diff options
| author | jsing <> | 2014-07-02 16:33:19 +0000 |
|---|---|---|
| committer | jsing <> | 2014-07-02 16:33:19 +0000 |
| commit | 96705049dcca8605066b2a872c662955a12c573c (patch) | |
| tree | a8dfac951a62a8f7c357635df791e2349d7ce2d6 /src | |
| parent | 37ecacb2854f557a2bc98ff8751d46024955c531 (diff) | |
| download | openbsd-96705049dcca8605066b2a872c662955a12c573c.tar.gz openbsd-96705049dcca8605066b2a872c662955a12c573c.tar.bz2 openbsd-96705049dcca8605066b2a872c662955a12c573c.zip | |
pk7_doit.c r1.20 introduced a NULL check that ensures that the signature
contents are not NULL, however this breaks detached signature processing.
Fix this by allowing the signature contents to be NULL when operating with
a detached signature.
Found the hard way by sthen@.
ok sthen@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/pkcs7/pk7_doit.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/pkcs7/pk7_doit.c | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c index 46f9c2b8c6..df846a22cc 100644 --- a/src/lib/libcrypto/pkcs7/pk7_doit.c +++ b/src/lib/libcrypto/pkcs7/pk7_doit.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pk7_doit.c,v 1.23 2014/06/29 17:05:36 jsing Exp $ */ | 1 | /* $OpenBSD: pk7_doit.c,v 1.24 2014/07/02 16:33:19 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -754,7 +754,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio) | |||
| 754 | case NID_pkcs7_signed: | 754 | case NID_pkcs7_signed: |
| 755 | si_sk = p7->d.sign->signer_info; | 755 | si_sk = p7->d.sign->signer_info; |
| 756 | os = PKCS7_get_octet_string(p7->d.sign->contents); | 756 | os = PKCS7_get_octet_string(p7->d.sign->contents); |
| 757 | if (os == NULL) { | 757 | if (!PKCS7_is_detached(p7) && os == NULL) { |
| 758 | PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR); | 758 | PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR); |
| 759 | goto err; | 759 | goto err; |
| 760 | } | 760 | } |
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c index 46f9c2b8c6..df846a22cc 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c +++ b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pk7_doit.c,v 1.23 2014/06/29 17:05:36 jsing Exp $ */ | 1 | /* $OpenBSD: pk7_doit.c,v 1.24 2014/07/02 16:33:19 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -754,7 +754,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio) | |||
| 754 | case NID_pkcs7_signed: | 754 | case NID_pkcs7_signed: |
| 755 | si_sk = p7->d.sign->signer_info; | 755 | si_sk = p7->d.sign->signer_info; |
| 756 | os = PKCS7_get_octet_string(p7->d.sign->contents); | 756 | os = PKCS7_get_octet_string(p7->d.sign->contents); |
| 757 | if (os == NULL) { | 757 | if (!PKCS7_is_detached(p7) && os == NULL) { |
| 758 | PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR); | 758 | PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR); |
| 759 | goto err; | 759 | goto err; |
| 760 | } | 760 | } |