Remove last internal use of ASN1_STRING_data()

PKCS5_pbe_set0_algor() is no longer public, but its parameters are
provided directly via public API, namely the wonderful PKCS8_encrypt()
and PKCS12_pack_p7encdata().

Muppetry abounds. To wit:

If saltlen < 0, the call to ASN1_STRING_set(pbe->salt, NULL, saltlen)
would error. Let's do that up front in a more obvious way. We don't
care about side-effects to pbe->salt since we free it on error anyway.

If saltlen == 0, we default it to PKCS5_PBE1_SALT_LEN. This is
particularly funky in case the caller passed in salt != NULL, in
which case we can only hope and pray this buffer is long enough.

If the caller passed a salt, copy it to pbe->salt via ASN1_STRING_set().

If there's no salt, allocate a buffer of the appropriate length, fill it
with random and transfer ownership to pbe->salt via ASN1_STRING_set0().
There's a change of behavior in that this will not be NUL-terminated
(why should it be?). If we wanted to preserve behavior, we'd just use
calloc(1, saltlen + 1) instead of the malloc().

The exit path is quite special, too, but I didn't want to change this
right now.

tweaks/ok kenjiro

0 files changed, 0 insertions, 0 deletions