From d2f68f95d95ff1ca4370b66eb67e8add10d9d079 Mon Sep 17 00:00:00 2001 From: miod <> Date: Tue, 10 Feb 2015 09:52:35 +0000 Subject: Replace assert() and OPENSSL_assert() calls with proper error return paths. Careful review, feedback & ok doug@ jsing@ --- src/lib/libcrypto/asn1/bio_asn1.c | 11 +++--- src/lib/libcrypto/evp/digest.c | 7 +++- src/lib/libcrypto/evp/e_rc2.c | 8 +++- src/lib/libcrypto/evp/evp.h | 9 ++++- src/lib/libcrypto/evp/evp_enc.c | 45 +++++++++++++++------- src/lib/libcrypto/evp/evp_key.c | 15 ++++++-- src/lib/libcrypto/evp/evp_lib.c | 14 +++++-- src/lib/libcrypto/evp/p5_crpt.c | 12 ++++-- src/lib/libcrypto/evp/p5_crpt2.c | 7 +++- src/lib/libcrypto/gost/gostr341001_pmeth.c | 25 +++++++++--- src/lib/libcrypto/hmac/hmac.c | 15 ++++++-- src/lib/libcrypto/pem/pem_info.c | 10 +++-- src/lib/libcrypto/pem/pem_lib.c | 14 +++++-- src/lib/libssl/src/crypto/asn1/bio_asn1.c | 11 +++--- src/lib/libssl/src/crypto/evp/digest.c | 7 +++- src/lib/libssl/src/crypto/evp/e_rc2.c | 8 +++- src/lib/libssl/src/crypto/evp/evp.h | 9 ++++- src/lib/libssl/src/crypto/evp/evp_enc.c | 45 +++++++++++++++------- src/lib/libssl/src/crypto/evp/evp_key.c | 15 ++++++-- src/lib/libssl/src/crypto/evp/evp_lib.c | 14 +++++-- src/lib/libssl/src/crypto/evp/p5_crpt.c | 12 ++++-- src/lib/libssl/src/crypto/evp/p5_crpt2.c | 7 +++- src/lib/libssl/src/crypto/gost/gostr341001_pmeth.c | 25 +++++++++--- src/lib/libssl/src/crypto/hmac/hmac.c | 15 ++++++-- src/lib/libssl/src/crypto/pem/pem_info.c | 10 +++-- src/lib/libssl/src/crypto/pem/pem_lib.c | 14 +++++-- 26 files changed, 282 insertions(+), 102 deletions(-) diff --git a/src/lib/libcrypto/asn1/bio_asn1.c b/src/lib/libcrypto/asn1/bio_asn1.c index 6670ef5c17..219810db82 100644 --- a/src/lib/libcrypto/asn1/bio_asn1.c +++ b/src/lib/libcrypto/asn1/bio_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_asn1.c,v 1.10 2014/07/10 13:58:22 jsing Exp $ */ +/* $OpenBSD: bio_asn1.c,v 1.11 2015/02/10 09:52:35 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -200,7 +200,7 @@ static int asn1_bio_write(BIO *b, const char *in , int inl) { BIO_ASN1_BUF_CTX *ctx; - int wrmax, wrlen, ret; + int wrmax, wrlen, ret, buflen; unsigned char *p; if (!in || (inl < 0) || (b->next_bio == NULL)) @@ -231,9 +231,10 @@ asn1_bio_write(BIO *b, const char *in , int inl) break; case ASN1_STATE_HEADER: - ctx->buflen = - ASN1_object_size(0, inl, ctx->asn1_tag) - inl; - OPENSSL_assert(ctx->buflen <= ctx->bufsize); + buflen = ASN1_object_size(0, inl, ctx->asn1_tag) - inl; + if (buflen <= 0 || buflen > ctx->bufsize) + return -1; + ctx->buflen = buflen; p = ctx->buf; ASN1_put_object(&p, 0, inl, ctx->asn1_tag, ctx->asn1_class); diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c index 4a18aff657..c9fb60d49b 100644 --- a/src/lib/libcrypto/evp/digest.c +++ b/src/lib/libcrypto/evp/digest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: digest.c,v 1.24 2014/11/09 19:12:18 miod Exp $ */ +/* $OpenBSD: digest.c,v 1.25 2015/02/10 09:52:35 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -249,7 +249,10 @@ EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { int ret; - OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); + if ((size_t)ctx->digest->md_size > EVP_MAX_MD_SIZE) { + EVPerr(EVP_F_EVP_DIGESTFINAL_EX, EVP_R_TOO_LARGE); + return 0; + } ret = ctx->digest->final(ctx, md); if (size != NULL) *size = ctx->digest->md_size; diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c index 456a22eeeb..9052195ac2 100644 --- a/src/lib/libcrypto/evp/e_rc2.c +++ b/src/lib/libcrypto/evp/e_rc2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_rc2.c,v 1.10 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: e_rc2.c,v 1.11 2015/02/10 09:52:35 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -187,7 +187,11 @@ rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { l = EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(l <= sizeof(iv)); + if (l > sizeof(iv)) { + EVPerr(EVP_F_RC2_GET_ASN1_TYPE_AND_IV, + EVP_R_IV_TOO_LARGE); + return -1; + } i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l); if (i != (int)l) return (-1); diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index dd4d2245e6..6de762a4ff 