diff options
| author | miod <> | 2015-02-14 15:49:51 +0000 |
|---|---|---|
| committer | miod <> | 2015-02-14 15:49:51 +0000 |
| commit | 7c212c070d546611ce90c48f5bf1c210dcb0a2f6 (patch) | |
| tree | 0a6802c0b49e85a562bb55f6e07dbd486d96b1f0 /src | |
| parent | 2b58a2e1ecb2c9193af7cfb72d8b8691ff753122 (diff) | |
| download | openbsd-7c212c070d546611ce90c48f5bf1c210dcb0a2f6.tar.gz openbsd-7c212c070d546611ce90c48f5bf1c210dcb0a2f6.tar.bz2 openbsd-7c212c070d546611ce90c48f5bf1c210dcb0a2f6.zip | |
1.18 would introduce a possible out-of-bounds access in the error path;
Coverity CID 105346
ok doug@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/evp/p5_crpt2.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/evp/p5_crpt2.c | 12 |
2 files changed, 10 insertions, 14 deletions
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c index 6fc88a0437..afafb9551f 100644 --- a/src/lib/libcrypto/evp/p5_crpt2.c +++ b/src/lib/libcrypto/evp/p5_crpt2.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p5_crpt2.c,v 1.19 2015/02/14 15:45:21 miod Exp $ */ | 1 | /* $OpenBSD: p5_crpt2.c,v 1.20 2015/02/14 15:49:51 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -236,19 +236,19 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 236 | 236 | ||
| 237 | if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { | 237 | if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { |
| 238 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_NO_CIPHER_SET); | 238 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_NO_CIPHER_SET); |
| 239 | goto err; | 239 | return 0; |
| 240 | } | 240 | } |
| 241 | keylen = EVP_CIPHER_CTX_key_length(ctx); | 241 | keylen = EVP_CIPHER_CTX_key_length(ctx); |
| 242 | if (keylen > sizeof key) { | 242 | if (keylen > sizeof key) { |
| 243 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_BAD_KEY_LENGTH); | 243 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_BAD_KEY_LENGTH); |
| 244 | goto err; | 244 | return 0; |
| 245 | } | 245 | } |
| 246 | 246 | ||
| 247 | /* Decode parameter */ | 247 | /* Decode parameter */ |
| 248 | 248 | ||
| 249 | if (!param || (param->type != V_ASN1_SEQUENCE)) { | 249 | if (!param || (param->type != V_ASN1_SEQUENCE)) { |
| 250 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); | 250 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); |
| 251 | goto err; | 251 | return 0; |
| 252 | } | 252 | } |
| 253 | 253 | ||
| 254 | pbuf = param->value.sequence->data; | 254 | pbuf = param->value.sequence->data; |
| @@ -256,11 +256,9 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 256 | 256 | ||
| 257 | if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { | 257 | if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { |
| 258 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); | 258 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); |
| 259 | goto err; | 259 | return 0; |
| 260 | } | 260 | } |
| 261 | 261 | ||
| 262 | keylen = EVP_CIPHER_CTX_key_length(ctx); | ||
| 263 | |||
| 264 | /* Now check the parameters of the kdf */ | 262 | /* Now check the parameters of the kdf */ |
| 265 | 263 | ||
| 266 | if (kdf->keylength && | 264 | if (kdf->keylength && |
diff --git a/src/lib/libssl/src/crypto/evp/p5_crpt2.c b/src/lib/libssl/src/crypto/evp/p5_crpt2.c index 6fc88a0437..afafb9551f 100644 --- a/src/lib/libssl/src/crypto/evp/p5_crpt2.c +++ b/src/lib/libssl/src/crypto/evp/p5_crpt2.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p5_crpt2.c,v 1.19 2015/02/14 15:45:21 miod Exp $ */ | 1 | /* $OpenBSD: p5_crpt2.c,v 1.20 2015/02/14 15:49:51 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -236,19 +236,19 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 236 | 236 | ||
| 237 | if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { | 237 | if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { |
| 238 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_NO_CIPHER_SET); | 238 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_NO_CIPHER_SET); |
| 239 | goto err; | 239 | return 0; |
| 240 | } | 240 | } |
| 241 | keylen = EVP_CIPHER_CTX_key_length(ctx); | 241 | keylen = EVP_CIPHER_CTX_key_length(ctx); |
| 242 | if (keylen > sizeof key) { | 242 | if (keylen > sizeof key) { |
| 243 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_BAD_KEY_LENGTH); | 243 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_BAD_KEY_LENGTH); |
| 244 | goto err; | 244 | return 0; |
| 245 | } | 245 | } |
| 246 | 246 | ||
| 247 | /* Decode parameter */ | 247 | /* Decode parameter */ |
| 248 | 248 | ||
| 249 | if (!param || (param->type != V_ASN1_SEQUENCE)) { | 249 | if (!param || (param->type != V_ASN1_SEQUENCE)) { |
| 250 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); | 250 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); |
| 251 | goto err; | 251 | return 0; |
| 252 | } | 252 | } |
| 253 | 253 | ||
| 254 | pbuf = param->value.sequence->data; | 254 | pbuf = param->value.sequence->data; |
| @@ -256,11 +256,9 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 256 | 256 | ||
| 257 | if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { | 257 | if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { |
| 258 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); | 258 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); |
| 259 | goto err; | 259 | return 0; |
| 260 | } | 260 | } |
| 261 | 261 | ||
| 262 | keylen = EVP_CIPHER_CTX_key_length(ctx); | ||
| 263 | |||
| 264 | /* Now check the parameters of the kdf */ | 262 | /* Now check the parameters of the kdf */ |
| 265 | 263 | ||
| 266 | if (kdf->keylength && | 264 | if (kdf->keylength && |