summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pem/pem_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/pem/pem_lib.c')
-rw-r--r--src/lib/libcrypto/pem/pem_lib.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index 1ebae53e74..e3629762f9 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pem_lib.c,v 1.35 2014/10/22 13:02:04 jsing Exp $ */ 1/* $OpenBSD: pem_lib.c,v 1.36 2015/02/10 09:52:35 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -389,7 +389,10 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
389 } 389 }
390 kstr = (unsigned char *)buf; 390 kstr = (unsigned char *)buf;
391 } 391 }
392 OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); 392 if ((size_t)enc->iv_len > sizeof(iv)) {
393 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, EVP_R_IV_TOO_LARGE);
394 goto err;
395 }
393 arc4random_buf(iv, enc->iv_len); /* Generate a salt */ 396 arc4random_buf(iv, enc->iv_len); /* Generate a salt */
394 /* The 'iv' is used as the iv and as a salt. It is 397 /* The 'iv' is used as the iv and as a salt. It is
395 * NOT taken from the BytesToKey function */ 398 * NOT taken from the BytesToKey function */
@@ -400,8 +403,11 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
400 if (kstr == (unsigned char *)buf) 403 if (kstr == (unsigned char *)buf)
401 OPENSSL_cleanse(buf, PEM_BUFSIZE); 404 OPENSSL_cleanse(buf, PEM_BUFSIZE);
402 405
403 OPENSSL_assert(strlen(objstr) + 23 + 406 if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 > sizeof buf) {
404 2 * enc->iv_len + 13 <= sizeof buf); 407 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,
408 ASN1_R_BUFFER_TOO_SMALL);
409 goto err;
410 }
405 411
406 buf[0] = '\0'; 412 buf[0] = '\0';
407 PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); 413 PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);