diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/asn1/x_bignum.c | 39 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/asn1/x_bignum.c | 39 |
2 files changed, 38 insertions, 40 deletions
diff --git a/src/lib/libcrypto/asn1/x_bignum.c b/src/lib/libcrypto/asn1/x_bignum.c index 18ec64eeef..dafe9b3016 100644 --- a/src/lib/libcrypto/asn1/x_bignum.c +++ b/src/lib/libcrypto/asn1/x_bignum.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x_bignum.c,v 1.6 2014/07/11 08:44:47 jsing Exp $ */ | 1 | /* $OpenBSD: x_bignum.c,v 1.7 2014/07/12 16:42:47 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -61,14 +61,13 @@ | |||
| 61 | #include <openssl/asn1t.h> | 61 | #include <openssl/asn1t.h> |
| 62 | #include <openssl/bn.h> | 62 | #include <openssl/bn.h> |
| 63 | 63 | ||
| 64 | /* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a | 64 | /* |
| 65 | * BIGNUM directly. Currently it ignores the sign which isn't a problem since all | 65 | * Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a |
| 66 | * BIGNUMs used are non negative and anything that looks negative is normally due | 66 | * BIGNUM directly. Currently it ignores the sign which isn't a problem since |
| 67 | * to an encoding error. | 67 | * all BIGNUMs used are non negative and anything that looks negative is |
| 68 | * normally due to an encoding error. | ||
| 68 | */ | 69 | */ |
| 69 | 70 | ||
| 70 | #define BN_SENSITIVE 1 | ||
| 71 | |||
| 72 | static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it); | 71 | static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it); |
| 73 | static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it); | 72 | static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it); |
| 74 | 73 | ||
| @@ -92,7 +91,7 @@ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM" | |||
| 92 | ASN1_ITEM_end(BIGNUM) | 91 | ASN1_ITEM_end(BIGNUM) |
| 93 | 92 | ||
| 94 | ASN1_ITEM_start(CBIGNUM) | 93 | ASN1_ITEM_start(CBIGNUM) |
| 95 | ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM" | 94 | ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM" |
| 96 | ASN1_ITEM_end(CBIGNUM) | 95 | ASN1_ITEM_end(CBIGNUM) |
| 97 | 96 | ||
| 98 | static int | 97 | static int |
| @@ -108,12 +107,9 @@ bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) | |||
| 108 | static void | 107 | static void |
| 109 | bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) | 108 | bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 110 | { | 109 | { |
| 111 | if (!*pval) | 110 | if (*pval == NULL) |
| 112 | return; | 111 | return; |
| 113 | if (it->size & BN_SENSITIVE) | 112 | BN_clear_free((BIGNUM *)*pval); |
| 114 | BN_clear_free((BIGNUM *)*pval); | ||
| 115 | else | ||
| 116 | BN_free((BIGNUM *)*pval); | ||
| 117 | *pval = NULL; | 113 | *pval = NULL; |
| 118 | } | 114 | } |
| 119 | 115 | ||
| @@ -121,9 +117,9 @@ static int | |||
| 121 | bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) | 117 | bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) |
| 122 | { | 118 | { |
| 123 | BIGNUM *bn; | 119 | BIGNUM *bn; |
| 124 | int pad; | 120 | int pad, len; |
| 125 | 121 | ||
| 126 | if (!*pval) | 122 | if (*pval == NULL) |
| 127 | return -1; | 123 | return -1; |
| 128 | bn = (BIGNUM *)*pval; | 124 | bn = (BIGNUM *)*pval; |
| 129 | /* If MSB set in an octet we need a padding byte */ | 125 | /* If MSB set in an octet we need a padding byte */ |
| @@ -134,9 +130,10 @@ bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) | |||
| 134 | if (cont) { | 130 | if (cont) { |
| 135 | if (pad) | 131 | if (pad) |
| 136 | *cont++ = 0; | 132 | *cont++ = 0; |
| 137 | BN_bn2bin(bn, cont); | 133 | len = BN_bn2bin(bn, cont); |
| 138 | } | 134 | } else |
| 139 | return pad + BN_num_bytes(bn); | 135 | len = BN_num_bytes(bn); |
| 136 | return pad + len; | ||
| 140 | } | 137 | } |
| 141 | 138 | ||
| 142 | static int | 139 | static int |
| @@ -145,8 +142,10 @@ bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, | |||
| 145 | { | 142 | { |
| 146 | BIGNUM *bn; | 143 | BIGNUM *bn; |
| 147 | 144 | ||
| 148 | if (!*pval) | 145 | if (*pval == NULL) { |
| 149 | bn_new(pval, it); | 146 | if (bn_new(pval, it) == 0) |
| 147 | return 0; | ||
| 148 | } | ||
| 150 | bn = (BIGNUM *)*pval; | 149 | bn = (BIGNUM *)*pval; |
| 151 | if (!BN_bin2bn(cont, len, bn)) { | 150 | if (!BN_bin2bn(cont, len, bn)) { |
