diff options
Diffstat (limited to 'src/lib/libcrypto/pkcs12')
| -rw-r--r-- | src/lib/libcrypto/pkcs12/p12_crpt.c | 6 | ||||
| -rw-r--r-- | src/lib/libcrypto/pkcs12/p12_init.c | 12 | ||||
| -rw-r--r-- | src/lib/libcrypto/pkcs12/p12_kiss.c | 18 | ||||
| -rw-r--r-- | src/lib/libcrypto/pkcs12/p12_mutl.c | 5 |
4 files changed, 29 insertions, 12 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c index 5e8958612b..003ec7a33e 100644 --- a/src/lib/libcrypto/pkcs12/p12_crpt.c +++ b/src/lib/libcrypto/pkcs12/p12_crpt.c | |||
| @@ -88,7 +88,7 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 88 | ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) | 88 | ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) |
| 89 | { | 89 | { |
| 90 | PBEPARAM *pbe; | 90 | PBEPARAM *pbe; |
| 91 | int saltlen, iter; | 91 | int saltlen, iter, ret; |
| 92 | unsigned char *salt, *pbuf; | 92 | unsigned char *salt, *pbuf; |
| 93 | unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; | 93 | unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; |
| 94 | 94 | ||
| @@ -117,8 +117,8 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 117 | return 0; | 117 | return 0; |
| 118 | } | 118 | } |
| 119 | PBEPARAM_free(pbe); | 119 | PBEPARAM_free(pbe); |
| 120 | EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); | 120 | ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); |
| 121 | OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); | 121 | OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); |
| 122 | OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); | 122 | OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); |
| 123 | return 1; | 123 | return ret; |
| 124 | } | 124 | } |
diff --git a/src/lib/libcrypto/pkcs12/p12_init.c b/src/lib/libcrypto/pkcs12/p12_init.c index eb837a78cf..5276b12669 100644 --- a/src/lib/libcrypto/pkcs12/p12_init.c +++ b/src/lib/libcrypto/pkcs12/p12_init.c | |||
| @@ -76,15 +76,17 @@ PKCS12 *PKCS12_init (int mode) | |||
| 76 | if (!(pkcs12->authsafes->d.data = | 76 | if (!(pkcs12->authsafes->d.data = |
| 77 | M_ASN1_OCTET_STRING_new())) { | 77 | M_ASN1_OCTET_STRING_new())) { |
| 78 | PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); | 78 | PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); |
| 79 | return NULL; | 79 | goto err; |
| 80 | } | 80 | } |
| 81 | break; | 81 | break; |
| 82 | default: | 82 | default: |
| 83 | PKCS12err(PKCS12_F_PKCS12_INIT,PKCS12_R_UNSUPPORTED_PKCS12_MODE); | 83 | PKCS12err(PKCS12_F_PKCS12_INIT, |
| 84 | PKCS12_free(pkcs12); | 84 | PKCS12_R_UNSUPPORTED_PKCS12_MODE); |
| 85 | return NULL; | 85 | goto err; |
| 86 | break; | ||
| 87 | } | 86 | } |
| 88 | 87 | ||
| 89 | return pkcs12; | 88 | return pkcs12; |
| 89 | err: | ||
| 90 | if (pkcs12 != NULL) PKCS12_free(pkcs12); | ||
| 91 | return NULL; | ||
| 90 | } | 92 | } |
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c index 885087ad00..2b31999e11 100644 --- a/src/lib/libcrypto/pkcs12/p12_kiss.c +++ b/src/lib/libcrypto/pkcs12/p12_kiss.c | |||
| @@ -249,14 +249,26 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, | |||
| 249 | if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) | 249 | if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) |
| 250 | return 1; | 250 | return 1; |
| 251 | if (!(x509 = PKCS12_certbag2x509(bag))) return 0; | 251 | if (!(x509 = PKCS12_certbag2x509(bag))) return 0; |
| 252 | if(ckid) X509_keyid_set1(x509, ckid->data, ckid->length); | 252 | if(ckid) |
| 253 | { | ||
| 254 | if (!X509_keyid_set1(x509, ckid->data, ckid->length)) | ||
| 255 | { | ||
| 256 | X509_free(x509); | ||
| 257 | return 0; | ||
| 258 | } | ||
| 259 | } | ||
| 253 | if(fname) { | 260 | if(fname) { |
| 254 | int len; | 261 | int len, r; |
| 255 | unsigned char *data; | 262 | unsigned char *data; |
| 256 | len = ASN1_STRING_to_UTF8(&data, fname); | 263 | len = ASN1_STRING_to_UTF8(&data, fname); |
| 257 | if(len > 0) { | 264 | if(len > 0) { |
| 258 | X509_alias_set1(x509, data, len); | 265 | r = X509_alias_set1(x509, data, len); |
| 259 | OPENSSL_free(data); | 266 | OPENSSL_free(data); |
| 267 | if (!r) | ||
| 268 | { | ||
| 269 | X509_free(x509); | ||
| 270 | return 0; | ||
| 271 | } | ||
| 260 | } | 272 | } |
| 261 | } | 273 | } |
| 262 | 274 | ||
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c index 0fb67f74b8..4886b9b289 100644 --- a/src/lib/libcrypto/pkcs12/p12_mutl.c +++ b/src/lib/libcrypto/pkcs12/p12_mutl.c | |||
| @@ -148,7 +148,10 @@ int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen, | |||
| 148 | PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); | 148 | PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); |
| 149 | return 0; | 149 | return 0; |
| 150 | } | 150 | } |
| 151 | ASN1_INTEGER_set(p12->mac->iter, iter); | 151 | if (!ASN1_INTEGER_set(p12->mac->iter, iter)) { |
| 152 | PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); | ||
| 153 | return 0; | ||
| 154 | } | ||
| 152 | } | 155 | } |
| 153 | if (!saltlen) saltlen = PKCS12_SALT_LEN; | 156 | if (!saltlen) saltlen = PKCS12_SALT_LEN; |
| 154 | p12->mac->salt->length = saltlen; | 157 | p12->mac->salt->length = saltlen; |