Stricter checks of ASN1_INTEGER to reject ASN1_NEG_INTEGER in places when

they don't make sense.

ok beck@

2 files changed, 11 insertions, 6 deletions

diff --git a/lib/libcrypto/pkcs12/p12_crpt.c b/lib/libcrypto/pkcs12/p12_crpt.c
index 0f215d2fe2d..f2d635fc623 100644
--- a/lib/libcrypto/pkcs12/p12_crpt.c
+++ b/lib/libcrypto/pkcs12/p12_crpt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_crpt.c,v 1.12 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: p12_crpt.c,v 1.13 2016/11/08 20:01:06 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -94,8 +94,11 @@ PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 
 	if (!pbe->iter)
 		iter = 1;
-	else
-		iter = ASN1_INTEGER_get (pbe->iter);
+	else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
+		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
+		PBEPARAM_free(pbe);
+		return 0;
+	}
 	salt = pbe->salt->data;
 	saltlen = pbe->salt->length;
 	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
diff --git a/lib/libcrypto/pkcs12/p12_mutl.c b/lib/libcrypto/pkcs12/p12_mutl.c
index bf88c782702..56a4964a343 100644
--- a/lib/libcrypto/pkcs12/p12_mutl.c
+++ b/lib/libcrypto/pkcs12/p12_mutl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_mutl.c,v 1.21 2015/09/30 17:30:15 jsing Exp $ */
+/* $OpenBSD: p12_mutl.c,v 1.22 2016/11/08 20:01:06 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -89,8 +89,10 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
 	saltlen = p12->mac->salt->length;
 	if (!p12->mac->iter)
 		iter = 1;
-	else
-		iter = ASN1_INTEGER_get(p12->mac->iter);
+	else if ((iter = ASN1_INTEGER_get(p12->mac->iter)) <= 0) {
+		PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_DECODE_ERROR);
+		return 0;
+	}
 	if (!(md_type = EVP_get_digestbyobj(
 	    p12->mac->dinfo->algor->algorithm))) {
 		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,