5 files changed, 32 insertions, 14 deletions

diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c
index 626910fd7a..1d02cbf4a6 100644
--- a/src/lib/libcrypto/evp/p5_crpt.c
+++ b/src/lib/libcrypto/evp/p5_crpt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p5_crpt.c,v 1.16 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: p5_crpt.c,v 1.17 2016/11/08 20:01:06 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -106,8 +106,11 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
 
         if (!pbe->iter)
                 iter = 1;
-        else
-                iter = ASN1_INTEGER_get (pbe->iter);
+        else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
+                EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,
+                    EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
+                return 0;
+        }
         salt = pbe->salt->data;
         saltlen = pbe->salt->length;
 
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
index 632c2c76ce..44e8b331fb 100644
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p5_crpt2.c,v 1.21 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: p5_crpt2.c,v 1.22 2016/11/08 20:01:06 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -293,7 +293,11 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
         /* it seems that its all OK */
         salt = kdf->salt->value.octet_string->data;
         saltlen = kdf->salt->value.octet_string->length;
-        iter = ASN1_INTEGER_get(kdf->iter);
+        if ((iter = ASN1_INTEGER_get(kdf->iter)) <= 0) {
+                EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,
+                    EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
+                goto err;
+        }
         if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
             keylen, key))
                 goto err;
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c
index 0f215d2fe2..f2d635fc62 100644
--- a/src/lib/libcrypto/pkcs12/p12_crpt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crpt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_crpt.c,v 1.12 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: p12_crpt.c,v 1.13 2016/11/08 20:01:06 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -94,8 +94,11 @@ PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 
         if (!pbe->iter)
                 iter = 1;
-        else
-                iter = ASN1_INTEGER_get (pbe->iter);
+        else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
+                PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
+                PBEPARAM_free(pbe);
+                return 0;
+        }
         salt = pbe->salt->data;
         saltlen = pbe->salt->length;
         if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
index bf88c78270..56a4964a34 100644
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ b/src/lib/libcrypto/pkcs12/p12_mutl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_mutl.c,v 1.21 2015/09/30 17:30:15 jsing Exp $ */
+/* $OpenBSD: p12_mutl.c,v 1.22 2016/11/08 20:01:06 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -89,8 +89,10 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
         saltlen = p12->mac->salt->length;
         if (!p12->mac->iter)
                 iter = 1;
-        else
-                iter = ASN1_INTEGER_get(p12->mac->iter);
+        else if ((iter = ASN1_INTEGER_get(p12->mac->iter)) <= 0) {
+                PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_DECODE_ERROR);
+                return 0;
+        }
         if (!(md_type = EVP_get_digestbyobj(
             p12->mac->dinfo->algor->algorithm))) {
                 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
index 69a8d05f26..a091a7f425 100644
--- a/src/lib/libcrypto/x509v3/v3_purp.c
+++ b/src/lib/libcrypto/x509v3/v3_purp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_purp.c,v 1.26 2015/02/10 13:28:17 jsing Exp $ */
+/* $OpenBSD: v3_purp.c,v 1.27 2016/11/08 20:01:06 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -450,8 +450,14 @@ x509v3_cache_extensions(X509 *x)
                         x->ex_flags |= EXFLAG_INVALID;
                 }
                 if (pci->pcPathLengthConstraint) {
-                        x->ex_pcpathlen =
-                            ASN1_INTEGER_get(pci->pcPathLengthConstraint);
+                        if (pci->pcPathLengthConstraint->type ==
+                            V_ASN1_NEG_INTEGER) {
+                                x->ex_flags |= EXFLAG_INVALID;
+                                x->ex_pcpathlen = 0;
+                        } else
+                                x->ex_pcpathlen =
+                                    ASN1_INTEGER_get(pci->
+                                      pcPathLengthConstraint);
                 } else
                         x->ex_pcpathlen = -1;
                 PROXY_CERT_INFO_EXTENSION_free(pci);