From 0eab41fb78cf4d7c76e563fd677ab6c32fc28bb0 Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Mon, 29 Dec 2008 16:11:58 +0000 Subject: If we're going to return errors (no matter how stupid), then we should test for them! --- crypto/pkcs12/p12_key.c | 5 +++++ crypto/pkcs12/p12_mutl.c | 8 ++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) (limited to 'crypto/pkcs12') diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c index 9e57eee4a4..b72cf1638b 100644 --- a/crypto/pkcs12/p12_key.c +++ b/crypto/pkcs12/p12_key.c @@ -81,6 +81,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, int ret; unsigned char *unipass; int uniplen; + if(!pass) { unipass = NULL; uniplen = 0; @@ -90,6 +91,8 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, } ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, id, iter, n, out, md_type); + if (ret <= 0) + return 0; if(unipass) { OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */ OPENSSL_free(unipass); @@ -129,6 +132,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, #endif v = EVP_MD_block_size (md_type); u = EVP_MD_size (md_type); + if (u < 0) + return 0; D = OPENSSL_malloc (v); Ai = OPENSSL_malloc (u); B = OPENSSL_malloc (v + 1); diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 70bfef6e5d..9ab740d51f 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -71,6 +71,7 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, HMAC_CTX hmac; unsigned char key[EVP_MAX_MD_SIZE], *salt; int saltlen, iter; + int md_size; if (!PKCS7_type_is_data(p12->authsafes)) { @@ -87,13 +88,16 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); return 0; } + md_size = EVP_MD_size(md_type); + if (md_size < 0) + return 0; if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, - EVP_MD_size(md_type), key, md_type)) { + md_size, key, md_type)) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR); return 0; } HMAC_CTX_init(&hmac); - HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL); + HMAC_Init_ex(&hmac, key, md_size, md_type, NULL); HMAC_Update(&hmac, p12->authsafes->d.data->data, p12->authsafes->d.data->length); HMAC_Final(&hmac, mac, maclen); -- cgit v1.2.3