diff options
| author | tedu <> | 2016-05-03 12:38:53 +0000 |
|---|---|---|
| committer | tedu <> | 2016-05-03 12:38:53 +0000 |
| commit | d137168706e1e6c7bf062b7023d10b2efa857a92 (patch) | |
| tree | b82aa12b453d40dd8f8ba316bad714a4590f3c18 /src/lib/libcrypto/evp/encode.c | |
| parent | 47a689581163ba7f141a964239fe8ba672ff4737 (diff) | |
| download | openbsd-d137168706e1e6c7bf062b7023d10b2efa857a92.tar.gz openbsd-d137168706e1e6c7bf062b7023d10b2efa857a92.tar.bz2 openbsd-d137168706e1e6c7bf062b7023d10b2efa857a92.zip | |
patch from openssl for multiple issues:
missing padding check in aesni functions
overflow in evp encode functions
use of invalid negative asn.1 types
ok beck
Diffstat (limited to 'src/lib/libcrypto/evp/encode.c')
| -rw-r--r-- | src/lib/libcrypto/evp/encode.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c index 725667bfff..0dd87eb1a9 100644 --- a/src/lib/libcrypto/evp/encode.c +++ b/src/lib/libcrypto/evp/encode.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: encode.c,v 1.20 2015/02/07 13:19:15 doug Exp $ */ | 1 | /* $OpenBSD: encode.c,v 1.21 2016/05/03 12:38:53 tedu Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -56,6 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <sys/limits.h> | ||
| 59 | #include <stdio.h> | 60 | #include <stdio.h> |
| 60 | #include <string.h> | 61 | #include <string.h> |
| 61 | 62 | ||
| @@ -124,13 +125,13 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, | |||
| 124 | const unsigned char *in, int inl) | 125 | const unsigned char *in, int inl) |
| 125 | { | 126 | { |
| 126 | int i, j; | 127 | int i, j; |
| 127 | unsigned int total = 0; | 128 | size_t total = 0; |
| 128 | 129 | ||
| 129 | *outl = 0; | 130 | *outl = 0; |
| 130 | if (inl == 0) | 131 | if (inl == 0) |
| 131 | return; | 132 | return; |
| 132 | OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); | 133 | OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); |
| 133 | if ((ctx->num + inl) < ctx->length) { | 134 | if (ctx->length - ctx->num > inl) { |
| 134 | memcpy(&(ctx->enc_data[ctx->num]), in, inl); | 135 | memcpy(&(ctx->enc_data[ctx->num]), in, inl); |
| 135 | ctx->num += inl; | 136 | ctx->num += inl; |
| 136 | return; | 137 | return; |
| @@ -147,7 +148,7 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, | |||
| 147 | *out = '\0'; | 148 | *out = '\0'; |
| 148 | total = j + 1; | 149 | total = j + 1; |
| 149 | } | 150 | } |
| 150 | while (inl >= ctx->length) { | 151 | while (inl >= ctx->length && total <= INT_MAX) { |
| 151 | j = EVP_EncodeBlock(out, in, ctx->length); | 152 | j = EVP_EncodeBlock(out, in, ctx->length); |
| 152 | in += ctx->length; | 153 | in += ctx->length; |
| 153 | inl -= ctx->length; | 154 | inl -= ctx->length; |
| @@ -156,6 +157,11 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, | |||
| 156 | *out = '\0'; | 157 | *out = '\0'; |
| 157 | total += j + 1; | 158 | total += j + 1; |
| 158 | } | 159 | } |
| 160 | if (total > INT_MAX) { | ||
| 161 | /* Too much output data! */ | ||
| 162 | *outl = 0; | ||
| 163 | return; | ||
| 164 | } | ||
| 159 | if (inl != 0) | 165 | if (inl != 0) |
| 160 | memcpy(&(ctx->enc_data[0]), in, inl); | 166 | memcpy(&(ctx->enc_data[0]), in, inl); |
| 161 | ctx->num = inl; | 167 | ctx->num = inl; |