diff options
Diffstat (limited to 'src/lib/libcrypto/cms/cms_pwri.c')
| -rw-r--r-- | src/lib/libcrypto/cms/cms_pwri.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/src/lib/libcrypto/cms/cms_pwri.c b/src/lib/libcrypto/cms/cms_pwri.c index b6fe5df961..f64f4ab68c 100644 --- a/src/lib/libcrypto/cms/cms_pwri.c +++ b/src/lib/libcrypto/cms/cms_pwri.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: cms_pwri.c,v 1.31 2024/01/14 18:40:24 tb Exp $ */ | 1 | /* $OpenBSD: cms_pwri.c,v 1.35 2025/09/30 12:51:16 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 3 | * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 4 | * project. | 4 | * project. |
| @@ -58,13 +58,13 @@ | |||
| 58 | #include <string.h> | 58 | #include <string.h> |
| 59 | 59 | ||
| 60 | #include <openssl/asn1.h> | 60 | #include <openssl/asn1.h> |
| 61 | #include <openssl/err.h> | ||
| 62 | #include <openssl/evp.h> | 61 | #include <openssl/evp.h> |
| 63 | #include <openssl/cms.h> | 62 | #include <openssl/cms.h> |
| 64 | #include <openssl/objects.h> | 63 | #include <openssl/objects.h> |
| 65 | #include <openssl/x509.h> | 64 | #include <openssl/x509.h> |
| 66 | 65 | ||
| 67 | #include "cms_local.h" | 66 | #include "cms_local.h" |
| 67 | #include "err_local.h" | ||
| 68 | #include "evp_local.h" | 68 | #include "evp_local.h" |
| 69 | #include "x509_local.h" | 69 | #include "x509_local.h" |
| 70 | 70 | ||
| @@ -267,7 +267,7 @@ kek_unwrap_key(unsigned char *out, size_t *outlen, const unsigned char *in, | |||
| 267 | /* Check byte failure */ | 267 | /* Check byte failure */ |
| 268 | goto err; | 268 | goto err; |
| 269 | } | 269 | } |
| 270 | if (inlen < (size_t)(tmp[0] - 4)) { | 270 | if (inlen < 4 + (size_t)tmp[0]) { |
| 271 | /* Invalid length value */ | 271 | /* Invalid length value */ |
| 272 | goto err; | 272 | goto err; |
| 273 | } | 273 | } |
| @@ -368,13 +368,13 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, | |||
| 368 | kekcipher = EVP_get_cipherbyobj(kekalg->algorithm); | 368 | kekcipher = EVP_get_cipherbyobj(kekalg->algorithm); |
| 369 | if (!kekcipher) { | 369 | if (!kekcipher) { |
| 370 | CMSerror(CMS_R_UNKNOWN_CIPHER); | 370 | CMSerror(CMS_R_UNKNOWN_CIPHER); |
| 371 | return 0; | 371 | goto err; |
| 372 | } | 372 | } |
| 373 | 373 | ||
| 374 | kekctx = EVP_CIPHER_CTX_new(); | 374 | kekctx = EVP_CIPHER_CTX_new(); |
| 375 | if (kekctx == NULL) { | 375 | if (kekctx == NULL) { |
| 376 | CMSerror(ERR_R_MALLOC_FAILURE); | 376 | CMSerror(ERR_R_MALLOC_FAILURE); |
| 377 | return 0; | 377 | goto err; |
| 378 | } | 378 | } |
| 379 | /* Fixup cipher based on AlgorithmIdentifier to set IV etc */ | 379 | /* Fixup cipher based on AlgorithmIdentifier to set IV etc */ |
| 380 | if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de)) | 380 | if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de)) |
| @@ -389,8 +389,8 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, | |||
| 389 | 389 | ||
| 390 | /* Finish password based key derivation to setup key in "ctx" */ | 390 | /* Finish password based key derivation to setup key in "ctx" */ |
| 391 | 391 | ||
| 392 | if (EVP_PBE_CipherInit(algtmp->algorithm, (char *)pwri->pass, | 392 | if (!EVP_PBE_CipherInit(algtmp->algorithm, (char *)pwri->pass, |
| 393 | pwri->passlen, algtmp->parameter, kekctx, en_de) < 0) { | 393 | pwri->passlen, algtmp->parameter, kekctx, en_de)) { |
| 394 | CMSerror(ERR_R_EVP_LIB); | 394 | CMSerror(ERR_R_EVP_LIB); |
| 395 | goto err; | 395 | goto err; |
| 396 | } | 396 | } |