diff options
| author | deraadt <> | 2014-06-12 20:40:57 +0000 |
|---|---|---|
| committer | deraadt <> | 2014-06-12 20:40:57 +0000 |
| commit | 95b33f3e2fad03793adf906f7d3b08883ec3684c (patch) | |
| tree | 44a491147b347caf1b2dd774e13e12db3c08944e /src | |
| parent | 71477dc340552244618421bfc331e3226e59f4ea (diff) | |
| download | openbsd-95b33f3e2fad03793adf906f7d3b08883ec3684c.tar.gz openbsd-95b33f3e2fad03793adf906f7d3b08883ec3684c.tar.bz2 openbsd-95b33f3e2fad03793adf906f7d3b08883ec3684c.zip | |
replace atoi() calls with strtol(). Follow the idiomatic pattern in our
manual page strictly. Return -2 if the strings are not strict numbers.
The numbers remain in the range of "int". Range checking for these parameters
is done later in the pkey_*_ctl() functions, or sometimes in functions much
further downstream... but not always!!!
ok millert miod mikeb
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/dh/dh_pmeth.c | 42 | ||||
| -rw-r--r-- | src/lib/libcrypto/dsa/dsa_pmeth.c | 50 | ||||
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa_pmeth.c | 45 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/dh/dh_pmeth.c | 42 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/dsa/dsa_pmeth.c | 50 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/rsa/rsa_pmeth.c | 45 |
6 files changed, 194 insertions, 80 deletions
diff --git a/src/lib/libcrypto/dh/dh_pmeth.c b/src/lib/libcrypto/dh/dh_pmeth.c index b51e0794b7..cb424ac149 100644 --- a/src/lib/libcrypto/dh/dh_pmeth.c +++ b/src/lib/libcrypto/dh/dh_pmeth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dh_pmeth.c,v 1.5 2014/06/12 15:49:28 deraadt Exp $ */ | 1 | /* $OpenBSD: dh_pmeth.c,v 1.6 2014/06/12 20:40:57 deraadt Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -57,6 +57,7 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <limits.h> | ||
| 60 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 61 | #include <openssl/asn1t.h> | 62 | #include <openssl/asn1t.h> |
| 62 | #include <openssl/x509.h> | 63 | #include <openssl/x509.h> |
| @@ -143,21 +144,38 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) | |||
| 143 | static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, | 144 | static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, |
| 144 | const char *type, const char *value) | 145 | const char *type, const char *value) |
| 145 | { | 146 | { |
| 146 | if (!strcmp(type, "dh_paramgen_prime_len")) | 147 | long lval; |
| 147 | { | 148 | char *ep; |
| 148 | int len; | 149 | int len; |
| 149 | len = atoi(value); | 150 | |
| 151 | if (!strcmp(type, "dh_paramgen_prime_len")) { | ||
| 152 | errno = 0; | ||
| 153 | lval = strtol(value, &ep, 10); | ||
| 154 | if (value[0] == '\0' || *ep != '\0') | ||
| 155 | goto not_a_number; | ||
| 156 | if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || | ||
| 157 | (lval > INT_MAX || lval < INT_MIN)) | ||
| 158 | goto out_of_range; | ||
| 159 | len = lval; | ||
| 150 | return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len); | 160 | return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len); |
| 151 | } | 161 | } |
| 152 | if (!strcmp(type, "dh_paramgen_generator")) | 162 | if (!strcmp(type, "dh_paramgen_generator")) { |
| 153 | { | 163 | errno = 0; |
| 154 | int len; | 164 | lval = strtol(value, &ep, 10); |
| 155 | len = atoi(value); | 165 | if (value[0] == '\0' || *ep != '\0') |
| 166 | goto not_a_number; | ||
| 167 | if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || | ||
| 168 | (lval > INT_MAX || lval < INT_MIN)) | ||
| 169 | goto out_of_range; | ||
| 170 | len = lval; | ||
| 156 | return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len); | 171 | return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len); |
| 157 | } | ||
| 158 | return -2; | ||
| 159 | } | 172 | } |
| 160 | 173 | ||
| 174 | not_a_number: | ||
| 175 | out_of_range: | ||
| 176 | return -2; | ||
| 177 | } | ||
| 178 | |||
| 161 | static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) | 179 | static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) |
| 162 | { | 180 | { |
| 163 | DH *dh = NULL; | 181 | DH *dh = NULL; |
