diff options
| author | Rémi Verschelde <rverschelde@gmail.com> | 2017-05-27 17:50:43 +0200 |
|---|---|---|
| committer | Rémi Verschelde <rverschelde@gmail.com> | 2017-05-27 19:08:07 +0200 |
| commit | 67305d1b0a6dbcdb032d5a5a0e92122cf8f10b8d (patch) | |
| tree | 3502be2b2ae57c73fa21bd7b4a20dc02aab3aa06 /thirdparty/openssl/crypto/pem | |
| parent | 996f1ae29e8d9bd2719f0dc72bfde6a8d77b1b12 (diff) | |
| download | redot-engine-67305d1b0a6dbcdb032d5a5a0e92122cf8f10b8d.tar.gz | |
openssl: Sync with upstream 1.0.2l
Diffstat (limited to 'thirdparty/openssl/crypto/pem')
| -rw-r--r-- | thirdparty/openssl/crypto/pem/pem_err.c | 3 | ||||
| -rw-r--r-- | thirdparty/openssl/crypto/pem/pem_lib.c | 14 | ||||
| -rw-r--r-- | thirdparty/openssl/crypto/pem/pvkfmt.c | 7 |
3 files changed, 19 insertions, 5 deletions
diff --git a/thirdparty/openssl/crypto/pem/pem_err.c b/thirdparty/openssl/crypto/pem/pem_err.c index e1f4fdb432..4e5f8e936c 100644 --- a/thirdparty/openssl/crypto/pem/pem_err.c +++ b/thirdparty/openssl/crypto/pem/pem_err.c @@ -1,6 +1,6 @@ /* crypto/pem/pem_err.c */ /* ==================================================================== - * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -132,6 +132,7 @@ static ERR_STRING_DATA PEM_str_reasons[] = { "expecting private key blob"}, {ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB), "expecting public key blob"}, + {ERR_REASON(PEM_R_HEADER_TOO_LONG), "header too long"}, {ERR_REASON(PEM_R_INCONSISTENT_HEADER), "inconsistent header"}, {ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR), "keyblob header parse error"}, diff --git a/thirdparty/openssl/crypto/pem/pem_lib.c b/thirdparty/openssl/crypto/pem/pem_lib.c index fe881d6641..c82b3c0ae2 100644 --- a/thirdparty/openssl/crypto/pem/pem_lib.c +++ b/thirdparty/openssl/crypto/pem/pem_lib.c @@ -105,17 +105,23 @@ int PEM_def_callback(char *buf, int num, int w, void *key) prompt = "Enter PEM pass phrase:"; for (;;) { - i = EVP_read_pw_string_min(buf, MIN_LENGTH, num, prompt, w); + /* + * We assume that w == 0 means decryption, + * while w == 1 means encryption + */ + int min_len = w ? MIN_LENGTH : 0; + + i = EVP_read_pw_string_min(buf, min_len, num, prompt, w); if (i != 0) { PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD); memset(buf, 0, (unsigned int)num); return (-1); } j = strlen(buf); - if (j < MIN_LENGTH) { + if (min_len && j < min_len) { fprintf(stderr, "phrase is too short, needs to be at least %d chars\n", - MIN_LENGTH); + min_len); } else break; } @@ -387,7 +393,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, } RAND_add(data, i, 0); /* put in the RSA key. */ OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); - if (RAND_pseudo_bytes(iv, enc->iv_len) < 0) /* Generate a salt */ + if (RAND_bytes(iv, enc->iv_len) <= 0) /* Generate a salt */ goto err; /* * The 'iv' is used as the iv and as a salt. It is NOT taken from diff --git a/thirdparty/openssl/crypto/pem/pvkfmt.c b/thirdparty/openssl/crypto/pem/pvkfmt.c index 61864468f6..1ce5a1e319 100644 --- a/thirdparty/openssl/crypto/pem/pvkfmt.c +++ b/thirdparty/openssl/crypto/pem/pvkfmt.c @@ -127,6 +127,9 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r) # define MS_KEYTYPE_KEYX 0x1 # define MS_KEYTYPE_SIGN 0x2 +/* Maximum length of a blob after header */ +# define BLOB_MAX_LENGTH 102400 + /* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */ # define MS_PVKMAGIC 0xb0b5f11eL /* Salt length for PVK files */ @@ -272,6 +275,10 @@ static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) return NULL; length = blob_length(bitlen, isdss, ispub); + if (length > BLOB_MAX_LENGTH) { + PEMerr(PEM_F_DO_B2I_BIO, PEM_R_HEADER_TOO_LONG); + return NULL; + } buf = OPENSSL_malloc(length); if (!buf) { PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE); |