diff options
| author | Matt Caswell <matt@openssl.org> | 2017-06-21 15:55:56 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-08-21 08:44:44 +0100 |
| commit | e40ada04f45927eccf166adb067ee0ec795cefd4 (patch) | |
| tree | 75f3345076a65e2b169624de46420dfd546ab942 | |
| parent | 7d248ee0aed6bf364b96fd100835b15ccfede309 (diff) | |
| download | openssl-e40ada04f45927eccf166adb067ee0ec795cefd4.tar.gz | |
Remove OPENSSL_assert() from crypto/pem
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)
| -rw-r--r-- | crypto/pem/pem_info.c | 13 | ||||
| -rw-r--r-- | crypto/pem/pem_lib.c | 13 |
2 files changed, 16 insertions, 10 deletions
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index dd493c8509..017dd0fe58 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -256,7 +256,13 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, if (enc != NULL) { objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc)); - if (objstr == NULL) { + if (objstr == NULL + /* + * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n" + * fits into buf + */ + || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13) + > sizeof(buf)) { PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER); goto err; } @@ -291,10 +297,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, goto err; } - /* create the right magic header stuff */ - OPENSSL_assert(strlen(objstr) + 23 - + 2 * EVP_CIPHER_iv_length(enc) + 13 <= - sizeof buf); + /* Create the right magic header stuff */ buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc), diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 76e0698558..309545b04d 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -324,7 +324,14 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, if (enc != NULL) { objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc)); - if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) { + if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0 + || EVP_CIPHER_iv_length(enc) > (int)sizeof(iv) + /* + * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n" + * fits into buf + */ + || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13) + > sizeof(buf)) { PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER); goto err; } @@ -361,7 +368,6 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, #endif kstr = (unsigned char *)buf; } - OPENSSL_assert(EVP_CIPHER_iv_length(enc) <= (int)sizeof(iv)); if (RAND_bytes(iv, EVP_CIPHER_iv_length(enc)) <= 0) /* Generate a salt */ goto err; /* @@ -374,9 +380,6 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf, PEM_BUFSIZE); - OPENSSL_assert(strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13 - <= sizeof buf); - buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc), (char *)iv); |