Merge pull request #4540 from mrezai/openssl-1.0.2h

Update OpenSSL to 1.0.2h

2 files changed, 8 insertions, 1 deletions

diff --git a/drivers/builtin_openssl2/crypto/pem/pem_lib.c b/drivers/builtin_openssl2/crypto/pem/pem_lib.c
index a29821aab2..fe881d6641 100644
--- a/drivers/builtin_openssl2/crypto/pem/pem_lib.c
+++ b/drivers/builtin_openssl2/crypto/pem/pem_lib.c
@@ -348,7 +348,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
 
     if (enc != NULL) {
         objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
-        if (objstr == NULL) {
+        if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
             PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
             goto err;
         }
diff --git a/drivers/builtin_openssl2/crypto/pem/pvkfmt.c b/drivers/builtin_openssl2/crypto/pem/pvkfmt.c
index 82d45273ed..61864468f6 100644
--- a/drivers/builtin_openssl2/crypto/pem/pvkfmt.c
+++ b/drivers/builtin_openssl2/crypto/pem/pvkfmt.c
@@ -131,6 +131,10 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
 # define MS_PVKMAGIC             0xb0b5f11eL
 /* Salt length for PVK files */
 # define PVK_SALTLEN             0x10
+/* Maximum length in PVK header */
+# define PVK_MAX_KEYLEN          102400
+/* Maximum salt length */
+# define PVK_MAX_SALTLEN         10240
 
 static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
                          unsigned int bitlen, int ispub);
@@ -644,6 +648,9 @@ static int do_PVK_header(const unsigned char **in, unsigned int length,
     *psaltlen = read_ledword(&p);
     *pkeylen = read_ledword(&p);
 
+    if (*pkeylen > PVK_MAX_KEYLEN || *psaltlen > PVK_MAX_SALTLEN)
+        return 0;
+
     if (is_encrypted && !*psaltlen) {
         PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
         return 0;