[openssl-commits] [openssl] master update
Paul I. Dale
pauli at openssl.org
Wed Aug 29 03:47:56 UTC 2018
The branch master has been updated
via 307a494e5b01ff9f334a8242d31b8254c7c54baa (commit)
from 7d38ca3f8bca58bf7b69e78c1f1ab69e5f429dff (commit)
- Log -----------------------------------------------------------------
commit 307a494e5b01ff9f334a8242d31b8254c7c54baa
Author: ymlbright <yml_bright at 163.com>
Date: Wed Aug 22 11:22:11 2018 +0800
fix out-of-bounds write in sm2_crypt.c
asn1_encode has two form length octets: short form(1 byte), long form(1+n byte).
CLA: Trivial
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7027)
-----------------------------------------------------------------------
Summary of changes:
crypto/sm2/sm2_crypt.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c
index 9e78873..9c69a45 100644
--- a/crypto/sm2/sm2_crypt.c
+++ b/crypto/sm2/sm2_crypt.c
@@ -91,11 +91,18 @@ int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
{
const size_t field_size = ec_field_size(EC_KEY_get0_group(key));
const int md_size = EVP_MD_size(digest);
+ size_t sz;
if (field_size == 0 || md_size < 0)
return 0;
- *ct_size = 12 + 2 * field_size + (size_t)md_size + msg_len;
+ /* Integer and string are simple type; set constructed = 0, means primitive and definite length encoding. */
+ sz = 2 * ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER)
+ + ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING)
+ + ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING);
+ /* Sequence is structured type; set constructed = 1, means constructed and definite length encoding. */
+ *ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE);
+
return 1;
}
More information about the openssl-commits
mailing list