OSSL_LIB_CTX *libctx)
{
X509_ALGOR *scheme = NULL, *ret = NULL;
- int alg_nid, keylen;
+ int alg_nid, keylen, ivlen;
EVP_CIPHER_CTX *ctx = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
PBE2PARAM *pbe2 = NULL;
goto merr;
/* Create random IV */
- if (EVP_CIPHER_iv_length(cipher)) {
+ ivlen = EVP_CIPHER_iv_length(cipher);
+ if (ivlen > 0) {
if (aiv)
- memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
- else if (RAND_bytes_ex(libctx, iv, EVP_CIPHER_iv_length(cipher),
- 0) <= 0)
+ memcpy(iv, aiv, ivlen);
+ else if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0)
goto err;
}
*/
if ((salt = OPENSSL_malloc(slen)) == NULL)
goto err;
- if (RAND_bytes_ex(libctx, salt, (int)slen, 0) <= 0) {
+ if (RAND_bytes_ex(libctx, salt, slen, 0) <= 0) {
ERR_raise(ERR_LIB_CRMF, CRMF_R_FAILURE_OBTAINING_RANDOM);
goto err;
}
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
{ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_GENERATOR), "invalid generator"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_GROUP_ORDER), "invalid group order"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_KEY), "invalid key"},
+ {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_LENGTH), "invalid length"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_NAMED_GROUP_CONVERSION),
"invalid named group conversion"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_OUTPUT_LENGTH),
}
if (r == NULL || kinv == NULL) {
+ if (len < 0) {
+ ERR_raise(ERR_LIB_EC, EC_R_INVALID_LENGTH);
+ goto ret;
+ }
/*
* Generate random k and copy to param param block. RAND_priv_bytes_ex
* is used instead of BN_priv_rand_range or BN_generate_dsa_nonce
* internally implementing counter-measures for RNG weakness.
*/
if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len),
- len, 0) != 1) {
+ (size_t)len, 0) != 1) {
ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED);
goto ret;
}
EC_R_INVALID_GENERATOR:173:invalid generator
EC_R_INVALID_GROUP_ORDER:122:invalid group order
EC_R_INVALID_KEY:116:invalid key
+EC_R_INVALID_LENGTH:117:invalid length
EC_R_INVALID_NAMED_GROUP_CONVERSION:174:invalid named group conversion
EC_R_INVALID_OUTPUT_LENGTH:161:invalid output length
EC_R_INVALID_P:172:invalid p
RSA_R_INVALID_KEYPAIR:171:invalid keypair
RSA_R_INVALID_KEY_LENGTH:173:invalid key length
RSA_R_INVALID_LABEL:160:invalid label
+RSA_R_INVALID_LENGTH:181:invalid length
RSA_R_INVALID_MESSAGE_LENGTH:131:invalid message length
RSA_R_INVALID_MGF1_MD:156:invalid mgf1 md
RSA_R_INVALID_MODULUS:174:invalid modulus
/* A.1.1.2 Step (5) : generate seed with size seed_len */
if (generate_seed
- && RAND_bytes_ex(libctx, seed, (int)seedlen, 0) < 0)
+ && RAND_bytes_ex(libctx, seed, seedlen, 0) < 0)
goto err;
/*
* A.1.1.2 Step (6) AND
if (!BN_GENCB_call(cb, 0, m++))
goto err;
- if (generate_seed && RAND_bytes_ex(libctx, seed, (int)qsize, 0) <= 0)
+ if (generate_seed && RAND_bytes_ex(libctx, seed, qsize, 0) <= 0)
goto err;
memcpy(buf, seed, qsize);
}
p12->mac->salt->length = saltlen;
if (!salt) {
+ if (saltlen < 0)
+ return 0;
if (RAND_bytes_ex(p12->authsafes->ctx.libctx, p12->mac->salt->data,
- saltlen, 0) <= 0)
+ (size_t)saltlen, 0) <= 0)
return 0;
} else
memcpy(p12->mac->salt->data, salt, saltlen);
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_KEYPAIR), "invalid keypair"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_KEY_LENGTH), "invalid key length"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_LABEL), "invalid label"},
+ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_LENGTH), "invalid length"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MESSAGE_LENGTH),
"invalid message length"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MGF1_MD), "invalid mgf1 md"},
mgf1md = md;
mdlen = EVP_MD_size(md);
+ if (mdlen <= 0) {
+ ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH);
+ return 0;
+ }
/* step 2b: check KLen > nLen - 2 HLen - 2 */
if (flen > emlen - 2 * mdlen - 1) {
if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
return 0;
+ } else if (flen < 0) {
+ ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH);
+ return 0;
}
p = (unsigned char *)to;