diff --git a/src/lib/libcrypto/dsa/dsa_pmeth.c b/src/lib/libcrypto/dsa/dsa_pmeth.c index 438fa59af2..e75f0153de 100644 --- a/src/lib/libcrypto/dsa/dsa_pmeth.c +++ b/src/lib/libcrypto/dsa/dsa_pmeth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dsa_pmeth.c,v 1.5 2014/06/12 15:49:28 deraadt Exp $ */ | 1 | /* $OpenBSD: dsa_pmeth.c,v 1.6 2014/06/12 20:40:57 deraadt Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -57,6 +57,7 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <limits.h> | ||
| 60 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 61 | #include <openssl/asn1t.h> | 62 | #include <openssl/asn1t.h> |
| 62 | #include <openssl/x509.h> | 63 | #include <openssl/x509.h> |
| @@ -217,24 +218,43 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) | |||
| 217 | static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, | 218 | static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, |
| 218 | const char *type, const char *value) | 219 | const char *type, const char *value) |
| 219 | { | 220 | { |
| 220 | if (!strcmp(type, "dsa_paramgen_bits")) | 221 | long lval; |
| 221 | { | 222 | char *ep; |
| 223 | |||
| 224 | if (!strcmp(type, "dsa_paramgen_bits")) { | ||
| 222 | int nbits; | 225 | int nbits; |
| 223 | nbits = atoi(value); | 226 | |
| 227 | errno = 0; | ||
| 228 | lval = strtol(value, &ep, 10); | ||
| 229 | if (value[0] == '\0' || *ep != '\0') | ||
| 230 | goto not_a_number; | ||
| 231 | if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || | ||
| 232 | (lval > INT_MAX || lval < INT_MIN)) | ||
| 233 | goto out_of_range; | ||
| 234 | nbits = lval; | ||
| 224 | return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); | 235 | return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); |
| 225 | } | 236 | } |
| 226 | if (!strcmp(type, "dsa_paramgen_q_bits")) | 237 | if (!strcmp(type, "dsa_paramgen_q_bits")) { |
| 227 | { | 238 | int qbits; |
| 228 | int qbits = atoi(value); | 239 | |
| 240 | errno = 0; | ||
| 241 | lval = strtol(value, &ep, 10); | ||
| 242 | if (value[0] == '\0' || *ep != '\0') | ||
| 243 | goto not_a_number; | ||
| 244 | if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || | ||
| 245 | (lval > INT_MAX || lval < INT_MIN)) | ||
| 246 | goto out_of_range; | ||
| 247 | qbits = lval; | ||
| 229 | return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, | 248 | return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, |
| 230 | EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL); | 249 | EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL); |
| 231 | } | 250 | } |
| 232 | if (!strcmp(type, "dsa_paramgen_md")) | 251 | if (!strcmp(type, "dsa_paramgen_md")){ |
| 233 | { | ||
| 234 | return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, | 252 | return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, |
| 235 | EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, | 253 | EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, |
| 236 | (void *)EVP_get_digestbyname(value)); | 254 | (void *)EVP_get_digestbyname(value)); |
| 237 | } | 255 | } |
| 256 | not_a_number: | ||
| 257 | out_of_range: | ||
| 238 | return -2; | 258 | return -2; |
| 239 | } | 259 | } |
| 240 | 260 | ||
diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c index a611fc3461..1f9d826014 100644 --- a/src/lib/libcrypto/rsa/rsa_pmeth.c +++ b/src/lib/libcrypto/rsa/rsa_pmeth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rsa_pmeth.c,v 1.7 2014/06/12 15:49:30 deraadt Exp $ */ | 1 | /* $OpenBSD: rsa_pmeth.c,v 1.8 2014/06/12 20:40:57 deraadt Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -57,6 +57,7 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <limits.h> | ||
| 60 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 61 | #include <openssl/asn1t.h> | 62 | #include <openssl/asn1t.h> |
| 62 | #include <openssl/x509.h> | 63 | #include <openssl/x509.h> |
| @@ -518,6 +519,9 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) | |||
| 518 | static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, | 519 | static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, |
| 519 | const char *type, const char *value) | 520 | const char *type, const char *value) |
| 520 | { | 521 | { |
| 522 | long lval; | ||