| 152 | bn_free(pval, it); | 151 | bn_free(pval, it); |
diff --git a/src/lib/libssl/src/crypto/asn1/x_bignum.c b/src/lib/libssl/src/crypto/asn1/x_bignum.c index 18ec64eeef..dafe9b3016 100644 --- a/src/lib/libssl/src/crypto/asn1/x_bignum.c +++ b/src/lib/libssl/src/crypto/asn1/x_bignum.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x_bignum.c,v 1.6 2014/07/11 08:44:47 jsing Exp $ */ | 1 | /* $OpenBSD: x_bignum.c,v 1.7 2014/07/12 16:42:47 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -61,14 +61,13 @@ | |||
| 61 | #include <openssl/asn1t.h> | 61 | #include <openssl/asn1t.h> |
| 62 | #include <openssl/bn.h> | 62 | #include <openssl/bn.h> |
| 63 | 63 | ||
| 64 | /* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a | 64 | /* |
| 65 | * BIGNUM directly. Currently it ignores the sign which isn't a problem since all | 65 | * Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a |
| 66 | * BIGNUMs used are non negative and anything that looks negative is normally due | 66 | * BIGNUM directly. Currently it ignores the sign which isn't a problem since |
| 67 | * to an encoding error. | 67 | * all BIGNUMs used are non negative and anything that looks negative is |
| 68 | * normally due to an encoding error. | ||
| 68 | */ | 69 | */ |
| 69 | 70 | ||
| 70 | #define BN_SENSITIVE 1 | ||
| 71 | |||
| 72 | static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it); | 71 | static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it); |
| 73 | static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it); | 72 | static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it); |
| 74 | 73 | ||
| @@ -92,7 +91,7 @@ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM" | |||
| 92 | ASN1_ITEM_end(BIGNUM) | 91 | ASN1_ITEM_end(BIGNUM) |
| 93 | 92 | ||
| 94 | ASN1_ITEM_start(CBIGNUM) | 93 | ASN1_ITEM_start(CBIGNUM) |
| 95 | ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM" | 94 | ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM" |
| 96 | ASN1_ITEM_end(CBIGNUM) | 95 | ASN1_ITEM_end(CBIGNUM) |
| 97 | 96 | ||
| 98 | static int | 97 | static int |
| @@ -108,12 +107,9 @@ bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) | |||
| 108 | static void | 107 | static void |
| 109 | bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) | 108 | bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 110 | { | 109 | { |
| 111 | if (!*pval) | 110 | if (*pval == NULL) |
| 112 | return; | 111 | return; |
| 113 | if (it->size & BN_SENSITIVE) | 112 | BN_clear_free((BIGNUM *)*pval); |
| 114 | BN_clear_free((BIGNUM *)*pval); | ||
| 115 | else | ||
| 116 | BN_free((BIGNUM *)*pval); | ||
| 117 | *pval = NULL; | 113 | *pval = NULL; |
| 118 | } | 114 | } |
| 119 | 115 | ||
| @@ -121,9 +117,9 @@ static int | |||
| 121 | bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) | 117 | bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) |
| 122 | { | 118 | { |
| 123 | BIGNUM *bn; | 119 | BIGNUM *bn; |
| 124 | int pad; | 120 | int pad, len; |
| 125 | 121 | ||
| 126 | if (!*pval) | 122 | if (*pval == NULL) |
| 127 | return -1; | 123 | return -1; |
| 128 | bn = (BIGNUM *)*pval; | 124 | bn = (BIGNUM *)*pval; |
| 129 | /* If MSB set in an octet we need a padding byte */ | 125 | /* If MSB set in an octet we need a padding byte */ |
| @@ -134,9 +130,10 @@ bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) | |||
| 134 | if (cont) { | 130 | if (cont) { |
| 135 | if (pad) | 131 | if (pad) |
| 136 | *cont++ = 0; | 132 | *cont++ = 0; |
| 137 | BN_bn2bin(bn, cont); | 133 | len = BN_bn2bin(bn, cont); |
| 138 | } | 134 | } else |
| 139 | return pad + BN_num_bytes(bn); | 135 | len = BN_num_bytes(bn); |
| 136 | return pad + len; | ||
| 140 | } | 137 | } |
| 141 | 138 | ||
| 142 | static int | 139 | static int |
| @@ -145,8 +142,10 @@ bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, | |||
| 145 | { | 142 | { |
| 146 | BIGNUM *bn; | 143 | BIGNUM *bn; |
| 147 | 144 | ||
| 148 | if (!*pval) | 145 | if (*pval == NULL) { |
| 149 | bn_new(pval, it); | 146 | if (bn_new(pval, it) == 0) |
| 147 | return 0; | ||
| 148 | } | ||
| 150 | bn = (BIGNUM *)*pval; | 149 | bn = (BIGNUM *)*pval; |
| 151 | if (!BN_bin2bn(cont, len, bn)) { | 150 | if (!BN_bin2bn(cont, len, bn)) { |
| 152 | bn_free(pval, it); | 151 | bn_free(pval, it); |