mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Make EVP_PKEY_asn1_add0() stricter about its input

Browse Source 
It turns out that the strictness that was implemented in
EVP_PKEY_asn1_new() (see Github openssl/openssl#6880) was badly placed
for some usages, and that it's better to do this check only when the
method is getting registered.

Fixes #7758

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7847)
This commit is contained in:
Richard Levitte 2018-12-07 09:26:04 +01:00
parent 95b7926bc3
commit a860031621
2 changed files with 19 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -9,6 +9,9 @@
Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
*) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0().
[Richard Levitte]
*) Change the license to the Apache License v2.0. *) Change the license to the Apache License v2.0.
[Richard Levitte] [Richard Levitte]

28
crypto/asn1/ameth_lib.c
View File

@ -140,6 +140,22 @@ int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
{ {
EVP_PKEY_ASN1_METHOD tmp = { 0, }; EVP_PKEY_ASN1_METHOD tmp = { 0, };
/*
* One of the following must be true:
*
* pem_str == NULL AND ASN1_PKEY_ALIAS is set
* pem_str != NULL AND ASN1_PKEY_ALIAS is clear
*
* Anything else is an error and may lead to a corrupt ASN1 method table
*/
if (!((ameth->pem_str == NULL
&& (ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0)
|| (ameth->pem_str != NULL
&& (ameth->pkey_flags & ASN1_PKEY_ALIAS) == 0))) {
EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0, ERR_R_PASSED_INVALID_ARGUMENT);
return 0;
}
if (app_methods == NULL) { if (app_methods == NULL) {
app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp); app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
if (app_methods == NULL) if (app_methods == NULL)
@ -216,18 +232,6 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
goto err; goto err;
} }
/*
* One of the following must be true:
*
* pem_str == NULL AND ASN1_PKEY_ALIAS is set
* pem_str != NULL AND ASN1_PKEY_ALIAS is clear
*
* Anything else is an error and may lead to a corrupt ASN1 method table
*/
if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
|| (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
goto err;
if (pem_str) { if (pem_str) {
ameth->pem_str = OPENSSL_strdup(pem_str); ameth->pem_str = OPENSSL_strdup(pem_str);
if (!ameth->pem_str) if (!ameth->pem_str)