diff options
Diffstat (limited to 'crypto/evp')
-rw-r--r-- | crypto/evp/bio_b64.c | 1 | ||||
-rw-r--r-- | crypto/evp/digest.c | 2 | ||||
-rw-r--r-- | crypto/evp/e_rc2.c | 1 | ||||
-rw-r--r-- | crypto/evp/e_rc4.c | 5 | ||||
-rw-r--r-- | crypto/evp/encode.c | 2 | ||||
-rw-r--r-- | crypto/evp/evp_enc.c | 14 | ||||
-rw-r--r-- | crypto/evp/evp_key.c | 2 | ||||
-rw-r--r-- | crypto/evp/evp_lib.c | 2 | ||||
-rw-r--r-- | crypto/evp/evp_pbe.c | 2 | ||||
-rw-r--r-- | crypto/evp/p5_crpt.c | 2 | ||||
-rw-r--r-- | crypto/evp/p5_crpt2.c | 1 |
11 files changed, 24 insertions, 10 deletions
diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c index f12eac1b55..6e550f6a43 100644 --- a/crypto/evp/bio_b64.c +++ b/crypto/evp/bio_b64.c @@ -165,6 +165,7 @@ static int b64_read(BIO *b, char *out, int outl) { i=ctx->buf_len-ctx->buf_off; if (i > outl) i=outl; + OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf); memcpy(out,&(ctx->buf[ctx->buf_off]),i); ret=i; out+=i; diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index a969ac69ed..9d18728d30 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -219,6 +219,8 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { int ret; + + OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret=ctx->digest->final(ctx,md); if (size != NULL) *size=ctx->digest->md_size; diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index 4685198e2e..d42cbfd17e 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -174,6 +174,7 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { l=EVP_CIPHER_CTX_iv_length(c); + OPENSSL_assert(l <= sizeof iv); i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); if (i != l) return(-1); diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c index 4064cc5fa0..d58f507837 100644 --- a/crypto/evp/e_rc4.c +++ b/crypto/evp/e_rc4.c @@ -69,8 +69,6 @@ typedef struct { - /* FIXME: what is the key for? */ - unsigned char key[EVP_RC4_KEY_SIZE]; RC4_KEY ks; /* working key */ } EVP_RC4_KEY; @@ -121,9 +119,8 @@ const EVP_CIPHER *EVP_rc4_40(void) static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - memcpy(&data(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx)); RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), - data(ctx)->key); + key); return 1; } diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index 12c6379df1..08209357ce 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -136,6 +136,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, *outl=0; if (inl == 0) return; + OPENSSL_assert(ctx->length <= sizeof ctx->enc_data); if ((ctx->num+inl) < ctx->length) { memcpy(&(ctx->enc_data[ctx->num]),in,inl); @@ -258,6 +259,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, /* only save the good data :-) */ if (!B64_NOT_BASE64(v)) { + OPENSSL_assert(n < sizeof ctx->enc_data); d[n++]=tmp; ln++; } diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 32a1c7a2e9..39a66f189f 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -63,8 +63,6 @@ #include <openssl/engine.h> #include "evp_locl.h" -#include <assert.h> - const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT; void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) @@ -163,9 +161,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp } skip_to_init: /* we assume block size is a power of 2 in *cryptUpdate */ - assert(ctx->cipher->block_size == 1 - || ctx->cipher->block_size == 8 - || ctx->cipher->block_size == 16); + OPENSSL_assert(ctx->cipher->block_size == 1 + || ctx->cipher->block_size == 8 + || ctx->cipher->block_size == 16); if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { switch(EVP_CIPHER_CTX_mode(ctx)) { @@ -181,6 +179,7 @@ skip_to_init: case EVP_CIPH_CBC_MODE: + OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv); if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); break; @@ -251,6 +250,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, { int i,j,bl; + OPENSSL_assert(inl > 0); if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) { if(ctx->cipher->do_cipher(ctx,out,in,inl)) @@ -266,6 +266,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } i=ctx->buf_len; bl=ctx->cipher->block_size; + OPENSSL_assert(bl <= sizeof ctx->buf); if (i != 0) { if (i+inl < bl) @@ -314,6 +315,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int i,n,b,bl,ret; b=ctx->cipher->block_size; + OPENSSL_assert(b <= sizeof ctx->buf); if (b == 1) { *outl=0; @@ -358,6 +360,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return EVP_EncryptUpdate(ctx, out, outl, in, inl); b=ctx->cipher->block_size; + OPENSSL_assert(b <= sizeof ctx->final); if(ctx->final_used) { @@ -420,6 +423,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); return(0); } + OPENSSL_assert(b <= sizeof ctx->final); n=ctx->final[b-1]; if (n > b) { diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 4271393069..dc103bd1d7 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -118,6 +118,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, nkey=type->key_len; niv=type->iv_len; + OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH); + OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH); if (data == NULL) return(nkey); diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index a431945ef5..52a3b287be 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -90,6 +90,7 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { l=EVP_CIPHER_CTX_iv_length(c); + OPENSSL_assert(l <= sizeof c->iv); i=ASN1_TYPE_get_octetstring(type,c->oiv,l); if (i != l) return(-1); @@ -106,6 +107,7 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { j=EVP_CIPHER_CTX_iv_length(c); + OPENSSL_assert(j <= sizeof c->iv); i=ASN1_TYPE_set_octetstring(type,c->oiv,j); } return(i); diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index bcd4d29f85..0da88fdcff 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -88,7 +88,7 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, char obj_tmp[80]; EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM); if (!pbe_obj) strcpy (obj_tmp, "NULL"); - else i2t_ASN1_OBJECT(obj_tmp, 80, pbe_obj); + else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); ERR_add_error_data(2, "TYPE=", obj_tmp); return 0; } diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index 27a8286489..d15b799281 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -140,7 +140,9 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, EVP_DigestFinal_ex (&ctx, md_tmp, NULL); } EVP_MD_CTX_cleanup(&ctx); + OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp); memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); + OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), EVP_CIPHER_iv_length(cipher)); EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de); diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 7485d6a278..098ce8afa0 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -190,6 +190,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, goto err; } keylen = EVP_CIPHER_CTX_key_length(ctx); + OPENSSL_assert(keylen <= sizeof key); /* Now decode key derivation function */ |