projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Don't try and verify signatures if key is NULL (CVE-2013-0166)
[openssl.git]
/
crypto
/
asn1
/
a_verify.c
diff --git
a/crypto/asn1/a_verify.c
b/crypto/asn1/a_verify.c
index d34e2871773dedf55af6a7ee91d1b87f16e16cb6..7ded69b170f665825ee1d58135c12862c756f5f2 100644
(file)
--- a/
crypto/asn1/a_verify.c
+++ b/
crypto/asn1/a_verify.c
@@
-73,8
+73,7
@@
#ifndef NO_ASN1_OLD
#ifndef NO_ASN1_OLD
-int ASN1_verify(int (*i2d)(void *, unsigned char **),
- X509_ALGOR *a, ASN1_BIT_STRING *signature,
+int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
char *data, EVP_PKEY *pkey)
{
EVP_MD_CTX ctx;
char *data, EVP_PKEY *pkey)
{
EVP_MD_CTX ctx;
@@
-101,7
+100,12
@@
int ASN1_verify(int (*i2d)(void *, unsigned char **),
p=buf_in;
i2d(data,&p);
p=buf_in;
i2d(data,&p);
- EVP_VerifyInit_ex(&ctx,type, NULL);
+ if (!EVP_VerifyInit_ex(&ctx,type, NULL))
+ {
+ ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+ ret=0;
+ goto err;
+ }
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
OPENSSL_cleanse(buf_in,(unsigned int)inl);
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
OPENSSL_cleanse(buf_in,(unsigned int)inl);
@@
-134,29
+138,36
@@
int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
unsigned char *buf_in=NULL;
int ret= -1,i,inl;
unsigned char *buf_in=NULL;
int ret= -1,i,inl;
+ if (!pkey)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
+ return -1;
+ }
+
EVP_MD_CTX_init(&ctx);
i=OBJ_obj2nid(a->algorithm);
type=EVP_get_digestbyname(OBJ_nid2sn(i));
if (type == NULL)
{
EVP_MD_CTX_init(&ctx);
i=OBJ_obj2nid(a->algorithm);
type=EVP_get_digestbyname(OBJ_nid2sn(i));
if (type == NULL)
{
- ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+ ASN1err(ASN1_F_ASN1_
ITEM_
VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
goto err;
}
goto err;
}
- inl = ASN1_item_i2d(asn, &buf_in, it);
-
- if (buf_in == NULL)
+ if (!EVP_VerifyInit_ex(&ctx,type, NULL))
{
{
- ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
+ ret=0;
goto err;
}
goto err;
}
- if (!EVP_VerifyInit_ex(&ctx,type, NULL))
+ inl = ASN1_item_i2d(asn, &buf_in, it);
+
+ if (buf_in == NULL)
{
{
- ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
- ret=0;
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE);
goto err;
}
goto err;
}
+
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
OPENSSL_cleanse(buf_in,(unsigned int)inl);
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
OPENSSL_cleanse(buf_in,(unsigned int)inl);
@@
-165,7
+176,7
@@
int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
(unsigned int)signature->length,pkey) <= 0)
{
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
(unsigned int)signature->length,pkey) <= 0)
{
- ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+ ASN1err(ASN1_F_ASN1_
ITEM_
VERIFY,ERR_R_EVP_LIB);
ret=0;
goto err;
}
ret=0;
goto err;
}