If we're going to return errors (no matter how stupid), then we should

[openssl.git] / crypto / pkcs12 / p12_key.c

diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c
index 9e57eee4a4d09ca12a3be78d7cdaf8553adb1b6f..b72cf1638b96ff474138bada88704682c883d1af 100644 (file)
--- a/crypto/pkcs12/p12_key.c
+++ b/crypto/pkcs12/p12_key.c
@@ -81,6 +81,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
        int ret;
        unsigned char *unipass;
        int uniplen;
+
        if(!pass) {
                unipass = NULL;
                uniplen = 0;
@@ -90,6 +91,8 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
        }
        ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
                                                 id, iter, n, out, md_type);
+       if (ret <= 0)
+           return 0;
        if(unipass) {
                OPENSSL_cleanse(unipass, uniplen);      /* Clear password from memory */
                OPENSSL_free(unipass);
@@ -129,6 +132,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 #endif
        v = EVP_MD_block_size (md_type);
        u = EVP_MD_size (md_type);
+       if (u < 0)
+           return 0;
        D = OPENSSL_malloc (v);
        Ai = OPENSSL_malloc (u);
        B = OPENSSL_malloc (v + 1);