summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pem
diff options
context:
space:
mode:
authormiod <>2015-02-10 09:52:35 +0000
committermiod <>2015-02-10 09:52:35 +0000
commitd2f68f95d95ff1ca4370b66eb67e8add10d9d079 (patch)
tree58f7f299c05557099d7278079e061aed0f4a9f23 /src/lib/libcrypto/pem
parent9c8f4b278d0fe6c5ae67ecea60905c57ccf4c4e1 (diff)
downloadopenbsd-d2f68f95d95ff1ca4370b66eb67e8add10d9d079.tar.gz
openbsd-d2f68f95d95ff1ca4370b66eb67e8add10d9d079.tar.bz2
openbsd-d2f68f95d95ff1ca4370b66eb67e8add10d9d079.zip
Replace assert() and OPENSSL_assert() calls with proper error return paths.
Careful review, feedback & ok doug@ jsing@
Diffstat (limited to 'src/lib/libcrypto/pem')
-rw-r--r--src/lib/libcrypto/pem/pem_info.c10
-rw-r--r--src/lib/libcrypto/pem/pem_lib.c14
2 files changed, 17 insertions, 7 deletions
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
index 9ddcb56596..6fe72ce742 100644
--- a/src/lib/libcrypto/pem/pem_info.c
+++ b/src/lib/libcrypto/pem/pem_info.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pem_info.c,v 1.19 2014/07/11 08:44:49 jsing Exp $ */ 1/* $OpenBSD: pem_info.c,v 1.20 2015/02/10 09:52:35 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -361,8 +361,12 @@ PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
361 } 361 }
362 362
363 /* create the right magic header stuff */ 363 /* create the right magic header stuff */
364 OPENSSL_assert(strlen(objstr) + 23 + 364 if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 >
365 2 * enc->iv_len + 13 <= sizeof buf); 365 sizeof buf) {
366 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
367 ASN1_R_BUFFER_TOO_SMALL);
368 goto err;
369 }
366 buf[0] = '\0'; 370 buf[0] = '\0';
367 PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); 371 PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
368 PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv); 372 PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index 1ebae53e74..e3629762f9 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pem_lib.c,v 1.35 2014/10/22 13:02:04 jsing Exp $ */ 1/* $OpenBSD: pem_lib.c,v 1.36 2015/02/10 09:52:35 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -389,7 +389,10 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
389 } 389 }
390 kstr = (unsigned char *)buf; 390 kstr = (unsigned char *)buf;
391 } 391 }
392 OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); 392 if ((size_t)enc->iv_len > sizeof(iv)) {
393 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, EVP_R_IV_TOO_LARGE);
394 goto err;
395 }
393 arc4random_buf(iv, enc->iv_len); /* Generate a salt */ 396 arc4random_buf(iv, enc->iv_len); /* Generate a salt */
394 /* The 'iv' is used as the iv and as a salt. It is 397 /* The 'iv' is used as the iv and as a salt. It is
395 * NOT taken from the BytesToKey function */ 398 * NOT taken from the BytesToKey function */
@@ -400,8 +403,11 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
400 if (kstr == (unsigned char *)buf) 403 if (kstr == (unsigned char *)buf)
401 OPENSSL_cleanse(buf, PEM_BUFSIZE); 404 OPENSSL_cleanse(buf, PEM_BUFSIZE);
402 405
403 OPENSSL_assert(strlen(objstr) + 23 + 406 if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 > sizeof buf) {
404 2 * enc->iv_len + 13 <= sizeof buf); 407 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,
408 ASN1_R_BUFFER_TOO_SMALL);
409 goto err;
410 }
405 411
406 buf[0] = '\0'; 412 buf[0] = '\0';
407 PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); 413 PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);