diff options
author | Richard Levitte <levitte@openssl.org> | 2018-08-07 04:55:47 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2018-08-07 07:53:08 +0200 |
commit | 38eca7fed09a57c1b7a05d651af2c667b3e87719 (patch) | |
tree | f0f07d640bc646e7b603aff7fc21bb6d6a24c224 /crypto/asn1 | |
parent | 3ef97bd8cbaa7cd8ac323978207606293a48ba0d (diff) |
Make EVP_PKEY_asn1_new() stricter with its input
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6880)
Diffstat (limited to 'crypto/asn1')
-rw-r--r-- | crypto/asn1/ameth_lib.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 9b3274bc4e..9a1644148a 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -216,6 +216,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, goto err; } + /* + * One of the following must be true: + * + * pem_str == NULL AND ASN1_PKEY_ALIAS is set + * pem_str != NULL AND ASN1_PKEY_ALIAS is clear + * + * Anything else is an error and may lead to a corrupt ASN1 method table + */ + if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0) + || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0))) + goto err; + if (pem_str) { ameth->pem_str = OPENSSL_strdup(pem_str); if (!ameth->pem_str) |