Avoid assert() in the library.
authorBodo Möller <bodo@openssl.org>
Sun, 8 Apr 2001 13:47:51 +0000 (13:47 +0000)
committerBodo Möller <bodo@openssl.org>
Sun, 8 Apr 2001 13:47:51 +0000 (13:47 +0000)
ssl/s3_enc.c
ssl/ssl.h
ssl/ssl_err.c
ssl/ssl_lib.c

index 2112602..b27e956 100644 (file)
@@ -57,7 +57,6 @@
  */
 
 #include <stdio.h>
-#include <assert.h>
 #include <openssl/md5.h>
 #include <openssl/sha.h>
 #include <openssl/evp.h>
@@ -82,7 +81,7 @@ static unsigned char ssl3_pad_2[48]={
 static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
        const char *sender, int len, unsigned char *p);
 
-static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
+static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
        {
        MD5_CTX m5;
        SHA_CTX s1;
@@ -97,9 +96,13 @@ static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
        for (i=0; i<num; i+=MD5_DIGEST_LENGTH)
                {
                k++;
-               /* If this assert is triggered, it means buf needs to be
-                  resized.  This should never be triggered in a release. */
-               assert(k <= sizeof(buf));
+               if (k > sizeof buf)
+                       {
+                       /* bug: 'buf' is too small for this ciphersuite */
+                       SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
+                       return 0;
+                       }
+               
                for (j=0; j<k; j++)
                        buf[j]=c;
                c++;
@@ -126,6 +129,7 @@ static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
                km+=MD5_DIGEST_LENGTH;
                }
        memset(smd,0,SHA_DIGEST_LENGTH);
+       return 1;
        }
 
 int ssl3_change_cipher_state(SSL *s, int which)
@@ -310,9 +314,8 @@ int ssl3_setup_key_block(SSL *s)
        s->s3->tmp.key_block_length=num;
        s->s3->tmp.key_block=p;
 
-       ssl3_generate_key_block(s,p,num);
+       return ssl3_generate_key_block(s,p,num);
 
-       return(1);
 err:
        SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
        return(0);
index 457e7ef..e2e80dc 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1295,6 +1295,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_CTRL                                         213
 #define SSL_F_SSL3_CTX_CTRL                             133
 #define SSL_F_SSL3_ENC                                  134
+#define SSL_F_SSL3_GENERATE_KEY_BLOCK                   238
 #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST              135
 #define SSL_F_SSL3_GET_CERT_VERIFY                      136
 #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE               137
index 183b21e..481481b 100644 (file)
@@ -106,6 +106,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL3_CTRL,0),        "SSL3_CTRL"},
 {ERR_PACK(0,SSL_F_SSL3_CTX_CTRL,0),    "SSL3_CTX_CTRL"},
 {ERR_PACK(0,SSL_F_SSL3_ENC,0), "SSL3_ENC"},
+{ERR_PACK(0,SSL_F_SSL3_GENERATE_KEY_BLOCK,0),  "SSL3_GENERATE_KEY_BLOCK"},
 {ERR_PACK(0,SSL_F_SSL3_GET_CERTIFICATE_REQUEST,0),     "SSL3_GET_CERTIFICATE_REQUEST"},
 {ERR_PACK(0,SSL_F_SSL3_GET_CERT_VERIFY,0),     "SSL3_GET_CERT_VERIFY"},
 {ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_CERTIFICATE,0),      "SSL3_GET_CLIENT_CERTIFICATE"},
index f8207fa..c1a545a 100644 (file)
@@ -59,7 +59,9 @@
  */
 
 
-#include <assert.h>
+#ifdef REF_CHECK
+#  include <assert.h>
+#endif
 #include <stdio.h>
 #include <openssl/objects.h>
 #include <openssl/lhash.h>