From 4096055d9cd6edcc7dcc68642cda6f83563aa77a Mon Sep 17 00:00:00 2001 From: tedu <> Date: Wed, 4 May 2016 14:53:29 +0000 Subject: revert the big change from yesterday to prepare for smaller commits. --- src/lib/libcrypto/asn1/a_d2i_fp.c | 51 ++++++---------------- src/lib/libcrypto/asn1/a_type.c | 4 +- src/lib/libcrypto/asn1/tasn_dec.c | 4 +- src/lib/libcrypto/asn1/tasn_enc.c | 4 +- src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c | 5 +-- src/lib/libcrypto/evp/encode.c | 13 ++---- src/lib/libcrypto/evp/evp_enc.c | 4 +- src/lib/libssl/src/crypto/asn1/a_d2i_fp.c | 51 ++++++---------------- src/lib/libssl/src/crypto/asn1/a_type.c | 4 +- src/lib/libssl/src/crypto/asn1/tasn_dec.c | 4 +- src/lib/libssl/src/crypto/asn1/tasn_enc.c | 4 +- .../libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c | 5 +-- src/lib/libssl/src/crypto/evp/encode.c | 13 ++---- src/lib/libssl/src/crypto/evp/evp_enc.c | 4 +- 14 files changed, 60 insertions(+), 110 deletions(-) (limited to 'src') diff --git a/src/lib/libcrypto/asn1/a_d2i_fp.c b/src/lib/libcrypto/asn1/a_d2i_fp.c index d12890ec15..d85be56568 100644 --- a/src/lib/libcrypto/asn1/a_d2i_fp.c +++ b/src/lib/libcrypto/asn1/a_d2i_fp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_d2i_fp.c,v 1.12 2016/05/03 12:38:53 tedu Exp $ */ +/* $OpenBSD: a_d2i_fp.c,v 1.13 2016/05/04 14:53:29 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -144,7 +144,6 @@ ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) } #define HEADER_SIZE 8 -#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024) static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) { @@ -168,22 +167,18 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) if (want >= (len - off)) { want -= (len - off); - if (len + want < len || - !BUF_MEM_grow_clean(b, len + want)) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, - ERR_R_MALLOC_FAILURE); + if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); goto err; } i = BIO_read(in, &(b->data[len]), want); if ((i < 0) && ((len - off) == 0)) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, - ASN1_R_NOT_ENOUGH_DATA); + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA); goto err; } if (i > 0) { if (len + i < len) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, - ASN1_R_TOO_LONG); + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); goto err; } len += i; @@ -211,8 +206,7 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) /* no data body so go round again */ eos++; if (eos < 0) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, - ASN1_R_HEADER_TOO_LONG); + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG); goto err; } want = HEADER_SIZE; @@ -227,45 +221,28 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) /* suck in c.slen bytes of data */ want = c.slen; if (want > (len - off)) { - size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE; - want -= (len - off); if (want > INT_MAX /* BIO_read takes an int length */ || len+want < len) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, - ASN1_R_TOO_LONG); + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); goto err; } - /* - * Read content in chunks of increasing size - * so we can return an error for EOF without - * having to allocate the entire content length - * in one go. - */ - size_t chunk = want > chunk_max ? chunk_max : want; - - if (!BUF_MEM_grow_clean(b, len + chunk)) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, - ERR_R_MALLOC_FAILURE); + if (!BUF_MEM_grow_clean(b, len + want)) { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); goto err; } - want -= chunk; - while (chunk > 0) { - i = BIO_read(in, &(b->data[len]), chunk); + while (want > 0) { + i = BIO_read(in, &(b->data[len]), want); if (i <= 0) { ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA); goto err; } - /* - * This can't overflow because |len+want| - * didn't overflow. - */ + /* This can't overflow because + * |len+want| didn't overflow. */ len += i; - chunk -= i; + want -= i; } - if (chunk_max < INT_MAX/2) - chunk_max *= 2; } if (off + c.slen < off) { ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); diff --git a/src/lib/libcrypto/asn1/a_type.c b/src/lib/libcrypto/asn1/a_type.c index 24f8756e73..e105a0673e 100644 --- a/src/lib/libcrypto/asn1/a_type.c +++ b/src/lib/libcrypto/asn1/a_type.