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp.h,v 1.42 2015/02/08 22:22:13 miod Exp $ */ +/* $OpenBSD: evp.h,v 1.43 2015/02/10 09:52:35 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1353,13 +1353,19 @@ void ERR_load_EVP_strings(void); #define EVP_F_EVP_AEAD_CTX_INIT 180 #define EVP_F_EVP_AEAD_CTX_OPEN 190 #define EVP_F_EVP_AEAD_CTX_SEAL 191 +#define EVP_F_EVP_BYTESTOKEY 200 #define EVP_F_EVP_CIPHERINIT_EX 123 #define EVP_F_EVP_CIPHER_CTX_COPY 163 #define EVP_F_EVP_CIPHER_CTX_CTRL 124 #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 +#define EVP_F_EVP_CIPHER_GET_ASN1_IV 201 +#define EVP_F_EVP_CIPHER_SET_ASN1_IV 202 #define EVP_F_EVP_DECRYPTFINAL_EX 101 +#define EVP_F_EVP_DECRYPTUPDATE 199 +#define EVP_F_EVP_DIGESTFINAL_EX 196 #define EVP_F_EVP_DIGESTINIT_EX 128 #define EVP_F_EVP_ENCRYPTFINAL_EX 127 +#define EVP_F_EVP_ENCRYPTUPDATE 198 #define EVP_F_EVP_MD_CTX_COPY_EX 110 #define EVP_F_EVP_MD_CTX_CTRL 195 #define EVP_F_EVP_MD_SIZE 162 @@ -1415,6 +1421,7 @@ void ERR_load_EVP_strings(void); #define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 #define EVP_F_PKCS8_SET_BROKEN 112 #define EVP_F_PKEY_SET_TYPE 158 +#define EVP_F_RC2_GET_ASN1_TYPE_AND_IV 197 #define EVP_F_RC2_MAGIC_TO_METH 109 #define EVP_F_RC5_CTRL 125 diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index 49ceacefad..42ccfceec9 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_enc.c,v 1.25 2014/10/22 13:02:04 jsing Exp $ */ +/* $OpenBSD: evp_enc.c,v 1.26 2015/02/10 09:52:35 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -140,10 +140,6 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid); if (!c) { - /* One positive side-effect of US's export - * control history, is that we should at least - * be able to avoid using US mispellings of - * "initialisation"? */ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; @@ -186,9 +182,12 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, skip_to_init: #endif /* we assume block size is a power of 2 in *cryptUpdate */ - OPENSSL_assert(ctx->cipher->block_size == 1 || - ctx->cipher->block_size == 8 || - ctx->cipher->block_size == 16); + if (ctx->cipher->block_size != 1 && + ctx->cipher->block_size != 8 && + ctx->cipher->block_size != 16) { + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_BAD_BLOCK_LENGTH); + return 0; + } if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { switch (EVP_CIPHER_CTX_mode(ctx)) { @@ -205,8 +204,12 @@ skip_to_init: case EVP_CIPH_CBC_MODE: - OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= - (int)sizeof(ctx->iv)); + if ((size_t)EVP_CIPHER_CTX_iv_length(ctx) > + sizeof(ctx->iv)) { + EVPerr(EVP_F_EVP_CIPHERINIT_EX, + EVP_R_IV_TOO_LARGE); + return 0; + } if (iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); @@ -325,7 +328,11 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } i = ctx->buf_len; bl = ctx->cipher->block_size; - OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); + if ((size_t)bl > sizeof(ctx->buf)) { + EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_BAD_BLOCK_LENGTH); + *outl = 0; + return 0; + } if (i != 0) { if (i + inl < bl) { memcpy(&(ctx->buf[i]), in, inl); @@ -383,7 +390,10 @@ EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) } b = ctx->cipher->block_size; - OPENSSL_assert(b <= sizeof ctx->buf); + if (b > sizeof ctx->buf) { + EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_BAD_BLOCK_LENGTH); + return 0; + } if (b == 1) { *outl = 0; return 1; @@ -437,7 +447,10 @@ EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return EVP_EncryptUpdate(ctx, out, outl, in, inl); b = ctx->cipher->block_size; - OPENSSL_assert(b <= sizeof ctx->final); + if (b > sizeof ctx->final) { + EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_BAD_BLOCK_LENGTH); + return 0; + } if (ctx->final_used) { memcpy(out, ctx->final, b); @@ -506,7 +519,11 @@ EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) EVP_R_WRONG_FINAL_BLOCK_LENGTH); return (0); } - OPENSSL_assert(b <= sizeof ctx->final); + if (b > sizeof ctx->final) { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, + EVP_R_BAD_BLOCK_LENGTH); + return 0; + } n = ctx->final[b - 1]; if (n == 0 || n > (int)b) { EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT); diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c