[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Tue Jan 15 11:38:39 UTC 2019


The branch master has been updated
       via  d63bde7827b0be1172f823baf25309b54aa87e0f (commit)
       via  0a5bda639f8fd59e15051cf757708e3b94bcf399 (commit)
      from  e26f653defd08334ebfa517b6715a338f543fbf1 (commit)


- Log -----------------------------------------------------------------
commit d63bde7827b0be1172f823baf25309b54aa87e0f
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Jan 14 11:22:42 2019 +0000

    Check more return values in the SRP code
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/8019)

commit 0a5bda639f8fd59e15051cf757708e3b94bcf399
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Jan 14 11:06:43 2019 +0000

    Check a return value in the SRP code
    
    Spotted by OSTIF audit
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/8019)

-----------------------------------------------------------------------

Summary of changes:
 crypto/srp/srp_lib.c |  4 +++-
 crypto/srp/srp_vfy.c | 21 ++++++++++++++++++---
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c
index c43d27a..8cba189 100644
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@@ -26,6 +26,7 @@ static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y, const BIGNUM *N)
     unsigned char *tmp = NULL;
     int numN = BN_num_bytes(N);
     BIGNUM *res = NULL;
+
     if (x != N && BN_ucmp(x, N) >= 0)
         return NULL;
     if (y != N && BN_ucmp(y, N) >= 0)
@@ -139,7 +140,8 @@ BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass)
         || !EVP_DigestFinal_ex(ctxt, dig, NULL)
         || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL))
         goto err;
-    BN_bn2bin(s, cs);
+    if (BN_bn2bin(s, cs) < 0)
+        goto err;
     if (!EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s)))
         goto err;
 
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 4ed94b7..d69e330 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -614,10 +614,14 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
         if ((len = t_fromb64(tmp, sizeof(tmp), N)) <= 0)
             goto err;
         N_bn_alloc = BN_bin2bn(tmp, len, NULL);
+        if (N_bn_alloc == NULL)
+            goto err;
         N_bn = N_bn_alloc;
         if ((len = t_fromb64(tmp, sizeof(tmp) ,g)) <= 0)
             goto err;
         g_bn_alloc = BN_bin2bn(tmp, len, NULL);
+        if (g_bn_alloc == NULL)
+            goto err;
         g_bn = g_bn_alloc;
         defgNid = "*";
     } else {
@@ -639,15 +643,19 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
             goto err;
         s = BN_bin2bn(tmp2, len, NULL);
     }
+    if (s == NULL)
+        goto err;
 
     if (!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn))
         goto err;
 
-    BN_bn2bin(v, tmp);
+    if (BN_bn2bin(v, tmp) < 0)
+        goto err;
     vfsize = BN_num_bytes(v) * 2;
     if (((vf = OPENSSL_malloc(vfsize)) == NULL))
         goto err;
-    t_tob64(vf, tmp, BN_num_bytes(v));
+    if (!t_tob64(vf, tmp, BN_num_bytes(v)))
+        goto err;
 
     if (*salt == NULL) {
         char *tmp_salt;
@@ -655,7 +663,10 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
         if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) {
             goto err;
         }
-        t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN);
+        if (!t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN)) {
+            OPENSSL_free(tmp_salt);
+            goto err;
+        }
         *salt = tmp_salt;
     }
 
@@ -702,11 +713,15 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
             goto err;
 
         salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+        if (salttmp == NULL)
+            goto err;
     } else {
         salttmp = *salt;
     }
 
     x = SRP_Calc_x(salttmp, user, pass);
+    if (x == NULL)
+        goto err;
 
     *verifier = BN_new();
     if (*verifier == NULL)


More information about the openssl-commits mailing list