mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-23 14:42:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add version field check to PKCS8 decoder

Browse Source 
Fixes #26459

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26464)
This commit is contained in:
Michael Baentsch 2025-01-18 09:58:33 +01:00 committed by Tomas Mraz
parent 40c01d8ddc
commit 6ab286f9eb
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
crypto/asn1/d2i_pr.c
View File

@ -21,6 +21,7 @@
#include <openssl/asn1.h>
#include "crypto/asn1.h"
#include "crypto/evp.h"
#include "crypto/x509.h"
#include "internal/asn1.h"
#include "internal/sizes.h"
@ -51,6 +52,16 @@ d2i_PrivateKey_decoder(int keytype, EVP_PKEY **a, const unsigned char **pp,
p8info = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, len);
ERR_pop_to_mark();
if (p8info != NULL) {
int64_t v;
/* ascertain version is 0 or 1 as per RFC5958 */
if (!ASN1_INTEGER_get_int64(&v, p8info->version)
|| (v != 0 && v != 1)) {
*pp = p;
ERR_raise(ERR_LIB_ASN1, ASN1_R_ASN1_PARSE_ERROR);
PKCS8_PRIV_KEY_INFO_free(p8info);
return NULL;
}
if (key_name == NULL
&& PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8info)
&& OBJ_obj2txt(keytypebuf, sizeof(keytypebuf), algoid, 0))