index 1493ca9103..4718ab6175 100644 --- a/src/lib/libcrypto/evp/evp_key.c +++ b/src/lib/libcrypto/evp/evp_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_key.c,v 1.20 2014/08/06 04:28:21 guenther Exp $ */ +/* $OpenBSD: evp_key.c,v 1.21 2015/02/10 09:52:35 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,6 +59,7 @@ #include #include +#include #include #include #include @@ -129,10 +130,18 @@ EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, int niv, nkey, addmd = 0; unsigned int mds = 0, i; int rv = 0; + nkey = type->key_len; niv = type->iv_len; - OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH); - OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH); + + if ((size_t)nkey > EVP_MAX_KEY_LENGTH) { + EVPerr(EVP_F_EVP_BYTESTOKEY, EVP_R_BAD_KEY_LENGTH); + return 0; + } + if ((size_t)niv > EVP_MAX_IV_LENGTH) { + EVPerr(EVP_F_EVP_BYTESTOKEY, EVP_R_IV_TOO_LARGE); + return 0; + } if (data == NULL) return (nkey); diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c index 310252d0e8..491c8d6f67 100644 --- a/src/lib/libcrypto/evp/evp_lib.c +++ b/src/lib/libcrypto/evp/evp_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_lib.c,v 1.13 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: evp_lib.c,v 1.14 2015/02/10 09:52:35 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -99,7 +99,11 @@ EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { l = EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(l <= sizeof(c->iv)); + if (l > sizeof(c->iv)) { + EVPerr(EVP_F_EVP_CIPHER_GET_ASN1_IV, + EVP_R_IV_TOO_LARGE); + return 0; + } i = ASN1_TYPE_get_octetstring(type, c->oiv, l); if (i != (int)l) return (-1); @@ -117,7 +121,11 @@ EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { j = EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(j <= sizeof(c->iv)); + if (j > sizeof(c->iv)) { + EVPerr(EVP_F_EVP_CIPHER_SET_ASN1_IV, + EVP_R_IV_TOO_LARGE); + return 0; + } i = ASN1_TYPE_set_octetstring(type, c->oiv, j); } return (i); diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c index 3b1419b545..112a69114c 100644 --- a/src/lib/libcrypto/evp/p5_crpt.c +++ b/src/lib/libcrypto/evp/p5_crpt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_crpt.c,v 1.14 2014/07/13 12:46:44 miod Exp $ */ +/* $OpenBSD: p5_crpt.c,v 1.15 2015/02/10 09:52:35 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -134,9 +134,15 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, if (!EVP_DigestFinal_ex (&ctx, md_tmp, NULL)) goto err; } - OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); + if ((size_t)EVP_CIPHER_key_length(cipher) > sizeof(md_tmp)) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_BAD_KEY_LENGTH); + goto err; + } memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); - OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); + if ((size_t)EVP_CIPHER_iv_length(cipher) > 16) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_IV_TOO_LARGE); + goto err; + } memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), EVP_CIPHER_iv_length(cipher)); if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c index 61eadec804..c9eef8f49a 100644 --- a/src/lib/libcrypto/evp/p5_crpt2.c +++ b/src/lib/libcrypto/evp/p5_crpt2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_crpt2.c,v 1.17 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: p5_crpt2.c,v 1.18 2015/02/10 09:52:35 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -255,7 +255,10 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, goto err; } keylen = EVP_CIPHER_CTX_key_length(ctx); - OPENSSL_assert(keylen <= sizeof key); + if (keylen > sizeof key) { + EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_BAD_KEY_LENGTH); + goto err; + } /* Decode parameter */ diff --git a/src/lib/libcrypto/gost/gostr341001_pmeth.c b/src/lib/libcrypto/gost/gostr341001_pmeth.c index 859c0884d6..c7d4dc10ae 100644 --- a/src/lib/libcrypto/gost/gostr341001_pmeth.c +++ b/src/lib/libcrypto/gost/gostr341001_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gostr341001_pmeth.c,v 1.6 2014/11/13 20:29:55 miod Exp $ */ +/* $OpenBSD: gostr341001_pmeth.c,v 1.7 2015/02/10 09:52:35 