diff options
| author | tb <> | 2024-10-03 04:20:28 +0000 |
|---|---|---|
| committer | tb <> | 2024-10-03 04:20:28 +0000 |
| commit | 6dee21e5fac0da0ec31b1c3b8492314ec0e3c96d (patch) | |
| tree | fc48c2fc296e28f6b50a2eb061814b16cea10e46 /src | |
| parent | fa56f23cdf70f7870973ada17d6b88294180d91f (diff) | |
| download | openbsd-6dee21e5fac0da0ec31b1c3b8492314ec0e3c96d.tar.gz openbsd-6dee21e5fac0da0ec31b1c3b8492314ec0e3c96d.tar.bz2 openbsd-6dee21e5fac0da0ec31b1c3b8492314ec0e3c96d.zip | |
Fix ASN1_INTEGER_to_BN() misuse
Same issue/leak as for BN_to_ASN1_INTEGER(). Stop reusing the elliptic
curve parameters a and b for order and cofacter. It's confusing.
ok jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/ec/ec_asn1.c | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/src/lib/libcrypto/ec/ec_asn1.c b/src/lib/libcrypto/ec/ec_asn1.c index 634fb5254c..eddc3769e9 100644 --- a/src/lib/libcrypto/ec/ec_asn1.c +++ b/src/lib/libcrypto/ec/ec_asn1.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ec_asn1.c,v 1.55 2024/10/03 04:17:05 tb Exp $ */ | 1 | /* $OpenBSD: ec_asn1.c,v 1.56 2024/10/03 04:20:28 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Written by Nils Larsch for the OpenSSL project. | 3 | * Written by Nils Larsch for the OpenSSL project. |
| 4 | */ | 4 | */ |
| @@ -841,7 +841,7 @@ ec_asn1_parameters2group(const ECPARAMETERS *params) | |||
| 841 | { | 841 | { |
| 842 | int ok = 0, tmp; | 842 | int ok = 0, tmp; |
| 843 | EC_GROUP *ret = NULL; | 843 | EC_GROUP *ret = NULL; |
| 844 | BIGNUM *p = NULL, *a = NULL, *b = NULL; | 844 | BIGNUM *p = NULL, *a = NULL, *b = NULL, *order = NULL, *cofactor = NULL; |
| 845 | EC_POINT *point = NULL; | 845 | EC_POINT *point = NULL; |
| 846 | int field_bits; | 846 | int field_bits; |
| 847 | 847 | ||
| @@ -932,29 +932,26 @@ ec_asn1_parameters2group(const ECPARAMETERS *params) | |||
| 932 | ECerror(ERR_R_EC_LIB); | 932 | ECerror(ERR_R_EC_LIB); |
| 933 | goto err; | 933 | goto err; |
| 934 | } | 934 | } |
| 935 | /* extract the order */ | 935 | if ((order = ASN1_INTEGER_to_BN(params->order, NULL)) == NULL) { |
| 936 | if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) { | ||
| 937 | ECerror(ERR_R_ASN1_LIB); | 936 | ECerror(ERR_R_ASN1_LIB); |
| 938 | goto err; | 937 | goto err; |
| 939 | } | 938 | } |
| 940 | if (BN_is_negative(a) || BN_is_zero(a)) { | 939 | if (BN_is_negative(order) || BN_is_zero(order)) { |
| 941 | ECerror(EC_R_INVALID_GROUP_ORDER); | 940 | ECerror(EC_R_INVALID_GROUP_ORDER); |
| 942 | goto err; | 941 | goto err; |
| 943 | } | 942 | } |
| 944 | if (BN_num_bits(a) > field_bits + 1) { /* Hasse bound */ | 943 | if (BN_num_bits(order) > field_bits + 1) { /* Hasse bound */ |
| 945 | ECerror(EC_R_INVALID_GROUP_ORDER); | 944 | ECerror(EC_R_INVALID_GROUP_ORDER); |
| 946 | goto err; | 945 | goto err; |
| 947 | } | 946 | } |
| 948 | /* extract the cofactor (optional) */ | 947 | if (params->cofactor != NULL) { |
| 949 | if (params->cofactor == NULL) { | 948 | if ((cofactor = ASN1_INTEGER_to_BN(params->cofactor, |
| 950 | BN_free(b); | 949 | NULL)) == NULL) { |
| 951 | b = NULL; | 950 | ECerror(ERR_R_ASN1_LIB); |
| 952 | } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) { | 951 | goto err; |
| 953 | ECerror(ERR_R_ASN1_LIB); | 952 | } |
| 954 | goto err; | ||
| 955 | } | 953 | } |
| 956 | /* set the generator, order and cofactor (if present) */ | 954 | if (!EC_GROUP_set_generator(ret, point, order, cofactor)) { |
| 957 | if (!EC_GROUP_set_generator(ret, point, a, b)) { | ||
| 958 | ECerror(ERR_R_EC_LIB); | 955 | ECerror(ERR_R_EC_LIB); |
| 959 | goto err; | 956 | goto err; |
| 960 | } | 957 | } |
| @@ -968,8 +965,11 @@ ec_asn1_parameters2group(const ECPARAMETERS *params) | |||
| 968 | BN_free(p); | 965 | BN_free(p); |
| 969 | BN_free(a); | 966 | BN_free(a); |
| 970 | BN_free(b); | 967 | BN_free(b); |
| 968 | BN_free(order); | ||
| 969 | BN_free(cofactor); | ||
| 971 | EC_POINT_free(point); | 970 | EC_POINT_free(point); |
| 972 | return (ret); | 971 | |
| 972 | return ret; | ||
| 973 | } | 973 | } |
| 974 | 974 | ||
| 975 | EC_GROUP * | 975 | EC_GROUP * |