| 523 | char *ep; | ||
| 524 | |||
| 521 | if (!value) | 525 | if (!value) |
| 522 | { | 526 | { |
| 523 | RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING); | 527 | RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING); |
| @@ -549,22 +553,35 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, | |||
| 549 | return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); | 553 | return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); |
| 550 | } | 554 | } |
| 551 | 555 | ||
| 552 | if (!strcmp(type, "rsa_pss_saltlen")) | 556 | if (!strcmp(type, "rsa_pss_saltlen")) { |
| 553 | { | ||
| 554 | int saltlen; | 557 | int saltlen; |
| 555 | saltlen = atoi(value); | 558 | |
| 559 | errno = 0; | ||
| 560 | lval = strtol(value, &ep, 10); | ||
| 561 | if (value[0] == '\0' || *ep != '\0') | ||
| 562 | goto not_a_number; | ||
| 563 | if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || | ||
| 564 | (lval > INT_MAX || lval < INT_MIN)) | ||
| 565 | goto out_of_range; | ||
| 566 | saltlen = lval; | ||
| 556 | return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); | 567 | return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); |
| 557 | } | 568 | } |
| 558 | 569 | ||
| 559 | if (!strcmp(type, "rsa_keygen_bits")) | 570 | if (!strcmp(type, "rsa_keygen_bits")) { |
| 560 | { | ||
| 561 | int nbits; | 571 | int nbits; |
| 562 | nbits = atoi(value); | 572 | |
| 573 | errno = 0; | ||
| 574 | lval = strtol(value, &ep, 10); | ||
| 575 | if (value[0] == '\0' || *ep != '\0') | ||
| 576 | goto not_a_number; | ||
| 577 | if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || | ||
| 578 | (lval > INT_MAX || lval < INT_MIN)) | ||
| 579 | goto out_of_range; | ||
| 580 | nbits = lval; | ||
| 563 | return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits); | 581 | return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits); |
| 564 | } | 582 | } |
| 565 | 583 | ||
| 566 | if (!strcmp(type, "rsa_keygen_pubexp")) | 584 | if (!strcmp(type, "rsa_keygen_pubexp")) { |
| 567 | { | ||
| 568 | int ret; | 585 | int ret; |
| 569 | BIGNUM *pubexp = NULL; | 586 | BIGNUM *pubexp = NULL; |
| 570 | if (!BN_asc2bn(&pubexp, value)) | 587 | if (!BN_asc2bn(&pubexp, value)) |
| @@ -573,10 +590,12 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, | |||
| 573 | if (ret <= 0) | 590 | if (ret <= 0) |
| 574 | BN_free(pubexp); | 591 | BN_free(pubexp); |
| 575 | return ret; | 592 | return ret; |
| 576 | } | 593 | } |
| 577 | 594 | ||
| 595 | not_a_number: | ||
| 596 | out_of_range: | ||
| 578 | return -2; | 597 | return -2; |
| 579 | } | 598 | } |
| 580 | 599 | ||
| 581 | static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) | 600 | static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) |
| 582 | { | 601 | { |
diff --git a/src/lib/libssl/src/crypto/dh/dh_pmeth.c b/src/lib/libssl/src/crypto/dh/dh_pmeth.c index b51e0794b7..cb424ac149 100644 --- a/src/lib/libssl/src/crypto/dh/dh_pmeth.c +++ b/src/lib/libssl/src/crypto/dh/dh_pmeth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dh_pmeth.c,v 1.5 2014/06/12 15:49:28 deraadt Exp $ */ | 1 | /* $OpenBSD: dh_pmeth.c,v 1.6 2014/06/12 20:40:57 deraadt Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -57,6 +57,7 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <limits.h> | ||
| 60 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 61 | #include <openssl/asn1t.h> | 62 | #include <openssl/asn1t.h> |
| 62 | #include <openssl/x509.h> | 63 | #include <openssl/x509.h> |
| @@ -143,21 +144,38 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) | |||
| 143 | static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, | 144 | static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, |
| 144 | const char *type, const char *value) | 145 | const char *type, const char *value) |
| 145 | { | 146 | { |
| 146 | if (!strcmp(type, "dh_paramgen_prime_len")) | 147 | long lval; |
| 147 | { | 148 | char *ep; |
| 148 | int len; | 149 | int len; |
| 149 | len = atoi(value); | 150 | |
| 151 | if (!strcmp(type, "dh_paramgen_prime_len")) { | ||
| 152 | errno = 0; | ||
| 153 | lval = strtol(value, &ep, 10); | ||
| 154 | if (value[0] == '\0' || *ep != '\0') | ||
