[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Tue Jan 15 11:38:39 UTC 2019
The branch master has been updated
via d63bde7827b0be1172f823baf25309b54aa87e0f (commit)
via 0a5bda639f8fd59e15051cf757708e3b94bcf399 (commit)
from e26f653defd08334ebfa517b6715a338f543fbf1 (commit)
- Log -----------------------------------------------------------------
commit d63bde7827b0be1172f823baf25309b54aa87e0f
Author: Matt Caswell <matt at openssl.org>
Date: Mon Jan 14 11:22:42 2019 +0000
Check more return values in the SRP code
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8019)
commit 0a5bda639f8fd59e15051cf757708e3b94bcf399
Author: Matt Caswell <matt at openssl.org>
Date: Mon Jan 14 11:06:43 2019 +0000
Check a return value in the SRP code
Spotted by OSTIF audit
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8019)
-----------------------------------------------------------------------
Summary of changes:
crypto/srp/srp_lib.c | 4 +++-
crypto/srp/srp_vfy.c | 21 ++++++++++++++++++---
2 files changed, 21 insertions(+), 4 deletions(-)
diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c
index c43d27a..8cba189 100644
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@@ -26,6 +26,7 @@ static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y, const BIGNUM *N)
unsigned char *tmp = NULL;
int numN = BN_num_bytes(N);
BIGNUM *res = NULL;
+
if (x != N && BN_ucmp(x, N) >= 0)
return NULL;
if (y != N && BN_ucmp(y, N) >= 0)
@@ -139,7 +140,8 @@ BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass)
|| !EVP_DigestFinal_ex(ctxt, dig, NULL)
|| !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL))
goto err;
- BN_bn2bin(s, cs);
+ if (BN_bn2bin(s, cs) < 0)
+ goto err;
if (!EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s)))
goto err;
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 4ed94b7..d69e330 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -614,10 +614,14 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
if ((len = t_fromb64(tmp, sizeof(tmp), N)) <= 0)
goto err;
N_bn_alloc = BN_bin2bn(tmp, len, NULL);
+ if (N_bn_alloc == NULL)
+ goto err;
N_bn = N_bn_alloc;
if ((len = t_fromb64(tmp, sizeof(tmp) ,g)) <= 0)
goto err;
g_bn_alloc = BN_bin2bn(tmp, len, NULL);
+ if (g_bn_alloc == NULL)
+ goto err;
g_bn = g_bn_alloc;
defgNid = "*";
} else {
@@ -639,15 +643,19 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
goto err;
s = BN_bin2bn(tmp2, len, NULL);
}
+ if (s == NULL)
+ goto err;
if (!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn))
goto err;
- BN_bn2bin(v, tmp);
+ if (BN_bn2bin(v, tmp) < 0)
+ goto err;
vfsize = BN_num_bytes(v) * 2;
if (((vf = OPENSSL_malloc(vfsize)) == NULL))
goto err;
- t_tob64(vf, tmp, BN_num_bytes(v));
+ if (!t_tob64(vf, tmp, BN_num_bytes(v)))
+ goto err;
if (*salt == NULL) {
char *tmp_salt;
@@ -655,7 +663,10 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) {
goto err;
}
- t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN);
+ if (!t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN)) {
+ OPENSSL_free(tmp_salt);
+ goto err;
+ }
*salt = tmp_salt;
}
@@ -702,11 +713,15 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
goto err;
salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+ if (salttmp == NULL)
+ goto err;
} else {
salttmp = *salt;
}
x = SRP_Calc_x(salttmp, user, pass);
+ if (x == NULL)
+ goto err;
*verifier = BN_new();
if (*verifier == NULL)
More information about the openssl-commits
mailing list