aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/pem
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2016-05-03 18:02:01 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2016-05-03 18:02:01 +0000
commit47b11f985b9e0ff561a67e19674de6fbcf79281d (patch)
treeda6c0490c1781cf42777777890fc53da00f780ed /crypto/pem
parent8f9fae4c4537bd423d1a266b3280c396a2e90f44 (diff)
downloadsrc-47b11f985b9e0ff561a67e19674de6fbcf79281d.tar.gz
src-47b11f985b9e0ff561a67e19674de6fbcf79281d.zip
Import OpenSSL 1.0.1t.vendor/openssl/1.0.1t
Notes
Notes: svn path=/vendor-crypto/openssl/dist-1.0.1/; revision=298993 svn path=/vendor-crypto/openssl/1.0.1t/; revision=298994; tag=vendor/openssl/1.0.1t
Diffstat (limited to 'crypto/pem')
-rw-r--r--crypto/pem/pem_lib.c2
-rw-r--r--crypto/pem/pvkfmt.c7
2 files changed, 8 insertions, 1 deletions
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 55071616e203..ab45a84fa265 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -344,7 +344,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
if (enc != NULL) {
objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
- if (objstr == NULL) {
+ if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
goto err;
}
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 82d45273ed16..61864468f6d4 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -131,6 +131,10 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
# define MS_PVKMAGIC 0xb0b5f11eL
/* Salt length for PVK files */
# define PVK_SALTLEN 0x10
+/* Maximum length in PVK header */
+# define PVK_MAX_KEYLEN 102400
+/* Maximum salt length */
+# define PVK_MAX_SALTLEN 10240
static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
unsigned int bitlen, int ispub);
@@ -644,6 +648,9 @@ static int do_PVK_header(const unsigned char **in, unsigned int length,
*psaltlen = read_ledword(&p);
*pkeylen = read_ledword(&p);
+ if (*pkeylen > PVK_MAX_KEYLEN || *psaltlen > PVK_MAX_SALTLEN)
+ return 0;
+
if (is_encrypted && !*psaltlen) {
PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
return 0;