Rework DSA_size() and ECDSA_size() - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2022-08-31 13:01:01 +0000
committer	tb <>	2022-08-31 13:01:01 +0000
commit	5a012dc99251d6861841dbe500e21ff7a4f63ccc (patch)
tree	8991ebe0360b3e90f90f196c1565ac3ed01531ab /src/lib/libssl/ssl_ciph.c
parent	5fdcead22234749d49d79e5fc2b4d6bd7f4d5f27 (diff)
download	openbsd-5a012dc99251d6861841dbe500e21ff7a4f63ccc.tar.gz openbsd-5a012dc99251d6861841dbe500e21ff7a4f63ccc.tar.bz2 openbsd-5a012dc99251d6861841dbe500e21ff7a4f63ccc.zip

Rework DSA_size() and ECDSA_size()

DSA_size() and ECDSA_size() have a very special hack. They fudge up an ASN1_INTEGER with a size which is typically > 100 bytes, backed by a buffer of size 4. This was "fine", however, since they set buf[0] = 0xff, where the craziness that was i2c_ASN1_INTEGER() only looks at the first octet (one may then ask why a buffer of size 4 was necessary...). This changed with the rewrite of i2c_ASN1_INTEGER(), which doesn't respect this particular hack and rightly assumes that it is fed an actual ASN1_INTEGER... Instead, create an appropriate signature and use i2d to determine its size. Fixes an out-of-bounds read flagged by ASAN and oss-fuzz. ok jsing

Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: