void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
{
- unsigned char *out, *p;
+ unsigned char *out;
+ const unsigned char *p;
void *ret;
int outlen;
if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
&out, &outlen, 0)) {
- PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
+ PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
return NULL;
}
p = out;
}
#endif
ret = ASN1_item_d2i(NULL, &p, outlen, it);
- if (zbuf) memset(out, 0, outlen);
- if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
+ if (zbuf) OPENSSL_cleanse(out, outlen);
+ if(!ret) PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
OPENSSL_free(out);
return ret;
}
unsigned char *in = NULL;
int inlen;
if (!(oct = M_ASN1_OCTET_STRING_new ())) {
- PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
+ PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
return NULL;
}
inlen = ASN1_item_i2d(obj, &in, it);
if (!in) {
- PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
+ PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
return NULL;
}
if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
&oct->length, 1)) {
- PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
+ PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
OPENSSL_free(in);
return NULL;
}
- if (zbuf) memset(in, 0, inlen);
+ if (zbuf) OPENSSL_cleanse(in, inlen);
OPENSSL_free(in);
return oct;
}