Revert CFB block length change. Despite what SP800-38a says the input to

[openssl.git] / crypto / evp / p5_crpt2.c

diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index 94189ff9f75a65fd821f1e7e2949d2e4accadfc0..334379f310b66cd4f9d1f060a1c193ee86192649 100644 (file)
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -1,5 +1,5 @@
 /* p5_crpt2.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
 /* ====================================================================
@@ -87,6 +87,8 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
        HMAC_CTX hctx;
 
        mdlen = EVP_MD_size(digest);
+       if (mdlen < 0)
+               return 0;
 
        HMAC_CTX_init(&hctx);
        p = out;
@@ -200,8 +202,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        /* lets see if we recognise the encryption algorithm.
         */
 
-       cipher = EVP_get_cipherbyname(
-                       OBJ_nid2sn(OBJ_obj2nid(pbe2->encryption->algorithm)));
+       cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm);
 
        if(!cipher) {
                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
@@ -274,8 +275,9 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        salt = kdf->salt->value.octet_string->data;
        saltlen = kdf->salt->value.octet_string->length;
        iter = ASN1_INTEGER_get(kdf->iter);
-       PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
-                                                               keylen, key);
+       if(!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
+                                                  keylen, key))
+               goto err;
        EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
        OPENSSL_cleanse(key, keylen);
        PBKDF2PARAM_free(kdf);