--- a/components/openssl/openssl-1.0.1-fips-140/engines/pkcs11/e_pk11.c Mon Jan 27 09:25:05 2014 -0800
+++ b/components/openssl/openssl-1.0.1-fips-140/engines/pkcs11/e_pk11.c Mon Jan 27 15:13:46 2014 -0800
@@ -3027,8 +3027,10 @@
pk11_choose_pubkey_slot(mech_info, token_info, current_slot,
rv, best_number_of_mechs, best_pubkey_slot_sofar);
- pk11_choose_cipher_digest(&local_cipher_nids,
- &local_digest_nids, pFuncList, current_slot);
+ (void) memset(local_cipher_nids, 0, sizeof (local_cipher_nids));
+ (void) memset(local_digest_nids, 0, sizeof (local_digest_nids));
+ pk11_choose_cipher_digest(local_cipher_nids,
+ local_digest_nids, pFuncList, current_slot);
}
if (best_number_of_mechs == 0)
@@ -3179,9 +3181,6 @@
DEBUG_SLOT_SEL("%s: checking cipher/digest\n", PK11_DBG);
- (void) memset(local_cipher_nids, 0, sizeof (local_cipher_nids));
- (void) memset(local_digest_nids, 0, sizeof (local_digest_nids));
-
pk11_find_symmetric_ciphers(pFuncList, current_slot,
¤t_slot_n_cipher, local_cipher_nids);
@@ -3206,10 +3205,12 @@
SLOTID = current_slot;
cipher_count = current_slot_n_cipher;
digest_count = current_slot_n_digest;
+ OPENSSL_assert(cipher_count <= PK11_CIPHER_MAX);
+ OPENSSL_assert(digest_count <= PK11_DIGEST_MAX);
(void) memcpy(cipher_nids, local_cipher_nids,
- sizeof (local_cipher_nids));
+ sizeof (int) * cipher_count);
(void) memcpy(digest_nids, local_digest_nids,
- sizeof (local_digest_nids));
+ sizeof (int) * digest_count);
}
}
@@ -3221,6 +3222,8 @@
static CK_RV rv;
static CK_MECHANISM_TYPE last_checked_mech = (CK_MECHANISM_TYPE)-1;
+ OPENSSL_assert(cipher->mech_type != (CK_MECHANISM_TYPE)-1);
+
DEBUG_SLOT_SEL("%s: checking mech: %x", PK11_DBG, cipher->mech_type);
if (cipher->mech_type != last_checked_mech)
{