generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Explicitly check for empty ASN.1 strings in d2i_ECPrivateKey

Browse Source 
The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer
when the buffer length is 0. Change this to verify explicitly that the ASN.1 string
has positive length.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 82dc08de54ce443c2a9ac478faffe79e76157795)
This commit is contained in:
Emilia Kasper 2014-08-25 12:38:16 +02:00
parent 10be715b95
commit 05f61fb27e
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
crypto/ec/ec_asn1.c
View File

@ -1179,14 +1179,20 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
if (priv_key->publicKey) if (priv_key->publicKey)
{ {
const unsigned char *pub_oct; const unsigned char *pub_oct;
size_t pub_oct_len; int pub_oct_len;
pub_oct = M_ASN1_STRING_data(priv_key->publicKey); pub_oct = M_ASN1_STRING_data(priv_key->publicKey);
pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey); pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey);
/* save the point conversion form */ /* The first byte - point conversion form - must be present. */
if (pub_oct_len <= 0)
{
ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_BUFFER_TOO_SMALL);
goto err;
}
/* Save the point conversion form. */
ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01); ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01);
if (!EC_POINT_oct2point(ret->group, ret->pub_key, if (!EC_POINT_oct2point(ret->group, ret->pub_key,
pub_oct, pub_oct_len, NULL)) pub_oct, (size_t)(pub_oct_len), NULL))
{ {
ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
goto err; goto err;