miod Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -248,7 +248,10 @@ pkey_gost01_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, GOSTerr(GOST_F_PKEY_GOST01_SIGN, EC_R_BUFFER_TOO_SMALL); return 0; } - OPENSSL_assert(tbs_len == 32 || tbs_len == 64); + if (tbs_len != 32 && tbs_len != 64) { + GOSTerr(GOST_F_PKEY_GOST01_SIGN, EVP_R_BAD_BLOCK_LENGTH); + return 0; + } md = GOST_le2bn(tbs, tbs_len, NULL); if (md == NULL) return 0; @@ -411,11 +414,23 @@ pkey_gost01_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_len, nid = OBJ_obj2nid(gkt->key_agreement_info->cipher); - OPENSSL_assert(gkt->key_agreement_info->eph_iv->length == 8); + if (gkt->key_agreement_info->eph_iv->length != 8) { + GOSTerr(GOST_F_PKEY_GOST01_DECRYPT, + GOST_R_INVALID_IV_LENGTH); + goto err; + } memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8); - OPENSSL_assert(gkt->key_info->encrypted_key->length == 32); + if (gkt->key_info->encrypted_key->length != 32) { + GOSTerr(GOST_F_PKEY_GOST01_DECRYPT, + EVP_R_BAD_KEY_LENGTH); + goto err; + } memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32); - OPENSSL_assert(gkt->key_info->imit->length == 4); + if (gkt->key_info->imit->length != 4) { + GOSTerr(GOST_F_PKEY_GOST01_DECRYPT, + ERR_R_INTERNAL_ERROR); + goto err; + } memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4); if (gost01_VKO_key(peerkey, priv, wrappedKey, sharedKey) <= 0) goto err; diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c index f2e5f149e0..155e32a540 100644 --- a/src/lib/libcrypto/hmac/hmac.c +++ b/src/lib/libcrypto/hmac/hmac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hmac.c,v 1.21 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: hmac.c,v 1.22 2015/02/10 09:52:35 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,6 +60,7 @@ #include #include +#include #include int @@ -78,7 +79,10 @@ HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, if (key != NULL) { reset = 1; j = EVP_MD_block_size(md); - OPENSSL_assert(j <= (int)sizeof(ctx->key)); + if ((size_t)j > sizeof(ctx->key)) { + EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_BAD_BLOCK_LENGTH); + goto err; + } if (j < len) { if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl)) goto err; @@ -88,8 +92,11 @@ HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, &ctx->key_length)) goto err; } else { - OPENSSL_assert(len >= 0 && - len <= (int)sizeof(ctx->key)); + if ((size_t)len > sizeof(ctx->key)) { + EVPerr(EVP_F_HMAC_INIT_EX, + EVP_R_BAD_KEY_LENGTH); + goto err; + } memcpy(ctx->key, key, len); ctx->key_length = len; } diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c index 9ddcb56596..6fe72ce742 100644 --- a/src/lib/libcrypto/pem/pem_info.c +++ b/src/lib/libcrypto/pem/pem_info.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_info.c,v 1.19 2014/07/11 08:44:49 jsing Exp $ */ +/* $OpenBSD: pem_info.c,v 1.20 2015/02/10 09:52:35 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -361,8 +361,12 @@ PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, } /* create the right magic header stuff */ - OPENSSL_assert(strlen(objstr) + 23 + - 2 * enc->iv_len + 13 <= sizeof buf); + if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 > + sizeof buf) { + PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, + ASN1_R_BUFFER_TOO_SMALL); + goto err; + } buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv); diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c index 1ebae53e74..e3629762f9 100644 --- a/src/lib/libcrypto/pem/pem_lib.c +++ b/src/lib/libcrypto/pem/pem_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_lib.c,v 1.35 2014/10/22 13:02:04 jsing Exp $ */ +/* $OpenBSD: pem_lib.c,v 1.36 2015/02/10 09:52:35 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -389,7 +389,10 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, } kstr = (unsigned char *)buf; } - OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); + if ((size_t)enc->iv_len > sizeof(iv)) { + PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, EVP_R_IV_TOO_LARGE); + goto err; + } arc4random_buf(iv, enc->iv_len); /* Generate a salt */ /* The 'iv' is used as the iv and as a salt. It is * NOT taken from the BytesToKey function */ @@ -400,8 +403,11 