diff options
| author | Bodo Möller <bodo@openssl.org> | 2001-04-08 13:47:51 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2001-04-08 13:47:51 +0000 |
| commit | 027e257b1da1289b64587dc5bde598920feaee8c (patch) | |
| tree | 25558a6be84503e1464d31400c4af038f3e7901f | |
| parent | 93f117003ecf151b58ed8fd1c5f709d5e37a7c14 (diff) | |
| download | openssl-new-027e257b1da1289b64587dc5bde598920feaee8c.tar.gz | |
Avoid assert() in the library.
| -rw-r--r-- | ssl/s3_enc.c | 17 | ||||
| -rw-r--r-- | ssl/ssl.h | 1 | ||||
| -rw-r--r-- | ssl/ssl_err.c | 1 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 4 |
4 files changed, 15 insertions, 8 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 2112602dc8..b27e9562b9 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -57,7 +57,6 @@ */ #include <stdio.h> -#include <assert.h> #include <openssl/md5.h> #include <openssl/sha.h> #include <openssl/evp.h> @@ -82,7 +81,7 @@ static unsigned char ssl3_pad_2[48]={ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, const char *sender, int len, unsigned char *p); -static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num) +static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) { MD5_CTX m5; SHA_CTX s1; @@ -97,9 +96,13 @@ static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num) for (i=0; i<num; i+=MD5_DIGEST_LENGTH) { k++; - /* If this assert is triggered, it means buf needs to be - resized. This should never be triggered in a release. */ - assert(k <= sizeof(buf)); + if (k > sizeof buf) + { + /* bug: 'buf' is too small for this ciphersuite */ + SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); + return 0; + } + for (j=0; j<k; j++) buf[j]=c; c++; @@ -126,6 +129,7 @@ static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num) km+=MD5_DIGEST_LENGTH; } memset(smd,0,SHA_DIGEST_LENGTH); + return 1; } int ssl3_change_cipher_state(SSL *s, int which) @@ -310,9 +314,8 @@ int ssl3_setup_key_block(SSL *s) s->s3->tmp.key_block_length=num; s->s3->tmp.key_block=p; - ssl3_generate_key_block(s,p,num); + return ssl3_generate_key_block(s,p,num); - return(1); err: SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); return(0); @@ -1295,6 +1295,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL3_CTRL 213 #define SSL_F_SSL3_CTX_CTRL 133 #define SSL_F_SSL3_ENC 134 +#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 #define SSL_F_SSL3_GET_CERT_VERIFY 136 #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 183b21e0ba..481481b666 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -106,6 +106,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_PACK(0,SSL_F_SSL3_CTRL,0), "SSL3_CTRL"}, {ERR_PACK(0,SSL_F_SSL3_CTX_CTRL,0), "SSL3_CTX_CTRL"}, {ERR_PACK(0,SSL_F_SSL3_ENC,0), "SSL3_ENC"}, +{ERR_PACK(0,SSL_F_SSL3_GENERATE_KEY_BLOCK,0), "SSL3_GENERATE_KEY_BLOCK"}, {ERR_PACK(0,SSL_F_SSL3_GET_CERTIFICATE_REQUEST,0), "SSL3_GET_CERTIFICATE_REQUEST"}, {ERR_PACK(0,SSL_F_SSL3_GET_CERT_VERIFY,0), "SSL3_GET_CERT_VERIFY"}, {ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_CERTIFICATE,0), "SSL3_GET_CLIENT_CERTIFICATE"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index f8207fa423..c1a545a5ff 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -59,7 +59,9 @@ */ -#include <assert.h> +#ifdef REF_CHECK +# include <assert.h> +#endif #include <stdio.h> #include <openssl/objects.h> #include <openssl/lhash.h> |