aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/evp/p5_crpt.c
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2020-03-17 21:27:57 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2020-03-17 21:27:57 +0000
commitaa144ced5d61b5c7fb74acaebb37d85bd08f0416 (patch)
tree2de6902cff4b007f4fae30a7d6c546b4dd3d1740 /crypto/evp/p5_crpt.c
parentfbc3ad1ae1976eb5f2bac351260f2c5ee255c27f (diff)
downloadsrc-aa144ced5d61b5c7fb74acaebb37d85bd08f0416.tar.gz
src-aa144ced5d61b5c7fb74acaebb37d85bd08f0416.zip
Import OpenSSL 1.1.1e.vendor/openssl/1.1.1e
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=359051 svn path=/vendor-crypto/openssl/1.1.1e/; revision=359052; tag=vendor/openssl/1.1.1e
Diffstat (limited to 'crypto/evp/p5_crpt.c')
-rw-r--r--crypto/evp/p5_crpt.c26
1 files changed, 19 insertions, 7 deletions
diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c
index 7e55d0bfb817..6c5f45f73368 100644
--- a/crypto/evp/p5_crpt.c
+++ b/crypto/evp/p5_crpt.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -28,7 +28,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
EVP_MD_CTX *ctx;
unsigned char md_tmp[EVP_MAX_MD_SIZE];
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
- int i;
+ int i, ivl, kl;
PBEPARAM *pbe;
int saltlen, iter;
unsigned char *salt;
@@ -48,6 +48,19 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
return 0;
}
+ ivl = EVP_CIPHER_iv_length(cipher);
+ if (ivl < 0 || ivl > 16) {
+ EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_IV_LENGTH);
+ PBEPARAM_free(pbe);
+ return 0;
+ }
+ kl = EVP_CIPHER_key_length(cipher);
+ if (kl < 0 || kl > (int)sizeof(md_tmp)) {
+ EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_KEY_LENGTH);
+ PBEPARAM_free(pbe);
+ return 0;
+ }
+
if (!pbe->iter)
iter = 1;
else
@@ -73,6 +86,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
if (!EVP_DigestUpdate(ctx, salt, saltlen))
goto err;
PBEPARAM_free(pbe);
+ pbe = NULL;
if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
goto err;
mdsize = EVP_MD_size(md);
@@ -86,11 +100,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
goto err;
}
- OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
- memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
- OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
- memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
- EVP_CIPHER_iv_length(cipher));
+ memcpy(key, md_tmp, kl);
+ memcpy(iv, md_tmp + (16 - ivl), ivl);
if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
goto err;
OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
@@ -98,6 +109,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
rv = 1;
err:
+ PBEPARAM_free(pbe);
EVP_MD_CTX_free(ctx);
return rv;
}