Make EVP_PKEY_asn1_add0() stricter about its input (a8600316) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+3 −0

Original line number	Diff line number	Diff line
		@@ -9,6 +9,9 @@

		Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]

		*) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0().
		[Richard Levitte]

		*) Change the license to the Apache License v2.0.
		[Richard Levitte]

+16 −12

Original line number	Diff line number	Diff line
		@@ -140,6 +140,22 @@ int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
		{
		EVP_PKEY_ASN1_METHOD tmp = { 0, };

		/*
		* One of the following must be true:
		*
		* pem_str == NULL AND ASN1_PKEY_ALIAS is set
		* pem_str != NULL AND ASN1_PKEY_ALIAS is clear
		*
		* Anything else is an error and may lead to a corrupt ASN1 method table
		*/
		if (!((ameth->pem_str == NULL
		&& (ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0)
		\|\| (ameth->pem_str != NULL
		&& (ameth->pkey_flags & ASN1_PKEY_ALIAS) == 0))) {
		EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0, ERR_R_PASSED_INVALID_ARGUMENT);
		return 0;
		}

		if (app_methods == NULL) {
		app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
		if (app_methods == NULL)
		@@ -216,18 +232,6 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
		goto err;
		}

		/*
		* One of the following must be true:
		*
		* pem_str == NULL AND ASN1_PKEY_ALIAS is set
		* pem_str != NULL AND ASN1_PKEY_ALIAS is clear
		*
		* Anything else is an error and may lead to a corrupt ASN1 method table
		*/
		if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
		\|\| (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
		goto err;

		if (pem_str) {
		ameth->pem_str = OPENSSL_strdup(pem_str);
		if (!ameth->pem_str)