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf, PEM_BUFSIZE); - OPENSSL_assert(strlen(objstr) + 23 + - 2 * enc->iv_len + 13 <= sizeof buf); + if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 > sizeof buf) { + PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, + ASN1_R_BUFFER_TOO_SMALL); + goto err; + } buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); diff --git a/src/lib/libssl/src/crypto/asn1/bio_asn1.c b/src/lib/libssl/src/crypto/asn1/bio_asn1.c index 6670ef5c17..219810db82 100644 --- a/src/lib/libssl/src/crypto/asn1/bio_asn1.c +++ b/src/lib/libssl/src/crypto/asn1/bio_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_asn1.c,v 1.10 2014/07/10 13:58:22 jsing Exp $ */ +/* $OpenBSD: bio_asn1.c,v 1.11 2015/02/10 09:52:35 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -200,7 +200,7 @@ static int asn1_bio_write(BIO *b, const char *in , int inl) { BIO_ASN1_BUF_CTX *ctx; - int wrmax, wrlen, ret; + int wrmax, wrlen, ret, buflen; unsigned char *p; if (!in || (inl < 0) || (b->next_bio == NULL)) @@ -231,9 +231,10 @@ asn1_bio_write(BIO *b, const char *in , int inl) break; case ASN1_STATE_HEADER: - ctx->buflen = - ASN1_object_size(0, inl, ctx->asn1_tag) - inl; - OPENSSL_assert(ctx->buflen <= ctx->bufsize); + buflen = ASN1_object_size(0, inl, ctx->asn1_tag) - inl; + if (buflen <= 0 || buflen > ctx->bufsize) + return -1; + ctx->buflen = buflen; p = ctx->buf; ASN1_put_object(&p, 0, inl, ctx->asn1_tag, ctx->asn1_class); diff --git a/src/lib/libssl/src/crypto/evp/digest.c b/src/lib/libssl/src/crypto/evp/digest.c index 4a18aff657..c9fb60d49b 100644 --- a/src/lib/libssl/src/crypto/evp/digest.c +++ b/src/lib/libssl/src/crypto/evp/digest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: digest.c,v 1.24 2014/11/09 19:12:18 miod Exp $ */ +/* $OpenBSD: digest.c,v 1.25 2015/02/10 09:52:35 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -249,7 +249,10 @@ EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { int ret; - OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); + if ((size_t)ctx->digest->md_size > EVP_MAX_MD_SIZE) { + EVPerr(EVP_F_EVP_DIGESTFINAL_EX, EVP_R_TOO_LARGE); + return 0; + } ret = ctx->digest->final(ctx, md); if (size != NULL) *size = ctx->digest->md_size; diff --git a/src/lib/libssl/src/crypto/evp/e_rc2.c b/src/lib/libssl/src/crypto/evp/e_rc2.c index 456a22eeeb..9052195ac2 100644 --- a/src/lib/libssl/src/crypto/evp/e_rc2.c +++ b/src/lib/libssl/src/crypto/evp/e_rc2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_rc2.c,v 1.10 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: e_rc2.c,v 1.11 2015/02/10 09:52:35 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -187,7 +187,11 @@ rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { l = EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(l <= sizeof(iv)); + if (l > sizeof(iv)) { + EVPerr(EVP_F_RC2_GET_ASN1_TYPE_AND_IV, + EVP_R_IV_TOO_LARGE); + return -1; + } i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l); if (i != (int)l) return (-1); diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h index dd4d2245e6..6de762a4ff 100644 --- a/src/lib/libssl/src/crypto/evp/evp.h +++ b/src/lib/libssl/src/crypto/evp/evp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp.h,v 1.42 2015/02/08 22:22:13 miod Exp $ */ +/* $OpenBSD: evp.h,v 1.43 2015/02/10 09:52:35 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1353,13 +1353,19 @@ void ERR_load_EVP_strings(void); #define EVP_F_EVP_AEAD_CTX_INIT 180 #define EVP_F_EVP_AEAD_CTX_OPEN 190 #define EVP_F_EVP_AEAD_CTX_SEAL 191 +#define EVP_F_EVP_BYTESTOKEY 200 #define EVP_F_EVP_CIPHERINIT_EX 123 #define EVP_F_EVP_CIPHER_CTX_COPY 163 #define EVP_F_EVP_CIPHER_CTX_CTRL 124 #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 +#define EVP_F_EVP_CIPHER_GET_ASN1_IV 201 +#define EVP_F_EVP_CIPHER_SET_ASN1_IV 202 #define EVP_F_EVP_DECRYPTFINAL_EX 101 +#define EVP_F_EVP_DECRYPTUPDATE 199 +#define EVP_F_EVP_DIGESTFINAL_EX 196 #define EVP_F_EVP_DIGESTINIT_EX 128 #define EVP_F_EVP_ENCRYPTFINAL_EX 127 +#define EVP_F_EVP_ENCRYPTUPDATE 198 #define EVP_F_EVP_MD_CTX_COPY_EX 110 #define EVP_F_EVP_MD_CTX_CTRL 195 #define EVP_F_EVP_MD_SIZE 162 @@ -1415,6 +1421,7 @@ void ERR_load_EVP_strings(void); #define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 #define EVP_F_PKCS8_SET_BROKEN 112 #define EVP_F_PKEY_SET_TYPE 158 +#define EVP_F_RC2_GET_ASN1_TYPE_AND_IV 197 #define EVP_F_RC2_MAGIC_TO_METH 109 #define EVP_F_RC5_CTRL 125 diff --git a/src/lib/libssl/src/crypto/evp/evp_enc.c b/src/lib/libssl/src/crypto/evp/evp_enc.c index 49ceacefad..42ccfceec9 100644 --- a/src/lib/libssl/src/crypto/evp/evp_enc.c +++ b/src/lib/libssl/src/crypto/evp/evp_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_enc.c,v 1.25 2014/10/22 13:02:04 jsing Exp $ */ +/* $OpenBSD: evp_enc.c,v 1.26 2015/02/10 09:52:35 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -140,10 +140,6 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid); if (!c) { - /* One positive side-effect of US's export - * control history, is that we should at least - * be able to avoid using US mispellings of - * "initialisation"? */ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; @@ -186,9 +182,12 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, skip_to_init: #endif /* we assume block size is a power of 2 in *cryptUpdate */ - OPENSSL_assert(ctx->cipher->block_size == 1 || - ctx->cipher->block_size == 8 || - ctx->cipher->block_size == 16); + if (ctx->cipher->block_size != 1 && + ctx->cipher->block_size != 8 && + ctx->cipher->block_size != 16) { + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_BAD_BLOCK_LENGTH); + return 0; + } if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { switch (EVP_CIPHER_CTX_mode(ctx)) { @@ -205,8 +204,12 @@ skip_to_init: case EVP_CIPH_CBC_MODE: - OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= - (int)sizeof(ctx->iv)); + if ((size_t)EVP_CIPHER_CTX_iv_length(ctx) > + sizeof(ctx->iv)) { + EVPerr(EVP_F_EVP_CIPHERINIT_EX, + EVP_R_IV_TOO_LARGE); + return 0; + } if (iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); @@ -325,7 +328,11 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } i = ctx->buf_len; bl = ctx->cipher->block_size; - OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); + if ((size_t)bl > sizeof(ctx->buf)) { + EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_BAD_BLOCK_LENGTH); + *outl = 0; + return 0; + } if (i != 0) { if (i + inl < bl) { memcpy(&(ctx->buf[i]), in, inl); @@ -383,7 +390,10 @@ EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) } b = ctx->cipher->block_size; - OPENSSL_assert(b <= sizeof ctx->buf); + if (b > sizeof ctx->buf) { + EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_BAD_BLOCK_LENGTH); + return 0; + } if (b == 1) { *outl = 0; return 1; @@ -437,7 +447,10 @@ EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return EVP_EncryptUpdate(ctx, out, outl, in, inl); b = ctx->cipher->block_size; - OPENSSL_assert(b <= sizeof ctx->final); + if (b > sizeof ctx->final) { + EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_BAD_BLOCK_LENGTH); + return 0; + } if (ctx->final_used) { memcpy(out, ctx->final, b); @@ -506,7 +519,11 @@ EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) EVP_R_WRONG_FINAL_BLOCK_LENGTH); return (0); } - OPENSSL_assert(b <= sizeof ctx->final); + if (b > sizeof ctx->final) { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, + EVP_R_BAD_BLOCK_LENGTH); + return 0; + } n = ctx->final[b - 1]; if (n == 0 || n > (int)b) { EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT); diff --git a/src/lib/libssl/src/crypto/evp/evp_key.c b/src/lib/libssl/src/crypto/evp/evp_key.c index 1493ca9103..4718ab6175 100644 --- a/src/lib/libssl/src/crypto/evp/evp_key.c +++ b/src/lib/libssl/src/crypto/evp/evp_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_key.c,v 1.20 2014/08/06 04:28:21 guenther Exp $ */ +/* $OpenBSD: evp_key.c,v 1.21 2015/02/10 09:52:35 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,6 +59,7 @@ #include #include +#include #include #include #include @@ -129,10 +130,18 @@ EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, int niv, nkey, addmd = 0; unsigned int mds = 0, i; int rv = 0; + nkey = type->key_len; niv = type->iv_len; - OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH); - OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH); + + if ((size_t)nkey > EVP_MAX_KEY_LENGTH) { + EVPerr(EVP_F_EVP_BYTESTOKEY, EVP_R_BAD_KEY_LENGTH); + return 