-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix encoding bug in i2c_ASN1_INTEGER
Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as negative. Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and Hanno Böck <hanno@hboeck.de> for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry-picked from a0eed48d37a4b7beea0c966caf09ad46f4a92a44) Bug: 28175332 Change-Id: I4366a15dee46a02e67746fd1642f2a7bd17f8f84
- Loading branch information
Showing
3 changed files
with
55 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
From: "Dr. Stephen Henson" <steve@openssl.org> | ||
Date: Thu, 16 Apr 2015 16:43:09 +0100 | ||
Subject: [PATCH] Fix encoding bug in i2c_ASN1_INTEGER | ||
|
||
Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as | ||
negative. | ||
|
||
Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and | ||
Hanno Böck <hanno@hboeck.de> for reporting this issue. | ||
|
||
Reviewed-by: Rich Salz <rsalz@openssl.org> | ||
|
||
--- | ||
crypto/asn1/a_int.c | 6 ++++-- | ||
1 file changed, 4 insertions(+), 2 deletions(-) | ||
|
||
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c | ||
index ad0d250..6574260 100644 | ||
--- a/crypto/asn1/a_int.c | ||
+++ b/crypto/asn1/a_int.c | ||
@@ -124,6 +124,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) | ||
{ | ||
ret=a->length; | ||
i=a->data[0]; | ||
+ if (ret == 1 && i == 0) | ||
+ neg = 0; | ||
if (!neg && (i > 127)) { | ||
pad=1; | ||
pb=0; | ||
@@ -157,7 +159,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) | ||
p += a->length - 1; | ||
i = a->length; | ||
/* Copy zeros to destination as long as source is zero */ | ||
- while(!*n) { | ||
+ while(!*n && i > 1) { | ||
*(p--) = 0; | ||
n--; | ||
i--; | ||
@@ -415,7 +417,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) | ||
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR); | ||
goto err; | ||
} | ||
- if (BN_is_negative(bn)) | ||
+ if (BN_is_negative(bn) && !BN_is_zero(bn)) | ||
ret->type = V_ASN1_NEG_INTEGER; | ||
else ret->type=V_ASN1_INTEGER; | ||
j=BN_num_bits(bn); | ||
-- | ||
2.8.0.rc3.226.g39d4020 | ||
|