| 155 | goto not_a_number; | ||
| 156 | if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || | ||
| 157 | (lval > INT_MAX || lval < INT_MIN)) | ||
| 158 | goto out_of_range; | ||
| 159 | len = lval; | ||
| 150 | return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len); | 160 | return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len); |
| 151 | } | 161 | } |
| 152 | if (!strcmp(type, "dh_paramgen_generator")) | 162 | if (!strcmp(type, "dh_paramgen_generator")) { |
| 153 | { | 163 | errno = 0; |
| 154 | int len; | 164 | lval = strtol(value, &ep, 10); |
| 155 | len = atoi(value); | 165 | if (value[0] == '\0' || *ep != '\0') |
| 166 | goto not_a_number; | ||
| 167 | if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || | ||
| 168 | (lval > INT_MAX || lval < INT_MIN)) | ||
| 169 | goto out_of_range; | ||
| 170 | len = lval; | ||
| 156 | return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len); | 171 | return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len); |
| 157 | } | ||
| 158 | return -2; | ||
| 159 | } | 172 | } |
| 160 | 173 | ||
| 174 | not_a_number: | ||
| 175 | out_of_range: | ||
| 176 | return -2; | ||
| 177 | } | ||
| 178 | |||
| 161 | static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) | 179 | static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) |
| 162 | { | 180 | { |
| 163 | DH *dh = NULL; | 181 | DH *dh = NULL; |
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_pmeth.c b/src/lib/libssl/src/crypto/dsa/dsa_pmeth.c index 438fa59af2..e75f0153de 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_pmeth.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_pmeth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dsa_pmeth.c,v 1.5 2014/06/12 15:49:28 deraadt Exp $ */ | 1 | /* $OpenBSD: dsa_pmeth.c,v 1.6 2014/06/12 20:40:57 deraadt Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -57,6 +57,7 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <limits.h> | ||
| 60 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 61 | #include <openssl/asn1t.h> | 62 | #include <openssl/asn1t.h> |
| 62 | #include <openssl/x509.h> | 63 | #include <openssl/x509.h> |
| @@ -217,24 +218,43 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) | |||
| 217 | static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, | 218 | static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, |
| 218 | const char *type, const char *value) | 219 | const char *type, const char *value) |
| 219 | { | 220 | { |
| 220 | if (!strcmp(type, "dsa_paramgen_bits")) | 221 | long lval; |
| 221 | { | 222 | char *ep; |
| 223 | |||
| 224 | if (!strcmp(type, "dsa_paramgen_bits")) { | ||
| 222 | int nbits; | 225 | int nbits; |
| 223 | nbits = atoi(value); | 226 | |
| 227 | errno = 0; | ||
| 228 | lval = strtol(value, &ep, 10); | ||
| 229 | if (value[0] == '\0' || *ep != '\0') | ||
| 230 | goto not_a_number; | ||
| 231 | if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || | ||
| 232 | (lval > INT_MAX || lval < INT_MIN)) | ||
| 233 | goto out_of_range; | ||
| 234 | nbits = lval; | ||
| 224 | return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); | 235 | return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); |
| 225 | } | 236 | } |
| 226 | if (!strcmp(type, "dsa_paramgen_q_bits")) | 237 | if (!strcmp(type, "dsa_paramgen_q_bits")) { |
| 227 | { | 238 | int qbits; |
| 228 | int qbits = atoi(value); | 239 | |
| 240 | errno = 0; | ||
| 241 | lval = strtol(value, &ep, 10); | ||
| 242 | if (value[0] == '\0' || *ep != '\0') | ||
| 243 | goto not_a_number; | ||
| 244 | if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || | ||
| 245 | (lval > INT_MAX || lval < INT_MIN)) | ||
| 246 | goto out_of_range; | ||
| 247 | qbits = lval; | ||
| 229 | return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, | 248 | return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, |
| 230 | EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL); | 249 | EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL); |
| 231 | } | 250 | } |
| 232 | if (!strcmp(type, "dsa_paramgen_md")) | 251 | if (!strcmp(type, "dsa_paramgen_md")){ |
| 233 | { | ||
