If we're going to return errors (no matter how stupid), then we should

test for them!
author: Ben Laurie <ben@openssl.org> 2008-12-29 16:11:58 +0000
committer: Ben Laurie <ben@openssl.org> 2008-12-29 16:11:58 +0000
commit: 0eab41fb78cf4d7c76e563fd677ab6c32fc28bb0 (patch)
tree: da848c7424ced86fc60823f4948b0fc79e52a381 /crypto/evp/p5_crpt2.c
parent: 8aa02e97a782a4229936d5df6da42db3efe4acd1 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index 70fd48aed0..334379f310 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -87,6 +87,8 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
 	HMAC_CTX hctx;
 
 	mdlen = EVP_MD_size(digest);
+	if (mdlen < 0)
+		return 0;
 
 	HMAC_CTX_init(&hctx);
 	p = out;
@@ -273,8 +275,9 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 	salt = kdf->salt->value.octet_string->data;
 	saltlen = kdf->salt->value.octet_string->length;
 	iter = ASN1_INTEGER_get(kdf->iter);
-	PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
-								keylen, key);
+	if(!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
+						   keylen, key))
+		goto err;
 	EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
 	OPENSSL_cleanse(key, keylen);
 	PBKDF2PARAM_free(kdf);
author	Ben Laurie <ben@openssl.org>	2008-12-29 16:11:58 +0000
committer	Ben Laurie <ben@openssl.org>	2008-12-29 16:11:58 +0000
commit	0eab41fb78cf4d7c76e563fd677ab6c32fc28bb0 (patch)
tree	da848c7424ced86fc60823f4948b0fc79e52a381 /crypto/evp/p5_crpt2.c
parent	8aa02e97a782a4229936d5df6da42db3efe4acd1 (diff)