diff options
Diffstat (limited to 'crypto/pem')
-rw-r--r-- | crypto/pem/pem.h | 8 | ||||
-rw-r--r-- | crypto/pem/pem_info.c | 1 | ||||
-rw-r--r-- | crypto/pem/pem_lib.c | 8 |
3 files changed, 12 insertions, 5 deletions
diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index fb196562fa..5be8d6a957 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -155,7 +155,7 @@ typedef struct pem_recip_st int cipher; int key_enc; - char iv[8]; + /* char iv[8]; unused and wrong size */ } PEM_USER; typedef struct pem_ctx_st @@ -171,7 +171,8 @@ typedef struct pem_ctx_st struct { int cipher; - unsigned char iv[8]; + /* unused, and wrong size + unsigned char iv[8]; */ } DEK_info; PEM_USER *originator; @@ -193,7 +194,8 @@ typedef struct pem_ctx_st EVP_CIPHER *dec; /* date encryption cipher */ int key_len; /* key length */ unsigned char *key; /* key */ - unsigned char iv[8]; /* the iv */ + /* unused, and wrong size + unsigned char iv[8]; */ int data_enc; /* is the data encrypted */ diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index 328afd2e95..5412408584 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -348,6 +348,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, } /* create the right magic header stuff */ + OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); buf[0]='\0'; PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index bfc43e90af..fbc94d6a80 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -138,7 +138,7 @@ void PEM_proc_type(char *buf, int type) void PEM_dek_info(char *buf, const char *type, int len, char *str) { - static unsigned char map[17]="0123456789ABCDEF"; + static const unsigned char map[17]="0123456789ABCDEF"; long i; int j; @@ -306,6 +306,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, goto err; } /* dzise + 8 bytes are needed */ + // actually it needs the cipher block size extra... data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20); if (data == NULL) { @@ -335,6 +336,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, kstr=(unsigned char *)buf; } RAND_add(data,i,0);/* put in the RSA key. */ + OPENSSL_assert(enc->iv_len <= sizeof iv); if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ goto err; /* The 'iv' is used as the iv and as a salt. It is @@ -343,6 +345,8 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE); + OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); + buf[0]='\0'; PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); @@ -693,7 +697,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, if (strncmp(buf,"-----END ",9) == 0) break; if (i > 65) break; - if (!BUF_MEM_grow(dataB,i+bl+9)) + if (!BUF_MEM_grow_clean(dataB,i+bl+9)) { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; |