CVSROOT: /cvs Module name: src Changes by: js...@cvs.openbsd.org 2022/09/04 09:45:26
Modified files: lib/libcrypto/evp: e_bf.c e_cast.c e_des.c e_des3.c e_idea.c e_rc2.c Log message: Add bounds checks for various EVP cipher implementations. The EVP cipher API uses size_t, however a number of the underlying implementations use long in their API. This means that an input with size > LONG_MAX will go negative. Found by Coverity, hiding under a large pile of macros. ok tb@