PKCS#12 mac key length should equal digest length.

author Dr. Stephen Henson <steve@openssl.org>

Wed, 17 May 2006 18:19:51 +0000 (18:19 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 17 May 2006 18:19:51 +0000 (18:19 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Wed, 17 May 2006 18:19:51 +0000 (18:19 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 17 May 2006 18:19:51 +0000 (18:19 +0000)
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c

index 7bff04889c35f41cd67ae7c7d353af3adee0e3a3..c408cc8ab8df6212e3c9a6c272d0a6501ad1c96a 100644 (file)
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -69,7 +69,7 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
  {
         const EVP_MD *md_type;
         HMAC_CTX hmac;
-       unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
+       unsigned char key[EVP_MAX_MD_SIZE], *salt;
         int saltlen, iter;
  
         if (!PKCS7_type_is_data(p12->authsafes))
@@ -88,12 +88,12 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
                 return 0;
         }
         if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
-                                PKCS12_MAC_KEY_LENGTH, key, md_type)) {
+                                EVP_MD_size(md_type), key, md_type)) {
                 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
                 return 0;
         }
         HMAC_CTX_init(&hmac);
-       HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL);
+       HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL);
         HMAC_Update(&hmac, p12->authsafes->d.data->data,
                                          p12->authsafes->d.data->length);
         HMAC_Final(&hmac, mac, maclen);
author	Dr. Stephen Henson <steve@openssl.org>
	Wed, 17 May 2006 18:19:51 +0000 (18:19 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 17 May 2006 18:19:51 +0000 (18:19 +0000)