diff options
Diffstat (limited to 'src/lib/libcrypto/pem/pem_lib.c')
| -rw-r--r-- | src/lib/libcrypto/pem/pem_lib.c | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c index 50f5733654..3bec2d7e9f 100644 --- a/src/lib/libcrypto/pem/pem_lib.c +++ b/src/lib/libcrypto/pem/pem_lib.c | |||
| @@ -138,7 +138,7 @@ void PEM_proc_type(char *buf, int type) | |||
| 138 | 138 | ||
| 139 | void PEM_dek_info(char *buf, const char *type, int len, char *str) | 139 | void PEM_dek_info(char *buf, const char *type, int len, char *str) |
| 140 | { | 140 | { |
| 141 | static unsigned char map[17]="0123456789ABCDEF"; | 141 | static const unsigned char map[17]="0123456789ABCDEF"; |
| 142 | long i; | 142 | long i; |
| 143 | int j; | 143 | int j; |
| 144 | 144 | ||
| @@ -251,7 +251,7 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char | |||
| 251 | ret = 1; | 251 | ret = 1; |
| 252 | 252 | ||
| 253 | err: | 253 | err: |
| 254 | if (!pnm) OPENSSL_free(nm); | 254 | if (!ret || !pnm) OPENSSL_free(nm); |
| 255 | OPENSSL_free(header); | 255 | OPENSSL_free(header); |
| 256 | if (!ret) OPENSSL_free(data); | 256 | if (!ret) OPENSSL_free(data); |
| 257 | return ret; | 257 | return ret; |
| @@ -306,6 +306,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, | |||
| 306 | goto err; | 306 | goto err; |
| 307 | } | 307 | } |
| 308 | /* dzise + 8 bytes are needed */ | 308 | /* dzise + 8 bytes are needed */ |
| 309 | /* actually it needs the cipher block size extra... */ | ||
| 309 | data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20); | 310 | data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20); |
| 310 | if (data == NULL) | 311 | if (data == NULL) |
| 311 | { | 312 | { |
| @@ -335,13 +336,16 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, | |||
| 335 | kstr=(unsigned char *)buf; | 336 | kstr=(unsigned char *)buf; |
| 336 | } | 337 | } |
| 337 | RAND_add(data,i,0);/* put in the RSA key. */ | 338 | RAND_add(data,i,0);/* put in the RSA key. */ |
| 339 | OPENSSL_assert(enc->iv_len <= sizeof iv); | ||
| 338 | if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ | 340 | if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ |
| 339 | goto err; | 341 | goto err; |
| 340 | /* The 'iv' is used as the iv and as a salt. It is | 342 | /* The 'iv' is used as the iv and as a salt. It is |
| 341 | * NOT taken from the BytesToKey function */ | 343 | * NOT taken from the BytesToKey function */ |
| 342 | EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); | 344 | EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); |
| 343 | 345 | ||
| 344 | if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE); | 346 | if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE); |
| 347 | |||
| 348 | OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); | ||
| 345 | 349 | ||
| 346 | buf[0]='\0'; | 350 | buf[0]='\0'; |
| 347 | PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); | 351 | PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); |
| @@ -364,13 +368,13 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, | |||
| 364 | i=PEM_write_bio(bp,name,buf,data,i); | 368 | i=PEM_write_bio(bp,name,buf,data,i); |
| 365 | if (i <= 0) ret=0; | 369 | if (i <= 0) ret=0; |
| 366 | err: | 370 | err: |
| 367 | memset(key,0,sizeof(key)); | 371 | OPENSSL_cleanse(key,sizeof(key)); |
| 368 | memset(iv,0,sizeof(iv)); | 372 | OPENSSL_cleanse(iv,sizeof(iv)); |
| 369 | memset((char *)&ctx,0,sizeof(ctx)); | 373 | OPENSSL_cleanse((char *)&ctx,sizeof(ctx)); |
| 370 | memset(buf,0,PEM_BUFSIZE); | 374 | OPENSSL_cleanse(buf,PEM_BUFSIZE); |
| 371 | if (data != NULL) | 375 | if (data != NULL) |
| 372 | { | 376 | { |
| 373 | memset(data,0,(unsigned int)dsize); | 377 | OPENSSL_cleanse(data,(unsigned int)dsize); |
| 374 | OPENSSL_free(data); | 378 | OPENSSL_free(data); |
| 375 | } | 379 | } |
| 376 | return(ret); | 380 | return(ret); |
| @@ -411,8 +415,8 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, | |||
| 411 | EVP_DecryptUpdate(&ctx,data,&i,data,j); | 415 | EVP_DecryptUpdate(&ctx,data,&i,data,j); |
| 412 | o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j); | 416 | o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j); |
| 413 | EVP_CIPHER_CTX_cleanup(&ctx); | 417 | EVP_CIPHER_CTX_cleanup(&ctx); |
| 414 | memset((char *)buf,0,sizeof(buf)); | 418 | OPENSSL_cleanse((char *)buf,sizeof(buf)); |
| 415 | memset((char *)key,0,sizeof(key)); | 419 | OPENSSL_cleanse((char *)key,sizeof(key)); |
| 416 | j+=i; | 420 | j+=i; |
| 417 | if (!o) | 421 | if (!o) |
| 418 | { | 422 | { |
| @@ -693,7 +697,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, | |||
| 693 | if (strncmp(buf,"-----END ",9) == 0) | 697 | if (strncmp(buf,"-----END ",9) == 0) |
| 694 | break; | 698 | break; |
| 695 | if (i > 65) break; | 699 | if (i > 65) break; |
| 696 | if (!BUF_MEM_grow(dataB,i+bl+9)) | 700 | if (!BUF_MEM_grow_clean(dataB,i+bl+9)) |
| 697 | { | 701 | { |
| 698 | PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); | 702 | PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); |
| 699 | goto err; | 703 | goto err; |