generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix encoding bug in i2c_ASN1_INTEGER

Browse Source 
Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as
negative.

Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and
Hanno Böck <hanno@hboeck.de> for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2015-04-16 16:43:09 +01:00
parent 3ae91cfb32
commit a0eed48d37
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
crypto/asn1/a_int.c
View File

@ -125,6 +125,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
else { else {
ret = a->length; ret = a->length;
i = a->data[0]; i = a->data[0];
if (ret == 1 && i == 0)
neg = 0;
if (!neg && (i > 127)) { if (!neg && (i > 127)) {
pad = 1; pad = 1;
pb = 0; pb = 0;
@ -163,7 +165,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
p += a->length - 1; p += a->length - 1;
i = a->length; i = a->length;
/* Copy zeros to destination as long as source is zero */ /* Copy zeros to destination as long as source is zero */
while (!*n) { while (!*n && i > 1) {
*(p--) = 0; *(p--) = 0;
n--; n--;
i--; i--;
@ -418,7 +420,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR); ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
goto err; goto err;
} }
if (BN_is_negative(bn)) if (BN_is_negative(bn) && !BN_is_zero(bn))
ret->type = V_ASN1_NEG_INTEGER; ret->type = V_ASN1_NEG_INTEGER;
else else
ret->type = V_ASN1_INTEGER; ret->type = V_ASN1_INTEGER;