add paranoia: check all arguments before
dereferencing them to prevent segfaults. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2708 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
bc23ab4cd2
commit
5ef6ed52a4
|
@ -73,6 +73,9 @@ sc_pkcs15_derive_key(sc_context_t *ctx,
|
||||||
u8 *iv = NULL, key[64];
|
u8 *iv = NULL, key[64];
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
|
if (!ctx || ! der_alg || !enc_alg)
|
||||||
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
|
|
||||||
/* XXX: We might also encounter PBES2 here */
|
/* XXX: We might also encounter PBES2 here */
|
||||||
if (der_alg->algorithm != SC_ALGORITHM_PBKDF2) {
|
if (der_alg->algorithm != SC_ALGORITHM_PBKDF2) {
|
||||||
sc_error(ctx, "Unsupported key derivation algorithm.\n");
|
sc_error(ctx, "Unsupported key derivation algorithm.\n");
|
||||||
|
@ -92,9 +95,18 @@ sc_pkcs15_derive_key(sc_context_t *ctx,
|
||||||
sc_error(ctx, "Unsupported key encryption algorithm.\n");
|
sc_error(ctx, "Unsupported key encryption algorithm.\n");
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!iv) {
|
||||||
|
sc_error(ctx, "Unsupported key encryption parameters.\n");
|
||||||
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
|
}
|
||||||
key_len = EVP_CIPHER_key_length(cipher);
|
key_len = EVP_CIPHER_key_length(cipher);
|
||||||
|
|
||||||
info = (struct sc_pbkdf2_params *) der_alg->params;
|
info = (struct sc_pbkdf2_params *) der_alg->params;
|
||||||
|
if (!info) {
|
||||||
|
sc_error(ctx, "Key parameters missing.\n");
|
||||||
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
|
}
|
||||||
if (info->key_length && info->key_length != key_len) {
|
if (info->key_length && info->key_length != key_len) {
|
||||||
sc_error(ctx, "Incompatible key length.\n");
|
sc_error(ctx, "Incompatible key length.\n");
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
|
|
Loading…
Reference in New Issue