diff options
| author |   miod <miod@openbsd.org> | 2015-07-16 18:21:57 +0000 |
|---|---|---|
| committer | miod <miod@openbsd.org> | 2015-07-16 18:21:57 +0000 |
| commit | 66523f28fc90e83bebd99339c1bc69c0a7222131 (patch) | |
| tree | 752baa3abc6f8718ffb157d444b140895cd47ef8 | |
| parent | Use sysread instead of <STDIN> for the stream. (diff) | |
| download | wireguard-openbsd-66523f28fc90e83bebd99339c1bc69c0a7222131.tar.xz wireguard-openbsd-66523f28fc90e83bebd99339c1bc69c0a7222131.zip | |
Enforce V_ASN1_OCTET_STRING type before accessing the object as octet string;
from OpenSSL (RT #3683)
ok doug@ jsing@
| -rw-r--r-- | lib/libcrypto/asn1/p8_pkey.c | 6 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/asn1/p8_pkey.c | 6 |
2 files changed, 8 insertions, 4 deletions
diff --git a/lib/libcrypto/asn1/p8_pkey.c b/lib/libcrypto/asn1/p8_pkey.c index e7edda714bd..2f7a469673b 100644 --- a/lib/libcrypto/asn1/p8_pkey.c +++ b/lib/libcrypto/asn1/p8_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p8_pkey.c,v 1.15 2015/02/11 04:00:39 jsing Exp $ */ +/* $OpenBSD: p8_pkey.c,v 1.16 2015/07/16 18:21:57 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -68,7 +68,9 @@ pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ if (operation == ASN1_OP_FREE_PRE) { PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; - if (key->pkey->value.octet_string) + if (key->pkey != NULL && + key->pkey->type == V_ASN1_OCTET_STRING && + key->pkey->value.octet_string != NULL) OPENSSL_cleanse(key->pkey->value.octet_string->data, key->pkey->value.octet_string->length); } diff --git a/lib/libssl/src/crypto/asn1/p8_pkey.c b/lib/libssl/src/crypto/asn1/p8_pkey.c index e7edda714bd..2f7a469673b 100644 --- a/lib/libssl/src/crypto/asn1/p8_pkey.c +++ b/lib/libssl/src/crypto/asn1/p8_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p8_pkey.c,v 1.15 2015/02/11 04:00:39 jsing Exp $ */ +/* $OpenBSD: p8_pkey.c,v 1.16 2015/07/16 18:21:57 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -68,7 +68,9 @@ pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ if (operation == ASN1_OP_FREE_PRE) { PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; - if (key->pkey->value.octet_string) + if (key->pkey != NULL && + key->pkey->type == V_ASN1_OCTET_STRING && + key->pkey->value.octet_string != NULL) OPENSSL_cleanse(key->pkey->value.octet_string->data, key->pkey->value.octet_string->length); } |