From f72a7ce8bc0a5c0866c6a848a7f54854d67aeba2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 7 Aug 2018 06:21:43 +0200 Subject: [PATCH] Make EVP_PKEY_asn1_new() stricter with its input Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6881) --- CHANGES | 5 +++++ crypto/asn1/ameth_lib.c | 12 ++++++++++++ 2 files changed, 17 insertions(+) diff --git a/CHANGES b/CHANGES index b8e2f862d5..4f24046920 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,11 @@ Changes between 1.0.2o and 1.0.2p [xx XXX xxxx] + *) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str + parameter is no longer accepted, as it leads to a corrupt table. NULL + pem_str is reserved for alias entries only. + [Richard Levitte] + *) Revert blinding in ECDSA sign and instead make problematic addition length-invariant. Switch even to fixed-length Montgomery multiplication. [Andy Polyakov] diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 43ddebba33..8f490718e1 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -305,6 +305,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, } else ameth->info = NULL; + /* + * One of the following must be true: + * + * pem_str == NULL AND ASN1_PKEY_ALIAS is set + * pem_str != NULL AND ASN1_PKEY_ALIAS is clear + * + * Anything else is an error and may lead to a corrupt ASN1 method table + */ + if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0) + || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0))) + goto err; + if (pem_str) { ameth->pem_str = BUF_strdup(pem_str); if (!ameth->pem_str) -- 2.25.1