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_type.c,v 1.17 2016/05/03 12:38:53 tedu Exp $ */ +/* $OpenBSD: a_type.c,v 1.18 2016/05/04 14:53:29 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -127,7 +127,9 @@ ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b) break; case V_ASN1_INTEGER: + case V_ASN1_NEG_INTEGER: case V_ASN1_ENUMERATED: + case V_ASN1_NEG_ENUMERATED: case V_ASN1_BIT_STRING: case V_ASN1_OCTET_STRING: case V_ASN1_SEQUENCE: diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c index 55809babb8..e7f908fd0f 100644 --- a/src/lib/libcrypto/asn1/tasn_dec.c +++ b/src/lib/libcrypto/asn1/tasn_dec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_dec.c,v 1.30 2016/05/03 12:38:53 tedu Exp $ */ +/* $OpenBSD: tasn_dec.c,v 1.31 2016/05/04 14:53:29 tedu Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -861,7 +861,9 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, break; case V_ASN1_INTEGER: + case V_ASN1_NEG_INTEGER: case V_ASN1_ENUMERATED: + case V_ASN1_NEG_ENUMERATED: tint = (ASN1_INTEGER **)pval; if (!c2i_ASN1_INTEGER(tint, &cont, len)) goto err; diff --git a/src/lib/libcrypto/asn1/tasn_enc.c b/src/lib/libcrypto/asn1/tasn_enc.c index f4b8b300ca..03db0b0fbd 100644 --- a/src/lib/libcrypto/asn1/tasn_enc.c +++ b/src/lib/libcrypto/asn1/tasn_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_enc.c,v 1.18 2016/05/03 12:38:53 tedu Exp $ */ +/* $OpenBSD: tasn_enc.c,v 1.19 2016/05/04 14:53:29 tedu Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -603,7 +603,9 @@ asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, break; case V_ASN1_INTEGER: + case V_ASN1_NEG_INTEGER: case V_ASN1_ENUMERATED: + case V_ASN1_NEG_ENUMERATED: /* These are all have the same content format * as ASN1_INTEGER */ diff --git a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c index 8d33896e1c..42aa20701b 100644 --- a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c +++ b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.10 2016/05/03 12:38:53 tedu Exp $ */ +/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.11 2016/05/04 14:53:29 tedu Exp $ */ /* ==================================================================== * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. * @@ -60,7 +60,6 @@ #include #include #include "evp_locl.h" -#include "constant_time_locl.h" #ifndef EVP_CIPH_FLAG_AEAD_CIPHER #define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 @@ -283,8 +282,6 @@ aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); maxpad &= 255; - ret &= constant_time_ge(maxpad, pad); - inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1))); diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c index e4104173d4..637870cef6 100644 --- a/src/lib/libcrypto/evp/encode.c +++ b/src/lib/libcrypto/evp/encode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: encode.c,v 1.22 2016/05/03 14:05:41 bcook Exp $ */ +/* $OpenBSD: encode.c,v 1.23 2016/05/04 14:53:29 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -125,13 +125,13 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { int i, j; - size_t total = 0; + unsigned int total = 0; *outl = 0; if (inl == 0) return; OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); - if (ctx->length - ctx->num > inl) { + if ((ctx->num + inl) < ctx->length) { memcpy(&(ctx->enc_data[ctx->num]), in, inl); ctx->num += inl; return; @@ -148,7 +148,7 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, *out = '\0'; total = j + 1; } - while (inl >= ctx->length && total <= INT_MAX) { + while (inl >= ctx->length) { j = EVP_EncodeBlock(out, in, ctx->length); in += ctx->length; inl -= ctx->length; @@ -157,11 +157,6 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, *out = '\0'; total += j + 1; } - if (total > INT_MAX) { - /* Too much output data! */ - *outl = 0; - return; - } if (inl != 0) memcpy(&(ctx->enc_data[0]), in, inl); ctx->num = inl; diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index 30941ed83d..a4e369f622 