diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-04-16 16:43:09 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-04-18 14:41:06 +0100 |
commit | a0eed48d37a4b7beea0c966caf09ad46f4a92a44 (patch) | |
tree | e92d87cacfd368b707f388c4ea90257127dedac5 /crypto/asn1/a_int.c | |
parent | 3ae91cfb327c9ed689b9aaf7bca01a3f5a0657cb (diff) | |
download | openssl-a0eed48d37a4b7beea0c966caf09ad46f4a92a44.tar.gz |
Fix encoding bug in i2c_ASN1_INTEGER
Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as
negative.
Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and
Hanno Böck <hanno@hboeck.de> for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto/asn1/a_int.c')
-rw-r--r-- | crypto/asn1/a_int.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index f7f90ff901..3920d5ce96 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -125,6 +125,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) else { ret = a->length; i = a->data[0]; + if (ret == 1 && i == 0) + neg = 0; if (!neg && (i > 127)) { pad = 1; pb = 0; @@ -163,7 +165,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) p += a->length - 1; i = a->length; /* Copy zeros to destination as long as source is zero */ - while (!*n) { + while (!*n && i > 1) { *(p--) = 0; n--; i--; @@ -418,7 +420,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR); goto err; } - if (BN_is_negative(bn)) + if (BN_is_negative(bn) && !BN_is_zero(bn)) ret->type = V_ASN1_NEG_INTEGER; else ret->type = V_ASN1_INTEGER; |