If we're going to return errors (no matter how stupid), then we should
[openssl.git] / crypto / pkcs12 / p12_key.c
index 9e57eee..b72cf16 100644 (file)
@@ -81,6 +81,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
        int ret;
        unsigned char *unipass;
        int uniplen;
+
        if(!pass) {
                unipass = NULL;
                uniplen = 0;
@@ -90,6 +91,8 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
        }
        ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
                                                 id, iter, n, out, md_type);
+       if (ret <= 0)
+           return 0;
        if(unipass) {
                OPENSSL_cleanse(unipass, uniplen);      /* Clear password from memory */
                OPENSSL_free(unipass);
@@ -129,6 +132,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 #endif
        v = EVP_MD_block_size (md_type);
        u = EVP_MD_size (md_type);
+       if (u < 0)
+           return 0;
        D = OPENSSL_malloc (v);
        Ai = OPENSSL_malloc (u);
        B = OPENSSL_malloc (v + 1);