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_enc.c,v 1.28 2016/05/03 12:38:53 tedu Exp $ */ +/* $OpenBSD: evp_enc.c,v 1.29 2016/05/04 14:53:29 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -334,7 +334,7 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return 0; } if (i != 0) { - if (bl - i > inl) { + if (i + inl < bl) { memcpy(&(ctx->buf[i]), in, inl); ctx->buf_len += inl; *outl = 0; diff --git a/src/lib/libssl/src/crypto/asn1/a_d2i_fp.c b/src/lib/libssl/src/crypto/asn1/a_d2i_fp.c index d12890ec15..d85be56568 100644 --- a/src/lib/libssl/src/crypto/asn1/a_d2i_fp.c +++ b/src/lib/libssl/src/crypto/asn1/a_d2i_fp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_d2i_fp.c,v 1.12 2016/05/03 12:38:53 tedu Exp $ */ +/* $OpenBSD: a_d2i_fp.c,v 1.13 2016/05/04 14:53:29 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -144,7 +144,6 @@ ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) } #define HEADER_SIZE 8 -#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024) static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) { @@ -168,22 +167,18 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) if (want >= (len - off)) { want -= (len - off); - if (len + want < len || - !BUF_MEM_grow_clean(b, len + want)) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, - ERR_R_MALLOC_FAILURE); + if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); goto err; } i = BIO_read(in, &(b->data[len]), want); if ((i < 0) && ((len - off) == 0)) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, - ASN1_R_NOT_ENOUGH_DATA); + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA); goto err; } if (i > 0) { if (len + i < len) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, - ASN1_R_TOO_LONG); + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); goto err; } len += i; @@ -211,8 +206,7 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) /* no data body so go round again */ eos++; if (eos < 0) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, - ASN1_R_HEADER_TOO_LONG); + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG); goto err; } want = HEADER_SIZE; @@ -227,45 +221,28 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) /* suck in c.slen bytes of data */ want = c.slen; if (want > (len - off)) { - size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE; - want -= (len - off); if (want > INT_MAX /* BIO_read takes an int length */ || len+want < len) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, - ASN1_R_TOO_LONG); + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); goto err; } - /* - * Read content in chunks of increasing size - * so we can return an error for EOF without - * having to allocate the entire content length - * in one go. - */ - size_t chunk = want > chunk_max ? chunk_max : want; - - if (!BUF_MEM_grow_clean(b, len + chunk)) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, - ERR_R_MALLOC_FAILURE); + if (!BUF_MEM_grow_clean(b, len + want)) { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); goto err; } - want -= chunk; - while (chunk > 0) { - i = BIO_read(in, &(b->data[len]), chunk); + while (want > 0) { + i = BIO_read(in, &(b->data[len]), want); if (i <= 0) { ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA); goto err; } - /* - * This can't overflow because |len+want| - * didn't overflow. - */ + /* This can't overflow because + * |len+want| didn't overflow. */ len += i; - chunk -= i; + want -= i; } - if (chunk_max < INT_MAX/2) - chunk_max *= 2; } if (off + c.slen < off) { ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); diff --git a/src/lib/libssl/src/crypto/asn1/a_type.c b/src/lib/libssl/src/crypto/asn1/a_type.c index 24f8756e73..e105a0673e 100644 --- a/src/lib/libssl/src/crypto/asn1/a_type.c +++ b/src/lib/libssl/src/crypto/asn1/a_type.