1674, 2010, 2022, 2476, 2532, 2542, 2560, 2882: bio_buf_st->length is size_t from OpenSSL >= 1.0.0 (ifdef check added)
3737, 3829: double check that BIO_get_mem_data can't be negative (error) - it can't be negative in these cases
4453, 4513, 4580, 4641: double check EVP_PKEY_size can't be negative (error) - it will never happen
php_x509_request->priv_key_bits overflow check
672: can ASN1_STRING can length be negative in this case? It shouldn't be but the check does not harm
BIO_new_mem_buf - Z_STRSIZE_PP is casted to int (possible data loss) -> added check Z_STRSIZE_PP(val) > INT_MAX
1428: ASN1_STRING_set(spki->spkac->challenge, challenge, (int)challenge_len); -> INT_MAX check
2113: X509_STORE_CTX_set_purpose(csc, (int)purpose); -> constant (no check required)
2981: ASN1_INTEGER_set(X509_get_serialNumber(new_cert), (long) serial); -> LONG_MAX check
2997: X509_gmtime_adj(X509_get_notAfter(new_cert), (long)606024*(long)num_days); -> (LONG_MAX / (606024* + 1)) check
3665, 3727: PEM_write_bio_PrivateKey(bio_out, key, cipher, passphrase, (int) passphrase_len, NULL, NULL) -> INT_MAX check
3970: PKCS5_PBKDF2_HMAC(password, (int) password_len, salt, (int) salt_len, iterations, digest, (int) key_length, out_buffer) -> overlow checks
PKCS7 flags -> constant
padding for public and private crypt -> constant
4459: RSA_private_encrypt((int) data_len, data, cryptedbuf, pkey->pkey.rsa, (int) padding) -> INT_MAX check for data_len
4519: RSA_private_decrypt((int) data_len, data, crypttemp, pkey->pkey.rsa, (int) padding) -> INT_MAX check for data_len
4586: RSA_public_encrypt((int)data_len, (unsigned char *)data, cryptedbuf, pkey->pkey.rsa, (int)padding) -> INT_MAX check for data_len
4647: RSA_public_decrypt((int) data_len, data, crypttemp, pkey->pkey.rsa, (int) padding) -> INT_MAX check for data_len
4753: EVP_SignUpdate(&md_ctx, data, data_len) -> add data_len check for OpenSSL < 0.9.8 (unsigned int)
4827: EVP_VerifyUpdate(&md_ctx, data, data_len) -> add data_len check for OpenSSL < 0.9.8 (unsigned int)
4828: EVP_VerifyFinal (&md_ctx, (unsigned char *)signature, (unsigned int)signature_len, pkey) -> add uint check for signature_len
4919: EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, (int)data_len) -> INT_MAX check for data_len
4937: add_next_index_stringl(ekeys, erealloc(eks[i], eksl[i] + 1), (zend_str_size_uint)eksl[i], 0); -> eksl[i] is always positive, otherwise EVP_SealInit fails
5022: EVP_OpenInit(&ctx, cipher, (unsigned char *)ekey, (int)ekey_len, NULL, pkey) -> INT_MAX check for ekey_len
5022: EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, (int)data_len) -> INT_MAX check for data_len
5244: return (int) Z_STRSIZE_PP(val); -> val lenth is alway smaller than INT_MAX (Z_STRSIZE_PP(val) < num - 1 -> num is int)
5444: EVP_DigestUpdate(&md_ctx, (unsigned char *)data, (int)data_len) -> add data_len check for OpenSSL < 0.9.8 (unsigned int)
5552,5656: EVP_CIPHER_CTX_set_key_length(&cipher_ctx, (int)password_len) -> INT_MAX check for password_len
5559: EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, (int)data_len) -> INT_MAX check for password_len
5662: EVP_DecryptUpdate(&cipher_ctx, outbuf, &i, (unsigned char *)data, (int)data_len) -> INT_MAX check for password_len
5739: BN_bin2bn((unsigned char*)pub_str, (int)pub_len, NULL) -> INT_MAX check for pub_len
5796: RAND_pseudo_bytes(buffer, (int)buffer_length) -> INT_MAX check for buffer_length
md5.h:26: PHPAPI void make_digest_ex(char *md5str, const unsigned char *digest, int len); - len is int???
- openssl.c:1707: make_digest_ex(*out, md, (int) n); // n is zend_str_size_int
- openssl.c:5329: make_digest_ex(digest_str, sigbuf, (int)siglen); // siglen is zend_str_size_int