| 234 | return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, | 252 | return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, |
| 235 | EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, | 253 | EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, |
| 236 | (void *)EVP_get_digestbyname(value)); | 254 | (void *)EVP_get_digestbyname(value)); |
| 237 | } | 255 | } |
| 256 | not_a_number: | ||
| 257 | out_of_range: | ||
| 238 | return -2; | 258 | return -2; |
| 239 | } | 259 | } |
| 240 | 260 | ||
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c index a611fc3461..1f9d826014 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rsa_pmeth.c,v 1.7 2014/06/12 15:49:30 deraadt Exp $ */ | 1 | /* $OpenBSD: rsa_pmeth.c,v 1.8 2014/06/12 20:40:57 deraadt Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -57,6 +57,7 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <limits.h> | ||
| 60 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 61 | #include <openssl/asn1t.h> | 62 | #include <openssl/asn1t.h> |
| 62 | #include <openssl/x509.h> | 63 | #include <openssl/x509.h> |
| @@ -518,6 +519,9 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) | |||
| 518 | static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, | 519 | static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, |
| 519 | const char *type, const char *value) | 520 | const char *type, const char *value) |
| 520 | { | 521 | { |
| 522 | long lval; | ||
| 523 | char *ep; | ||
| 524 | |||
| 521 | if (!value) | 525 | if (!value) |
| 522 | { | 526 | { |
| 523 | RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING); | 527 | RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING); |
| @@ -549,22 +553,35 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, | |||
| 549 | return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); | 553 | return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); |
| 550 | } | 554 | } |
| 551 | 555 | ||
| 552 | if (!strcmp(type, "rsa_pss_saltlen")) | 556 | if (!strcmp(type, "rsa_pss_saltlen")) { |
| 553 | { | ||
| 554 | int saltlen; | 557 | int saltlen; |
| 555 | saltlen = atoi(value); | 558 | |
| 559 | errno = 0; | ||
| 560 | lval = strtol(value, &ep, 10); | ||
| 561 | if (value[0] == '\0' || *ep != '\0') | ||
| 562 | goto not_a_number; | ||
| 563 | if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || | ||
| 564 | (lval > INT_MAX || lval < INT_MIN)) | ||
| 565 | goto out_of_range; | ||
| 566 | saltlen = lval; | ||
| 556 | return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); | 567 | return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); |
| 557 | } | 568 | } |
| 558 | 569 | ||
| 559 | if (!strcmp(type, "rsa_keygen_bits")) | 570 | if (!strcmp(type, "rsa_keygen_bits")) { |
| 560 | { | ||
| 561 | int nbits; | 571 | int nbits; |
| 562 | nbits = atoi(value); | 572 | |
| 573 | errno = 0; | ||
| 574 | lval = strtol(value, &ep, 10); | ||
| 575 | if (value[0] == '\0' || *ep != '\0') | ||
| 576 | goto not_a_number; | ||
| 577 | if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || | ||
| 578 | (lval > INT_MAX || lval < INT_MIN)) | ||
| 579 | goto out_of_range; | ||
| 580 | nbits = lval; | ||
| 563 | return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits); | 581 | return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits); |
| 564 | } | 582 | } |
| 565 | 583 | ||
| 566 | if (!strcmp(type, "rsa_keygen_pubexp")) | 584 | if (!strcmp(type, "rsa_keygen_pubexp")) { |
| 567 | { | ||
| 568 | int ret; | 585 | int ret; |
| 569 | BIGNUM *pubexp = NULL; | 586 | BIGNUM *pubexp = NULL; |
| 570 | if (!BN_asc2bn(&pubexp, value)) | 587 | if (!BN_asc2bn(&pubexp, value)) |
| @@ -573,10 +590,12 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, | |||
| 573 | if (ret <= 0) | 590 | if (ret <= 0) |
| 574 | BN_free(pubexp); | 591 | BN_free(pubexp); |
| 575 | return ret; | 592 | return ret; |
| 576 | } | 593 | } |
| 577 | 594 | ||
| 595 | not_a_number: | ||
| 596 | out_of_range: | ||
| 578 | return -2; | 597 | return -2; |
| 579 | } | 598 | } |
| 580 | 599 | ||
| 581 | static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) | 600 | static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) |
| 582 | { | 601 | { |