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_type.c,v 1.17 2016/05/03 12:38:53 tedu Exp $ */ +/* $OpenBSD: a_type.c,v 1.18 2016/05/04 14:53:29 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -127,7 +127,9 @@ ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b) break; case V_ASN1_INTEGER: + case V_ASN1_NEG_INTEGER: case V_ASN1_ENUMERATED: + case V_ASN1_NEG_ENUMERATED: case V_ASN1_BIT_STRING: case V_ASN1_OCTET_STRING: case V_ASN1_SEQUENCE: diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c index 55809babb8..e7f908fd0f 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_dec.c,v 1.30 2016/05/03 12:38:53 tedu Exp $ */ +/* $OpenBSD: tasn_dec.c,v 1.31 2016/05/04 14:53:29 tedu Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -861,7 +861,9 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, break; case V_ASN1_INTEGER: + case V_ASN1_NEG_INTEGER: case V_ASN1_ENUMERATED: + case V_ASN1_NEG_ENUMERATED: tint = (ASN1_INTEGER **)pval; if (!c2i_ASN1_INTEGER(tint, &cont, len)) goto err; diff --git a/src/lib/libssl/src/crypto/asn1/tasn_enc.c b/src/lib/libssl/src/crypto/asn1/tasn_enc.c index f4b8b300ca..03db0b0fbd 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_enc.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_enc.c,v 1.18 2016/05/03 12:38:53 tedu Exp $ */ +/* $OpenBSD: tasn_enc.c,v 1.19 2016/05/04 14:53:29 tedu Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -603,7 +603,9 @@ asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, break; case V_ASN1_INTEGER: + case V_ASN1_NEG_INTEGER: case V_ASN1_ENUMERATED: + case V_ASN1_NEG_ENUMERATED: /* These are all have the same content format * as ASN1_INTEGER */ diff --git a/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c b/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c index 8d33896e1c..42aa20701b 100644 --- a/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.10 2016/05/03 12:38:53 tedu Exp $ */ +/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.11 2016/05/04 14:53:29 tedu Exp $ */ /* ==================================================================== * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. * @@ -60,7 +60,6 @@ #include #include #include "evp_locl.h" -#include "constant_time_locl.h" #ifndef EVP_CIPH_FLAG_AEAD_CIPHER #define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 @@ -283,8 +282,6 @@ aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); maxpad &= 255; - ret &= constant_time_ge(maxpad, pad); - inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1))); diff --git a/src/lib/libssl/src/crypto/evp/encode.c b/src/lib/libssl/src/crypto/evp/encode.c index e4104173d4..637870cef6 100644 --- a/src/lib/libssl/src/crypto/evp/encode.c +++ b/src/lib/libssl/src/crypto/evp/encode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: encode.c,v 1.22 2016/05/03 14:05:41 bcook Exp $ */ +/* $OpenBSD: encode.c,v 1.23 2016/05/04 14:53:29 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -125,13 +125,13 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { int i, j; - size_t total = 0; + unsigned int total = 0; *outl = 0; if (inl == 0) return; OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); - if (ctx->length - ctx->num > inl) { + if ((ctx->num + inl) < ctx->length) { memcpy(&(ctx->enc_data[ctx->num]), in, inl); ctx->num += inl; return; @@ -148,7 +148,7 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, *out = '\0'; total = j + 1; } - while (inl >= ctx->length && total <= INT_MAX) { + while (inl >= ctx->length) { j = EVP_EncodeBlock(out, in, ctx->length); in += ctx->length; inl -= ctx->length; @@ -157,11 +157,6 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, *out = '\0'; total += j + 1; } - if (total > INT_MAX) { - /* Too much output data! */ - *outl = 0; - return; - } if (inl != 0) memcpy(&(ctx->enc_data[0]), in, inl); ctx->num = inl; diff --git a/src/lib/libssl/src/crypto/evp/evp_enc.c b/src/lib/libssl/src/crypto/evp/evp_enc.c index 30941ed83d..a4e369f622 100644 --- a/src/lib/libssl/src/crypto/evp/evp_enc.c +++ b/src/lib/libssl/src/crypto/evp/evp_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_enc.c,v 1.28 2016/05/03 12:38:53 tedu Exp $ */ +/* $OpenBSD: evp_enc.c,v 1.29 2016/05/04 14:53:29 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -334,7 +334,7 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return 0; } if (i != 0) { - if (bl - i > inl) { + if (i + inl < bl) { memcpy(&(ctx->buf[i]), in, inl); ctx->buf_len += inl; *outl = 0; -- cgit v1.2.3-55-g6feb