diff options
author | Nicola Tuveri <nic.tuv@gmail.com> | 2020-06-29 00:53:46 +0300 |
---|---|---|
committer | Nicola Tuveri <nic.tuv@gmail.com> | 2020-07-04 14:56:25 +0300 |
commit | 2797fea7608063f54cf45763d1a7ae60a67dae65 (patch) | |
tree | b3127be1468495fe60c597eba8e861ead7b0f9c9 | |
parent | a98fa843b8ab00e8f3b966a1f5321aaffe805100 (diff) |
[EC][ASN1] Detect missing OID when serializing EC parameters and keys
The following built-in curves do not have an assigned OID:
- Oakley-EC2N-3
- Oakley-EC2N-4
In general we shouldn't assume that an OID is always available.
This commit detects such cases, raises an error and returns appropriate
return values so that the condition can be detected and correctly
handled by the callers, when serializing EC parameters or EC keys with
the default `ec_param_enc:named_curve`.
Fixes #12306
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12312)
-rw-r--r-- | crypto/ec/ec_ameth.c | 9 | ||||
-rw-r--r-- | crypto/ec/ec_asn1.c | 11 | ||||
-rw-r--r-- | crypto/ec/ec_err.c | 3 | ||||
-rw-r--r-- | crypto/err/openssl.txt | 1 | ||||
-rw-r--r-- | crypto/pem/pem_lib.c | 2 | ||||
-rw-r--r-- | include/openssl/ecerr.h | 3 |
6 files changed, 23 insertions, 6 deletions
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index b7b82e54a3..06e2519c20 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -35,7 +35,14 @@ static int eckey_param2type(int *pptype, void **ppval, const EC_KEY *ec_key) && (nid = EC_GROUP_get_curve_name(group))) /* we have a 'named curve' => just set the OID */ { - *ppval = OBJ_nid2obj(nid); + ASN1_OBJECT *asn1obj = OBJ_nid2obj(nid); + + if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { + ASN1_OBJECT_free(asn1obj); + ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_OID); + return 0; + } + *ppval = asn1obj; *pptype = V_ASN1_OBJECT; } else { /* explicit parameters */ diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 006f9a5dea..96e7d83ea7 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -547,9 +547,16 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, */ tmp = EC_GROUP_get_curve_name(group); if (tmp) { - ret->type = 0; - if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL) + ASN1_OBJECT *asn1obj = OBJ_nid2obj(tmp); + + if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { + ASN1_OBJECT_free(asn1obj); + ECerr(EC_F_EC_GROUP_GET_ECPKPARAMETERS, EC_R_MISSING_OID); ok = 0; + } else { + ret->type = 0; + ret->value.named_curve = asn1obj; + } } else /* we don't know the nid => ERROR */ ok = 0; diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index ce34938232..bfe7422650 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -341,6 +341,7 @@ static const ERR_STRING_DATA EC_str_reasons[] = { {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_POST_FAILURE), "ladder post failure"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_PRE_FAILURE), "ladder pre failure"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_STEP_FAILURE), "ladder step failure"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_OID), "missing OID"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PARAMETERS), "missing parameters"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PRIVATE_KEY), "missing private key"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_NEED_NEW_SETUP_VALUES), diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index c90df98c29..3ca271beb5 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2165,6 +2165,7 @@ EC_R_KEYS_NOT_SET:140:keys not set EC_R_LADDER_POST_FAILURE:136:ladder post failure EC_R_LADDER_PRE_FAILURE:153:ladder pre failure EC_R_LADDER_STEP_FAILURE:162:ladder step failure +EC_R_MISSING_OID:167:missing OID EC_R_MISSING_PARAMETERS:124:missing parameters EC_R_MISSING_PRIVATE_KEY:125:missing private key EC_R_NEED_NEW_SETUP_VALUES:157:need new setup values diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 093ba09aeb..4406365ee8 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -332,7 +332,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, } } - if ((dsize = i2d(x, NULL)) < 0) { + if ((dsize = i2d(x, NULL)) <= 0) { PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB); dsize = 0; goto err; diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h index f7b9183456..51738113dc 100644 --- a/include/openssl/ecerr.h +++ b/include/openssl/ecerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -243,6 +243,7 @@ int ERR_load_EC_strings(void); # define EC_R_LADDER_POST_FAILURE 136 # define EC_R_LADDER_PRE_FAILURE 153 # define EC_R_LADDER_STEP_FAILURE 162 +# define EC_R_MISSING_OID 167 # define EC_R_MISSING_PARAMETERS 124 # define EC_R_MISSING_PRIVATE_KEY 125 # define EC_R_NEED_NEW_SETUP_VALUES 157 |