1 files changed, 35 insertions, 15 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_pmeth.c b/src/lib/libcrypto/dsa/dsa_pmeth.c
index 438fa59af2..e75f0153de 100644
--- a/src/lib/libcrypto/dsa/dsa_pmeth.c
+++ b/src/lib/libcrypto/dsa/dsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_pmeth.c,v 1.5 2014/06/12 15:49:28 deraadt Exp $ */
+/* $OpenBSD: dsa_pmeth.c,v 1.6 2014/06/12 20:40:57 deraadt Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -57,6 +57,7 @@
 */
 #include <stdio.h>
+#include <limits.h>
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
@@ -217,24 +218,43 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
                        const char *type, const char *value)
        {
-        if (!strcmp(type, "dsa_paramgen_bits"))
+        long lval;
-                {
+        char *ep;
+        if (!strcmp(type, "dsa_paramgen_bits")) {
                int nbits;
-                nbits = atoi(value);
+                errno = 0;
+                lval = strtol(value, &ep, 10);
+                if (value[0] == '\0' || *ep != '\0')
+                        goto not_a_number;
+                if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) ||
+                    (lval > INT_MAX || lval < INT_MIN))
+                        goto out_of_range;
+                nbits = lval;
                return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits);
-                }
+        }
-        if (!strcmp(type, "dsa_paramgen_q_bits"))
+        if (!strcmp(type, "dsa_paramgen_q_bits")) {
-                {
+                int qbits;
-                int qbits = atoi(value);
+                errno = 0;
+                lval = strtol(value, &ep, 10);
+                if (value[0] == '\0' || *ep != '\0')
+                        goto not_a_number;
+                if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) ||
+                    (lval > INT_MAX || lval < INT_MIN))
+                        goto out_of_range;
+                qbits = lval;
                return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
-                                         EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL);
+                    EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL);
-                }
+        }
-        if (!strcmp(type, "dsa_paramgen_md"))
+        if (!strcmp(type, "dsa_paramgen_md")){
-                {
                return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
-                                         EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, 
+                    EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, 
-                                         (void *)EVP_get_digestbyname(value));
+                    (void *)EVP_get_digestbyname(value));
-                }
+        }
+not_a_number:
+out_of_range:
        return -2;
        }

diff --git a/src/lib/libcrypto/dsa/dsa_pmeth.c b/src/lib/libcrypto/dsa/dsa_pmeth.c index 438fa59af2..e75f0153de 100644 --- a/src/lib/libcrypto/dsa/dsa_pmeth.c +++ b/src/lib/libcrypto/dsa/dsa_pmeth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dsa_pmeth.c,v 1.5 2014/06/12 15:49:28 deraadt Exp $ */	1	/* $OpenBSD: dsa_pmeth.c,v 1.6 2014/06/12 20:40:57 deraadt Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -57,6 +57,7 @@
57	*/	57	*/
58		58
59	#include <stdio.h>	59	#include <stdio.h>
		60	#include <limits.h>
60	#include "cryptlib.h"	61	#include "cryptlib.h"
61	#include <openssl/asn1t.h>	62	#include <openssl/asn1t.h>
62	#include <openssl/x509.h>	63	#include <openssl/x509.h>
@@ -217,24 +218,43 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX ctx, int type, int p1, void p2)
217	static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,	218	static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
218	const char type, const char value)	219	const char type, const char value)
219	{	220	{
220	if (!strcmp(type, "dsa_paramgen_bits"))	221	long lval;
221	{	222	char *ep;
		223
		224	if (!strcmp(type, "dsa_paramgen_bits")) {
222	int nbits;	225	int nbits;
223	nbits = atoi(value);	226
		227	errno = 0;
		228	lval = strtol(value, &ep, 10);
		229	if (value[0] == '\0' \|\| *ep != '\0')
		230	goto not_a_number;
		231	if ((errno == ERANGE && (lval == LONG_MAX \|\| lval == LONG_MIN)) \|\|
		232	(lval > INT_MAX \|\| lval < INT_MIN))
		233	goto out_of_range;
		234	nbits = lval;
224	return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits);	235	return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits);
225	}	236	}
226	if (!strcmp(type, "dsa_paramgen_q_bits"))	237	if (!strcmp(type, "dsa_paramgen_q_bits")) {
227	{	238	int qbits;
228	int qbits = atoi(value);	239
		240	errno = 0;
		241	lval = strtol(value, &ep, 10);
		242	if (value[0] == '\0' \|\| *ep != '\0')
		243	goto not_a_number;
		244	if ((errno == ERANGE && (lval == LONG_MAX \|\| lval == LONG_MIN)) \|\|
		245	(lval > INT_MAX \|\| lval < INT_MIN))
		246	goto out_of_range;
		247	qbits = lval;
229	return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,	248	return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
230	EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL);	249	EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL);
231	}	250	}
232	if (!strcmp(type, "dsa_paramgen_md"))	251	if (!strcmp(type, "dsa_paramgen_md")){
233	{
234	return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,	252	return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
235	EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0,	253	EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0,
236	(void *)EVP_get_digestbyname(value));	254	(void *)EVP_get_digestbyname(value));
237	}	255	}
		256	not_a_number:
		257	out_of_range:
238	return -2;	258	return -2;
239	}	259	}
240		260