diff options
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/pem')
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/pem/pem_lib.c | 2 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/pem/pem_pk8.c | 2 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/pem/pvkfmt.c | 7 |
3 files changed, 9 insertions, 2 deletions
diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c index 5525efd3..e25cc685 100644 --- a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c +++ b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c @@ -348,7 +348,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, if (enc != NULL) { objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc)); - if (objstr == NULL) { + if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) { PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER); goto err; } diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c b/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c index fe465cc3..9edca4de 100644 --- a/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c +++ b/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c @@ -69,12 +69,12 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cb, void *u); - #ifndef OPENSSL_NO_FP_API static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cb, void *u); #endif + /* * These functions write a private key in PKCS#8 format: it is a "drop in" * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc' diff --git a/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c b/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c index 82d45273..61864468 100644 --- a/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c +++ b/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c @@ -131,6 +131,10 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r) # define MS_PVKMAGIC 0xb0b5f11eL /* Salt length for PVK files */ # define PVK_SALTLEN 0x10 +/* Maximum length in PVK header */ +# define PVK_MAX_KEYLEN 102400 +/* Maximum salt length */ +# define PVK_MAX_SALTLEN 10240 static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, unsigned int bitlen, int ispub); @@ -644,6 +648,9 @@ static int do_PVK_header(const unsigned char **in, unsigned int length, *psaltlen = read_ledword(&p); *pkeylen = read_ledword(&p); + if (*pkeylen > PVK_MAX_KEYLEN || *psaltlen > PVK_MAX_SALTLEN) + return 0; + if (is_encrypted && !*psaltlen) { PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER); return 0; |