saltlen = pbe->salt->length; |
| 113 | 116 | ||
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c index 632c2c76ce..44e8b331fb 100644 --- a/src/lib/libcrypto/evp/p5_crpt2.c +++ b/src/lib/libcrypto/evp/p5_crpt2.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p5_crpt2.c,v 1.21 2015/09/10 15:56:25 jsing Exp $ */ | 1 | /* $OpenBSD: p5_crpt2.c,v 1.22 2016/11/08 20:01:06 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -293,7 +293,11 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 293 | /* it seems that its all OK */ | 293 | /* it seems that its all OK */ |
| 294 | salt = kdf->salt->value.octet_string->data; | 294 | salt = kdf->salt->value.octet_string->data; |
| 295 | saltlen = kdf->salt->value.octet_string->length; | 295 | saltlen = kdf->salt->value.octet_string->length; |
| 296 | iter = ASN1_INTEGER_get(kdf->iter); | 296 | if ((iter = ASN1_INTEGER_get(kdf->iter)) <= 0) { |
| 297 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, | ||
| 298 | EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); | ||
| 299 | goto err; | ||
| 300 | } | ||
| 297 | if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd, | 301 | if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd, |
| 298 | keylen, key)) | 302 | keylen, key)) |
| 299 | goto err; | 303 | goto err; |