diff options
-rw-r--r-- | crypto/cms/cms_dh.c | 2 | ||||
-rw-r--r-- | crypto/cms/cms_ec.c | 12 | ||||
-rw-r--r-- | providers/implementations/signature/rsa_sig.c | 9 |
3 files changed, 15 insertions, 8 deletions
diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c index ea8b24528f..c1b763e98e 100644 --- a/crypto/cms/cms_dh.c +++ b/crypto/cms/cms_dh.c @@ -309,7 +309,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) */ penc = NULL; penclen = i2d_X509_ALGOR(wrap_alg, &penc); - if (penc == NULL || penclen == 0) + if (penclen <= 0) goto err; wrap_str = ASN1_STRING_new(); if (wrap_str == NULL) diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c index 896eda61da..2e4f19552f 100644 --- a/crypto/cms/cms_ec.c +++ b/crypto/cms/cms_ec.c @@ -8,6 +8,7 @@ */ #include <assert.h> +#include <limits.h> #include <openssl/cms.h> #include <openssl/err.h> #include <openssl/decoder.h> @@ -258,7 +259,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) ASN1_STRING *wrap_str; ASN1_OCTET_STRING *ukm; unsigned char *penc = NULL; - size_t penclen; + int penclen; int rv = 0; int ecdh_nid, kdf_type, kdf_nid, wrap_nid; const EVP_MD *kdf_md; @@ -275,9 +276,12 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) /* Is everything uninitialised? */ if (aoid == OBJ_nid2obj(NID_undef)) { /* Set the key */ + size_t enckeylen; - penclen = EVP_PKEY_get1_encoded_public_key(pkey, &penc); - ASN1_STRING_set0(pubkey, penc, penclen); + enckeylen = EVP_PKEY_get1_encoded_public_key(pkey, &penc); + if (enckeylen > INT_MAX || enckeylen == 0) + goto err; + ASN1_STRING_set0(pubkey, penc, (int)enckeylen); ossl_asn1_string_set_bits_left(pubkey, 0); penc = NULL; @@ -358,7 +362,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) * of another AlgorithmIdentifier. */ penclen = i2d_X509_ALGOR(wrap_alg, &penc); - if (penc == NULL || penclen == 0) + if (penclen <= 0) goto err; wrap_str = ASN1_STRING_new(); if (wrap_str == NULL) diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c index e0faf1c1ad..4ebb6517d6 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c @@ -834,14 +834,17 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen, return 0; } } else { + int ret; + if (!setup_tbuf(prsactx)) return 0; - rslen = RSA_public_decrypt(siglen, sig, prsactx->tbuf, prsactx->rsa, - prsactx->pad_mode); - if (rslen <= 0) { + ret = RSA_public_decrypt(siglen, sig, prsactx->tbuf, prsactx->rsa, + prsactx->pad_mode); + if (ret <= 0) { ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); return 0; } + rslen = (size_t)ret; } if ((rslen != tbslen) || memcmp(tbs, prsactx->tbuf, rslen)) |