diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/asn1/p5_pbe.c | 32 |
1 files changed, 19 insertions, 13 deletions
diff --git a/src/lib/libcrypto/asn1/p5_pbe.c b/src/lib/libcrypto/asn1/p5_pbe.c index 668bf5d7c1..feccf8af58 100644 --- a/src/lib/libcrypto/asn1/p5_pbe.c +++ b/src/lib/libcrypto/asn1/p5_pbe.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p5_pbe.c,v 1.30 2025/05/24 02:57:14 tb Exp $ */ | 1 | /* $OpenBSD: p5_pbe.c,v 1.31 2025/12/07 09:27:02 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -129,7 +129,6 @@ PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, | |||
| 129 | { | 129 | { |
| 130 | PBEPARAM *pbe = NULL; | 130 | PBEPARAM *pbe = NULL; |
| 131 | ASN1_STRING *pbe_str = NULL; | 131 | ASN1_STRING *pbe_str = NULL; |
| 132 | unsigned char *sstr; | ||
| 133 | 132 | ||
| 134 | if ((pbe = PBEPARAM_new()) == NULL) { | 133 | if ((pbe = PBEPARAM_new()) == NULL) { |
| 135 | ASN1error(ERR_R_MALLOC_FAILURE); | 134 | ASN1error(ERR_R_MALLOC_FAILURE); |
| @@ -141,17 +140,24 @@ PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, | |||
| 141 | ASN1error(ERR_R_MALLOC_FAILURE); | 140 | ASN1error(ERR_R_MALLOC_FAILURE); |
| 142 | goto err; | 141 | goto err; |
| 143 | } | 142 | } |
| 144 | if (!saltlen) | 143 | if (saltlen < 0) |
| 145 | saltlen = PKCS5_PBE1_SALT_LEN; | ||
| 146 | if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) { | ||
| 147 | ASN1error(ERR_R_MALLOC_FAILURE); | ||
| 148 | goto err; | 144 | goto err; |
| 149 | } | 145 | if (saltlen == 0) |
| 150 | sstr = ASN1_STRING_data(pbe->salt); | 146 | saltlen = PKCS5_PBE1_SALT_LEN; |
| 151 | if (salt) | 147 | if (salt != NULL) { |
| 152 | memcpy(sstr, salt, saltlen); | 148 | if (!ASN1_STRING_set(pbe->salt, salt, saltlen)) |
| 153 | else | 149 | goto err; |
| 150 | } else { | ||
| 151 | unsigned char *sstr = NULL; | ||
| 152 | |||
| 153 | if ((sstr = malloc(saltlen)) == NULL) { | ||
| 154 | ASN1error(ERR_R_MALLOC_FAILURE); | ||
| 155 | goto err; | ||
| 156 | } | ||
| 154 | arc4random_buf(sstr, saltlen); | 157 | arc4random_buf(sstr, saltlen); |
| 158 | ASN1_STRING_set0(pbe->salt, sstr, saltlen); | ||
| 159 | sstr = NULL; | ||
| 160 | } | ||
| 155 | 161 | ||
| 156 | if (!ASN1_item_pack(pbe, &PBEPARAM_it, &pbe_str)) { | 162 | if (!ASN1_item_pack(pbe, &PBEPARAM_it, &pbe_str)) { |
| 157 | ASN1error(ERR_R_MALLOC_FAILURE); | 163 | ASN1error(ERR_R_MALLOC_FAILURE); |
| @@ -165,9 +171,9 @@ PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, | |||
| 165 | return 1; | 171 | return 1; |
| 166 | 172 | ||
| 167 | err: | 173 | err: |
| 168 | if (pbe != NULL) | 174 | PBEPARAM_free(pbe); |
| 169 | PBEPARAM_free(pbe); | ||
| 170 | ASN1_STRING_free(pbe_str); | 175 | ASN1_STRING_free(pbe_str); |
| 176 | |||
| 171 | return 0; | 177 | return 0; |
| 172 | } | 178 | } |
| 173 | 179 | ||