1.18 would introduce a possible out-of-bounds access in the error path;

Coverity CID 105346
ok doug@

2 files changed, 10 insertions, 14 deletions

diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
index 6fc88a0437..afafb9551f 100644
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p5_crpt2.c,v 1.19 2015/02/14 15:45:21 miod Exp $ */
+/* $OpenBSD: p5_crpt2.c,v 1.20 2015/02/14 15:49:51 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -236,19 +236,19 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 
         if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
                 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_NO_CIPHER_SET);
-                goto err;
+                return 0;
         }
         keylen = EVP_CIPHER_CTX_key_length(ctx);
         if (keylen > sizeof key) {
                 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_BAD_KEY_LENGTH);
-                goto err;
+                return 0;
         }
 
         /* Decode parameter */
 
         if (!param || (param->type != V_ASN1_SEQUENCE)) {
                 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR);
-                goto err;
+                return 0;
         }
 
         pbuf = param->value.sequence->data;
@@ -256,11 +256,9 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 
         if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
                 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR);
-                goto err;
+                return 0;
         }
 
-        keylen = EVP_CIPHER_CTX_key_length(ctx);
-
         /* Now check the parameters of the kdf */
 
         if (kdf->keylength &&
diff --git a/src/lib/libssl/src/crypto/evp/p5_crpt2.c b/src/lib/libssl/src/crypto/evp/p5_crpt2.c
index 6fc88a0437..afafb9551f 100644
--- a/src/lib/libssl/src/crypto/evp/p5_crpt2.c
+++ b/src/lib/libssl/src/crypto/evp/p5_crpt2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p5_crpt2.c,v 1.19 2015/02/14 15:45:21 miod Exp $ */
+/* $OpenBSD: p5_crpt2.c,v 1.20 2015/02/14 15:49:51 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -236,19 +236,19 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 
         if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
                 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_NO_CIPHER_SET);
-                goto err;
+                return 0;
         }
         keylen = EVP_CIPHER_CTX_key_length(ctx);
         if (keylen > sizeof key) {
                 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_BAD_KEY_LENGTH);
-                goto err;
+                return 0;
         }
 
         /* Decode parameter */
 
         if (!param || (param->type != V_ASN1_SEQUENCE)) {
                 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR);
-                goto err;
+                return 0;
         }
 
         pbuf = param->value.sequence->data;
@@ -256,11 +256,9 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 
         if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
                 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR);
-                goto err;
+                return 0;
         }
 
-        keylen = EVP_CIPHER_CTX_key_length(ctx);
-
         /* Now check the parameters of the kdf */
 
         if (kdf->keylength &&