diff options
| author | miod <> | 2016-11-08 20:01:06 +0000 |
|---|---|---|
| committer | miod <> | 2016-11-08 20:01:06 +0000 |
| commit | 5605f577187336e02b609bad906ab42478c7340a (patch) | |
| tree | 39318fe771bd94c87998e1dd5db6fa0412737647 /src/lib/libcrypto/pkcs12 | |
| parent | b7cb70902c58c927b969ecac46828718a5ff0497 (diff) | |
| download | openbsd-5605f577187336e02b609bad906ab42478c7340a.tar.gz openbsd-5605f577187336e02b609bad906ab42478c7340a.tar.bz2 openbsd-5605f577187336e02b609bad906ab42478c7340a.zip | |
Stricter checks of ASN1_INTEGER to reject ASN1_NEG_INTEGER in places when
they don't make sense.
ok beck@
Diffstat (limited to 'src/lib/libcrypto/pkcs12')
| -rw-r--r-- | src/lib/libcrypto/pkcs12/p12_crpt.c | 9 | ||||
| -rw-r--r-- | src/lib/libcrypto/pkcs12/p12_mutl.c | 8 |
2 files changed, 11 insertions, 6 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c index 0f215d2fe2..f2d635fc62 100644 --- a/src/lib/libcrypto/pkcs12/p12_crpt.c +++ b/src/lib/libcrypto/pkcs12/p12_crpt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p12_crpt.c,v 1.12 2015/09/10 15:56:25 jsing Exp $ */ | 1 | /* $OpenBSD: p12_crpt.c,v 1.13 2016/11/08 20:01:06 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -94,8 +94,11 @@ PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 94 | 94 | ||
| 95 | if (!pbe->iter) | 95 | if (!pbe->iter) |
| 96 | iter = 1; | 96 | iter = 1; |
| 97 | else | 97 | else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) { |
| 98 | iter = ASN1_INTEGER_get (pbe->iter); | 98 | PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR); |
| 99 | PBEPARAM_free(pbe); | ||
| 100 | return 0; | ||
| 101 | } | ||
| 99 | salt = pbe->salt->data; | 102 | salt = pbe->salt->data; |
| 100 | saltlen = pbe->salt->length; | 103 | saltlen = pbe->salt->length; |
| 101 | if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID, | 104 | if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID, |
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c index bf88c78270..56a4964a34 100644 --- a/src/lib/libcrypto/pkcs12/p12_mutl.c +++ b/src/lib/libcrypto/pkcs12/p12_mutl.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p12_mutl.c,v 1.21 2015/09/30 17:30:15 jsing Exp $ */ | 1 | /* $OpenBSD: p12_mutl.c,v 1.22 2016/11/08 20:01:06 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -89,8 +89,10 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, | |||
| 89 | saltlen = p12->mac->salt->length; | 89 | saltlen = p12->mac->salt->length; |
| 90 | if (!p12->mac->iter) | 90 | if (!p12->mac->iter) |
| 91 | iter = 1; | 91 | iter = 1; |
| 92 | else | 92 | else if ((iter = ASN1_INTEGER_get(p12->mac->iter)) <= 0) { |
| 93 | iter = ASN1_INTEGER_get(p12->mac->iter); | 93 | PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_DECODE_ERROR); |
| 94 | return 0; | ||
| 95 | } | ||
| 94 | if (!(md_type = EVP_get_digestbyobj( | 96 | if (!(md_type = EVP_get_digestbyobj( |
| 95 | p12->mac->dinfo->algor->algorithm))) { | 97 | p12->mac->dinfo->algor->algorithm))) { |
| 96 | PKCS12err(PKCS12_F_PKCS12_GEN_MAC, | 98 | PKCS12err(PKCS12_F_PKCS12_GEN_MAC, |