diff options
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/pem')
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/pem/pem_err.c | 3 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/pem/pem_lib.c | 14 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/pem/pvkfmt.c | 7 |
3 files changed, 19 insertions, 5 deletions
diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_err.c b/Cryptlib/OpenSSL/crypto/pem/pem_err.c index e1f4fdb4..4e5f8e93 100644 --- a/Cryptlib/OpenSSL/crypto/pem/pem_err.c +++ b/Cryptlib/OpenSSL/crypto/pem/pem_err.c @@ -1,6 +1,6 @@ /* crypto/pem/pem_err.c */ /* ==================================================================== - * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -132,6 +132,7 @@ static ERR_STRING_DATA PEM_str_reasons[] = { "expecting private key blob"}, {ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB), "expecting public key blob"}, + {ERR_REASON(PEM_R_HEADER_TOO_LONG), "header too long"}, {ERR_REASON(PEM_R_INCONSISTENT_HEADER), "inconsistent header"}, {ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR), "keyblob header parse error"}, diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c index e25cc685..56c77b1f 100644 --- a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c +++ b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c @@ -105,17 +105,23 @@ int PEM_def_callback(char *buf, int num, int w, void *key) prompt = "Enter PEM pass phrase:"; for (;;) { - i = EVP_read_pw_string_min(buf, MIN_LENGTH, num, prompt, w); + /* + * We assume that w == 0 means decryption, + * while w == 1 means encryption + */ + int min_len = w ? MIN_LENGTH : 0; + + i = EVP_read_pw_string_min(buf, min_len, num, prompt, w); if (i != 0) { PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD); memset(buf, 0, (unsigned int)num); return (-1); } j = strlen(buf); - if (j < MIN_LENGTH) { + if (min_len && j < min_len) { fprintf(stderr, "phrase is too short, needs to be at least %d chars\n", - MIN_LENGTH); + min_len); } else break; } @@ -387,7 +393,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, } RAND_add(data, i, 0); /* put in the RSA key. */ OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); - if (RAND_pseudo_bytes(iv, enc->iv_len) < 0) /* Generate a salt */ + if (RAND_bytes(iv, enc->iv_len) <= 0) /* Generate a salt */ goto err; /* * The 'iv' is used as the iv and as a salt. It is NOT taken from diff --git a/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c b/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c index 61864468..1ce5a1e3 100644 --- a/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c +++ b/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c @@ -127,6 +127,9 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r) # define MS_KEYTYPE_KEYX 0x1 # define MS_KEYTYPE_SIGN 0x2 +/* Maximum length of a blob after header */ +# define BLOB_MAX_LENGTH 102400 + /* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */ # define MS_PVKMAGIC 0xb0b5f11eL /* Salt length for PVK files */ @@ -272,6 +275,10 @@ static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) return NULL; length = blob_length(bitlen, isdss, ispub); + if (length > BLOB_MAX_LENGTH) { + PEMerr(PEM_F_DO_B2I_BIO, PEM_R_HEADER_TOO_LONG); + return NULL; + } buf = OPENSSL_malloc(length); if (!buf) { PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE); |