diff options
| author | miod <> | 2014-10-22 18:37:22 +0000 |
|---|---|---|
| committer | miod <> | 2014-10-22 18:37:22 +0000 |
| commit | 94bf30fecb343725db81902304e3d1d1e2707172 (patch) | |
| tree | 511f6871a4419fe2b464d1f7d18736745b807cc9 /src/lib/libcrypto/pkcs12 | |
| parent | c2e047559db4077d59c47364a006d7b0e33bde76 (diff) | |
| download | openbsd-94bf30fecb343725db81902304e3d1d1e2707172.tar.gz openbsd-94bf30fecb343725db81902304e3d1d1e2707172.tar.bz2 openbsd-94bf30fecb343725db81902304e3d1d1e2707172.zip | |
In PKCS12_setup_mac(), do not assign p12->mac->salt->length until the allocation
of p12->mac->salt->data has actually succeeded.
In one of my trees for a long time already...
Diffstat (limited to 'src/lib/libcrypto/pkcs12')
| -rw-r--r-- | src/lib/libcrypto/pkcs12/p12_mutl.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c index 0c49bf96fd..ac58f50ca7 100644 --- a/src/lib/libcrypto/pkcs12/p12_mutl.c +++ b/src/lib/libcrypto/pkcs12/p12_mutl.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p12_mutl.c,v 1.18 2014/10/22 13:02:04 jsing Exp $ */ | 1 | /* $OpenBSD: p12_mutl.c,v 1.19 2014/10/22 18:37:22 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -100,7 +100,7 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, | |||
| 100 | md_size = EVP_MD_size(md_type); | 100 | md_size = EVP_MD_size(md_type); |
| 101 | if (md_size < 0) | 101 | if (md_size < 0) |
| 102 | return 0; | 102 | return 0; |
| 103 | if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, | 103 | if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, |
| 104 | md_size, key, md_type)) { | 104 | md_size, key, md_type)) { |
| 105 | PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); | 105 | PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); |
| 106 | return 0; | 106 | return 0; |
| @@ -123,11 +123,12 @@ PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) | |||
| 123 | { | 123 | { |
| 124 | unsigned char mac[EVP_MAX_MD_SIZE]; | 124 | unsigned char mac[EVP_MAX_MD_SIZE]; |
| 125 | unsigned int maclen; | 125 | unsigned int maclen; |
| 126 | |||
| 126 | if (p12->mac == NULL) { | 127 | if (p12->mac == NULL) { |
| 127 | PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT); | 128 | PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT); |
| 128 | return 0; | 129 | return 0; |
| 129 | } | 130 | } |
| 130 | if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) { | 131 | if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) { |
| 131 | PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, | 132 | PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, |
| 132 | PKCS12_R_MAC_GENERATION_ERROR); | 133 | PKCS12_R_MAC_GENERATION_ERROR); |
| 133 | return 0; | 134 | return 0; |
| @@ -149,17 +150,17 @@ PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *salt, | |||
| 149 | 150 | ||
| 150 | if (!md_type) | 151 | if (!md_type) |
| 151 | md_type = EVP_sha1(); | 152 | md_type = EVP_sha1(); |
| 152 | if (PKCS12_setup_mac (p12, iter, salt, saltlen, md_type) == | 153 | if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) == |
| 153 | PKCS12_ERROR) { | 154 | PKCS12_ERROR) { |
| 154 | PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR); | 155 | PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR); |
| 155 | return 0; | 156 | return 0; |
| 156 | } | 157 | } |
| 157 | if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) { | 158 | if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) { |
| 158 | PKCS12err(PKCS12_F_PKCS12_SET_MAC, | 159 | PKCS12err(PKCS12_F_PKCS12_SET_MAC, |
| 159 | PKCS12_R_MAC_GENERATION_ERROR); | 160 | PKCS12_R_MAC_GENERATION_ERROR); |
| 160 | return 0; | 161 | return 0; |
| 161 | } | 162 | } |
| 162 | if (!(M_ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) { | 163 | if (!(M_ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))) { |
| 163 | PKCS12err(PKCS12_F_PKCS12_SET_MAC, | 164 | PKCS12err(PKCS12_F_PKCS12_SET_MAC, |
| 164 | PKCS12_R_MAC_STRING_SET_ERROR); | 165 | PKCS12_R_MAC_STRING_SET_ERROR); |
| 165 | return 0; | 166 | return 0; |
| @@ -188,11 +189,11 @@ PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, | |||
| 188 | } | 189 | } |
| 189 | if (!saltlen) | 190 | if (!saltlen) |
| 190 | saltlen = PKCS12_SALT_LEN; | 191 | saltlen = PKCS12_SALT_LEN; |
| 191 | p12->mac->salt->length = saltlen; | 192 | if (!(p12->mac->salt->data = malloc(saltlen))) { |
| 192 | if (!(p12->mac->salt->data = malloc (saltlen))) { | ||
| 193 | PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); | 193 | PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); |
| 194 | return 0; | 194 | return 0; |
| 195 | } | 195 | } |
| 196 | p12->mac->salt->length = saltlen; | ||
| 196 | if (!salt) | 197 | if (!salt) |
| 197 | arc4random_buf(p12->mac->salt->data, saltlen); | 198 | arc4random_buf(p12->mac->salt->data, saltlen); |
| 198 | else | 199 | else |