summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp/p5_crpt2.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/evp/p5_crpt2.c')
-rw-r--r--src/lib/libcrypto/evp/p5_crpt2.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
index 7485d6a278..1f94e1ef88 100644
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -190,6 +190,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
190 goto err; 190 goto err;
191 } 191 }
192 keylen = EVP_CIPHER_CTX_key_length(ctx); 192 keylen = EVP_CIPHER_CTX_key_length(ctx);
193 OPENSSL_assert(keylen <= sizeof key);
193 194
194 /* Now decode key derivation function */ 195 /* Now decode key derivation function */
195 196
@@ -230,7 +231,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
230 iter = ASN1_INTEGER_get(kdf->iter); 231 iter = ASN1_INTEGER_get(kdf->iter);
231 PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key); 232 PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
232 EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); 233 EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
233 memset(key, 0, keylen); 234 OPENSSL_cleanse(key, keylen);
234 PBKDF2PARAM_free(kdf); 235 PBKDF2PARAM_free(kdf);
235 return 1; 236 return 1;
236 237
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-10 01:14:36 +0000