CVSROOT: /cvs Module name: src Changes by: js...@cvs.openbsd.org 2022/09/04 09:45:26
Modified files:
lib/libcrypto/evp: e_bf.c e_cast.c e_des.c e_des3.c e_idea.c
e_rc2.c
Log message:
Add bounds checks for various EVP cipher implementations.
The EVP cipher API uses size_t, however a number of the underlying
implementations use long in their API. This means that an input with
size > LONG_MAX will go negative.
Found by Coverity, hiding under a large pile of macros.
ok tb@