0; + } + if ((size_t)niv > EVP_MAX_IV_LENGTH) { + EVPerr(EVP_F_EVP_BYTESTOKEY, EVP_R_IV_TOO_LARGE); + return 0; + } if (data == NULL) return (nkey); diff --git a/src/lib/libssl/src/crypto/evp/evp_lib.c b/src/lib/libssl/src/crypto/evp/evp_lib.c index 310252d0e8..491c8d6f67 100644 --- a/src/lib/libssl/src/crypto/evp/evp_lib.c +++ b/src/lib/libssl/src/crypto/evp/evp_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_lib.c,v 1.13 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: evp_lib.c,v 1.14 2015/02/10 09:52:35 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -99,7 +99,11 @@ EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { l = EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(l <= sizeof(c->iv)); + if (l > sizeof(c->iv)) { + EVPerr(EVP_F_EVP_CIPHER_GET_ASN1_IV, + EVP_R_IV_TOO_LARGE); + return 0; + } i = ASN1_TYPE_get_octetstring(type, c->oiv, l); if (i != (int)l) return (-1); @@ -117,7 +121,11 @@ EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { j = EVP_CIPHER_CTX_iv_length(c); - OPENSSL_assert(j <= sizeof(c->iv)); + if (j > sizeof(c->iv)) { + EVPerr(EVP_F_EVP_CIPHER_SET_ASN1_IV, + EVP_R_IV_TOO_LARGE); + return 0; + } i = ASN1_TYPE_set_octetstring(type, c->oiv, j); } return (i); diff --git a/src/lib/libssl/src/crypto/evp/p5_crpt.c b/src/lib/libssl/src/crypto/evp/p5_crpt.c index 3b1419b545..112a69114c 100644 --- a/src/lib/libssl/src/crypto/evp/p5_crpt.c +++ b/src/lib/libssl/src/crypto/evp/p5_crpt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_crpt.c,v 1.14 2014/07/13 12:46:44 miod Exp $ */ +/* $OpenBSD: p5_crpt.c,v 1.15 2015/02/10 09:52:35 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -134,9 +134,15 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, if (!EVP_DigestFinal_ex (&ctx, md_tmp, NULL)) goto err; } - OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); + if ((size_t)EVP_CIPHER_key_length(cipher) > sizeof(md_tmp)) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_BAD_KEY_LENGTH); + goto err; + } memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); - OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); + if ((size_t)EVP_CIPHER_iv_length(cipher) > 16) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_IV_TOO_LARGE); + goto err; + } memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), EVP_CIPHER_iv_length(cipher)); if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) diff --git a/src/lib/libssl/src/crypto/evp/p5_crpt2.c b/src/lib/libssl/src/crypto/evp/p5_crpt2.c index 61eadec804..c9eef8f49a 100644 --- a/src/lib/libssl/src/crypto/evp/p5_crpt2.c +++ b/src/lib/libssl/src/crypto/evp/p5_crpt2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_crpt2.c,v 1.17 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: p5_crpt2.c,v 1.18 2015/02/10 09:52:35 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -255,7 +255,10 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, goto err; } keylen = EVP_CIPHER_CTX_key_length(ctx); - OPENSSL_assert(keylen <= sizeof key); + if (keylen > sizeof key) { + EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_BAD_KEY_LENGTH); + goto err; + } /* Decode parameter */ diff --git a/src/lib/libssl/src/crypto/gost/gostr341001_pmeth.c b/src/lib/libssl/src/crypto/gost/gostr341001_pmeth.c index 859c0884d6..c7d4dc10ae 100644 --- a/src/lib/libssl/src/crypto/gost/gostr341001_pmeth.c +++ b/src/lib/libssl/src/crypto/gost/gostr341001_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gostr341001_pmeth.c,v 1.6 2014/11/13 20:29:55 miod Exp $ */ +/* $OpenBSD: gostr341001_pmeth.c,v 1.7 2015/02/10 09:52:35 miod Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov * Copyright (c) 2005-2006 Cryptocom LTD @@ -248,7 +248,10 @@ pkey_gost01_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, GOSTerr(GOST_F_PKEY_GOST01_SIGN, EC_R_BUFFER_TOO_SMALL); return 0; } - OPENSSL_assert(tbs_len == 32 || tbs_len == 64); + if (tbs_len != 32 && tbs_len != 64) { + GOSTerr(GOST_F_PKEY_GOST01_SIGN, EVP_R_BAD_BLOCK_LENGTH); + return 0; + } md = GOST_le2bn(tbs, tbs_len, NULL); if (md == NULL) return 0; @@ -411,11 +414,23 @@ pkey_gost01_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_len, nid = OBJ_obj2nid(gkt->key_agreement_info->cipher); - OPENSSL_assert(gkt->key_agreement_info->eph_iv->length == 8); + if (gkt->key_agreement_info->eph_iv->length != 8) { + GOSTerr(GOST_F_PKEY_GOST01_DECRYPT, + GOST_R_INVALID_IV_LENGTH); + goto err; + } memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8); - OPENSSL_assert(gkt->key_info->encrypted_key->length == 32); + if (gkt->key_info->encrypted_key->length != 32) { + GOSTerr(GOST_F_PKEY_GOST01_DECRYPT, + EVP_R_BAD_KEY_LENGTH); + goto err; + } memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32); - OPENSSL_assert(gkt->key_info->imit->length == 4); + if (gkt->key_info->imit->length != 4) { + GOSTerr(GOST_F_PKEY_GOST01_DECRYPT, + ERR_R_INTERNAL_ERROR); + goto err; + } memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4); if (gost01_VKO_key(peerkey, priv, wrappedKey, sharedKey) <= 0) goto err; diff --git a/src/lib/libssl/src/crypto/hmac/hmac.c b/src/lib/libssl/src/crypto/hmac/hmac.c index f2e5f149e0..155e32a540 100644 --- a/src/lib/libssl/src/crypto/hmac/hmac.c +++ b/src/lib/libssl/src/crypto/hmac/hmac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hmac.c,v 1.21 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: hmac.c,v 1.22 2015/02/10 09:52:35 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,6 +60,7 @@ #include #include +#include #include int @@ -78,7 +79,10 @@ HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, if (key != NULL) { reset = 1; j = EVP_MD_block_size(md); - OPENSSL_assert(j <= (int)sizeof(ctx->key)); + if ((size_t)j > sizeof(ctx->key)) { + EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_BAD_BLOCK_LENGTH); + goto err; + } if (j < len) { if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl)) goto err; @@ -88,8 +92,11 @@ HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, &ctx->key_length)) goto err; } else { - OPENSSL_assert(len >= 0 && - len <= (int)sizeof(ctx->key)); + if ((size_t)len > sizeof(ctx->key)) { + EVPerr(EVP_F_HMAC_INIT_EX, + EVP_R_BAD_KEY_LENGTH); + goto err; + } memcpy(ctx->key, key, len); ctx->key_length = len; } diff --git a/src/lib/libssl/src/crypto/pem/pem_info.c b/src/lib/libssl/src/crypto/pem/pem_info.c index 9ddcb56596..6fe72ce742 100644 --- a/src/lib/libssl/src/crypto/pem/pem_info.c +++ b/src/lib/libssl/src/crypto/pem/pem_info.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_info.c,v 1.19 2014/07/11 08:44:49 jsing Exp $ */ +/* $OpenBSD: pem_info.c,v 1.20 2015/02/10 09:52:35 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -361,8 +361,12 @@ PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, } /* create the right magic header stuff */ - OPENSSL_assert(strlen(objstr) + 23 + - 2 * enc->iv_len + 13 <= sizeof buf); + if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 > + sizeof buf) { + PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, + ASN1_R_BUFFER_TOO_SMALL); + goto err; + } buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv); diff --git a/src/lib/libssl/src/crypto/pem/pem_lib.c b/src/lib/libssl/src/crypto/pem/pem_lib.c index 1ebae53e74..e3629762f9 100644 --- a/src/lib/libssl/src/crypto/pem/pem_lib.c +++ b/src/lib/libssl/src/crypto/pem/pem_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_lib.c,v 1.35 2014/10/22 13:02:04 jsing Exp $ */ +/* $OpenBSD: pem_lib.c,v 1.36 2015/02/10 09:52:35 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -389,7 +389,10 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, } kstr = (unsigned char *)buf; } - OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); + if ((size_t)enc->iv_len > sizeof(iv)) { + PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, EVP_R_IV_TOO_LARGE); + goto err; + } arc4random_buf(iv, enc->iv_len); /* Generate a salt */ /* The 'iv' is used as the iv and as a salt. It is * NOT taken from the BytesToKey function */ @@ -400,8 +403,11 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf, PEM_BUFSIZE); - OPENSSL_assert(strlen(objstr) + 23 + - 2 * enc->iv_len + 13 <= sizeof buf); + if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 > sizeof buf) { + PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, + ASN1_R_BUFFER_TOO_SMALL); + goto err; + } buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); -- cgit v1.2.3-55-g6feb