diff options
Diffstat (limited to 'src/lib/libcrypto/pem/pem_lib.c')
| -rw-r--r-- | src/lib/libcrypto/pem/pem_lib.c | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c index a8db6ffbf5..70b5446797 100644 --- a/src/lib/libcrypto/pem/pem_lib.c +++ b/src/lib/libcrypto/pem/pem_lib.c | |||
| @@ -138,7 +138,7 @@ void PEM_proc_type(char *buf, int type) | |||
| 138 | 138 | ||
| 139 | void PEM_dek_info(char *buf, const char *type, int len, char *str) | 139 | void PEM_dek_info(char *buf, const char *type, int len, char *str) |
| 140 | { | 140 | { |
| 141 | static unsigned char map[17]="0123456789ABCDEF"; | 141 | static const unsigned char map[17]="0123456789ABCDEF"; |
| 142 | long i; | 142 | long i; |
| 143 | int j; | 143 | int j; |
| 144 | 144 | ||
| @@ -249,7 +249,7 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char | |||
| 249 | ret = 1; | 249 | ret = 1; |
| 250 | 250 | ||
| 251 | err: | 251 | err: |
| 252 | if (!pnm) OPENSSL_free(nm); | 252 | if (!ret || !pnm) OPENSSL_free(nm); |
| 253 | OPENSSL_free(header); | 253 | OPENSSL_free(header); |
| 254 | if (!ret) OPENSSL_free(data); | 254 | if (!ret) OPENSSL_free(data); |
| 255 | return ret; | 255 | return ret; |
| @@ -304,6 +304,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, | |||
| 304 | goto err; | 304 | goto err; |
| 305 | } | 305 | } |
| 306 | /* dzise + 8 bytes are needed */ | 306 | /* dzise + 8 bytes are needed */ |
| 307 | /* actually it needs the cipher block size extra... */ | ||
| 307 | data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20); | 308 | data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20); |
| 308 | if (data == NULL) | 309 | if (data == NULL) |
| 309 | { | 310 | { |
| @@ -333,13 +334,16 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, | |||
| 333 | kstr=(unsigned char *)buf; | 334 | kstr=(unsigned char *)buf; |
| 334 | } | 335 | } |
| 335 | RAND_add(data,i,0);/* put in the RSA key. */ | 336 | RAND_add(data,i,0);/* put in the RSA key. */ |
| 337 | OPENSSL_assert(enc->iv_len <= sizeof iv); | ||
| 336 | if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ | 338 | if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ |
| 337 | goto err; | 339 | goto err; |
| 338 | /* The 'iv' is used as the iv and as a salt. It is | 340 | /* The 'iv' is used as the iv and as a salt. It is |
| 339 | * NOT taken from the BytesToKey function */ | 341 | * NOT taken from the BytesToKey function */ |
| 340 | EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); | 342 | EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); |
| 341 | 343 | ||
| 342 | if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE); | 344 | if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE); |
| 345 | |||
| 346 | OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); | ||
| 343 | 347 | ||
| 344 | buf[0]='\0'; | 348 | buf[0]='\0'; |
| 345 | PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); | 349 | PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); |
| @@ -362,13 +366,13 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, | |||
| 362 | i=PEM_write_bio(bp,name,buf,data,i); | 366 | i=PEM_write_bio(bp,name,buf,data,i); |
| 363 | if (i <= 0) ret=0; | 367 | if (i <= 0) ret=0; |
| 364 | err: | 368 | err: |
| 365 | memset(key,0,sizeof(key)); | 369 | OPENSSL_cleanse(key,sizeof(key)); |
| 366 | memset(iv,0,sizeof(iv)); | 370 | OPENSSL_cleanse(iv,sizeof(iv)); |
| 367 | memset((char *)&ctx,0,sizeof(ctx)); | 371 | OPENSSL_cleanse((char *)&ctx,sizeof(ctx)); |
| 368 | memset(buf,0,PEM_BUFSIZE); | 372 | OPENSSL_cleanse(buf,PEM_BUFSIZE); |
| 369 | if (data != NULL) | 373 | if (data != NULL) |
| 370 | { | 374 | { |
| 371 | memset(data,0,(unsigned int)dsize); | 375 | OPENSSL_cleanse(data,(unsigned int)dsize); |
| 372 | OPENSSL_free(data); | 376 | OPENSSL_free(data); |
| 373 | } | 377 | } |
| 374 | return(ret); | 378 | return(ret); |
| @@ -409,8 +413,8 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, | |||
| 409 | EVP_DecryptUpdate(&ctx,data,&i,data,j); | 413 | EVP_DecryptUpdate(&ctx,data,&i,data,j); |
| 410 | o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j); | 414 | o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j); |
| 411 | EVP_CIPHER_CTX_cleanup(&ctx); | 415 | EVP_CIPHER_CTX_cleanup(&ctx); |
| 412 | memset((char *)buf,0,sizeof(buf)); | 416 | OPENSSL_cleanse((char *)buf,sizeof(buf)); |
| 413 | memset((char *)key,0,sizeof(key)); | 417 | OPENSSL_cleanse((char *)key,sizeof(key)); |
| 414 | j+=i; | 418 | j+=i; |
| 415 | if (!o) | 419 | if (!o) |
| 416 | { | 420 | { |
| @@ -691,7 +695,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, | |||
| 691 | if (strncmp(buf,"-----END ",9) == 0) | 695 | if (strncmp(buf,"-----END ",9) == 0) |
| 692 | break; | 696 | break; |
| 693 | if (i > 65) break; | 697 | if (i > 65) break; |
| 694 | if (!BUF_MEM_grow(dataB,i+bl+9)) | 698 | if (!BUF_MEM_grow_clean(dataB,i+bl+9)) |
| 695 | { | 699 | { |
| 696 | PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); | 700 | PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); |
| 697 | goto err; | 701 | goto err; |