Replace assert() and OPENSSL_assert() calls with proper error return paths.

Careful review, feedback & ok doug@ jsing@
author: miod <> 2015-02-10 09:52:35 +0000
committer: miod <> 2015-02-10 09:52:35 +0000
commit: d2f68f95d95ff1ca4370b66eb67e8add10d9d079 (patch)
tree: 58f7f299c05557099d7278079e061aed0f4a9f23 /src/lib/libcrypto/evp/evp_key.c
parent: 9c8f4b278d0fe6c5ae67ecea60905c57ccf4c4e1 (diff)
download: openbsd-d2f68f95d95ff1ca4370b66eb67e8add10d9d079.tar.gz
openbsd-d2f68f95d95ff1ca4370b66eb67e8add10d9d079.tar.bz2
openbsd-d2f68f95d95ff1ca4370b66eb67e8add10d9d079.zip
1 files changed, 12 insertions, 3 deletions
diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c
index 1493ca9103..4718ab6175 100644
--- a/src/lib/libcrypto/evp/evp_key.c
+++ b/src/lib/libcrypto/evp/evp_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_key.c,v 1.20 2014/08/06 04:28:21 guenther Exp $ */
+/* $OpenBSD: evp_key.c,v 1.21 2015/02/10 09:52:35 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include <string.h>
+#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/ui.h>
@@ -129,10 +130,18 @@ EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
        int niv, nkey, addmd = 0;
        unsigned int mds = 0, i;
        int rv = 0;
        nkey = type->key_len;
        niv = type->iv_len;
-        OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
-        OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
+        if ((size_t)nkey > EVP_MAX_KEY_LENGTH) {
+                EVPerr(EVP_F_EVP_BYTESTOKEY, EVP_R_BAD_KEY_LENGTH);
+                return 0;
+        }
+        if ((size_t)niv > EVP_MAX_IV_LENGTH) {
+                EVPerr(EVP_F_EVP_BYTESTOKEY, EVP_R_IV_TOO_LARGE);
+                return 0;
+        }
        if (data == NULL)
                return (nkey);
author	miod <>	2015-02-10 09:52:35 +0000
committer	miod <>	2015-02-10 09:52:35 +0000
commit	d2f68f95d95ff1ca4370b66eb67e8add10d9d079 (patch)
tree	58f7f299c05557099d7278079e061aed0f4a9f23 /src/lib/libcrypto/evp/evp_key.c
parent	9c8f4b278d0fe6c5ae67ecea60905c57ccf4c4e1 (diff)
download	openbsd-d2f68f95d95ff1ca4370b66eb67e8add10d9d079.tar.gz openbsd-d2f68f95d95ff1ca4370b66eb67e8add10d9d079.tar.bz2 openbsd-d2f68f95d95ff1ca4370b66eb67e8add10d9d079.zip

diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c index 1493ca9103..4718ab6175 100644 --- a/src/lib/libcrypto/evp/evp_key.c +++ b/src/lib/libcrypto/evp/evp_key.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp_key.c,v 1.20 2014/08/06 04:28:21 guenther Exp $ */	1	/* $OpenBSD: evp_key.c,v 1.21 2015/02/10 09:52:35 miod Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -59,6 +59,7 @@
59	#include <stdio.h>	59	#include <stdio.h>
60	#include <string.h>	60	#include <string.h>
61		61
		62	#include <openssl/err.h>
62	#include <openssl/evp.h>	63	#include <openssl/evp.h>
63	#include <openssl/objects.h>	64	#include <openssl/objects.h>
64	#include <openssl/ui.h>	65	#include <openssl/ui.h>
@@ -129,10 +130,18 @@ EVP_BytesToKey(const EVP_CIPHER type, const EVP_MD md,
129	int niv, nkey, addmd = 0;	130	int niv, nkey, addmd = 0;
130	unsigned int mds = 0, i;	131	unsigned int mds = 0, i;
131	int rv = 0;	132	int rv = 0;
		133
132	nkey = type->key_len;	134	nkey = type->key_len;
133	niv = type->iv_len;	135	niv = type->iv_len;
134	OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);	136
135	OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);	137	if ((size_t)nkey > EVP_MAX_KEY_LENGTH) {
		138	EVPerr(EVP_F_EVP_BYTESTOKEY, EVP_R_BAD_KEY_LENGTH);
		139	return 0;
		140	}
		141	if ((size_t)niv > EVP_MAX_IV_LENGTH) {
		142	EVPerr(EVP_F_EVP_BYTESTOKEY, EVP_R_IV_TOO_LARGE);
		143	return 0;
		144	}
136		145
137	if (data == NULL)	146	if (data == NULL)
138	return (nkey);	147	return (nkey);