If we're going to return errors (no matter how stupid), then we should

[openssl.git] / crypto / hmac / hm_pmeth.c

diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c
index 53a3f00f2fbc8da8503009a04284f92c0c537f89..985921ca1ae20c7dda07cb52bc368916d954dd01 100644 (file)
--- a/crypto/hmac/hm_pmeth.c
+++ b/crypto/hmac/hm_pmeth.c
@@ -1,4 +1,4 @@
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2007.
  */
 /* ====================================================================
@@ -80,11 +80,14 @@ static int pkey_hmac_init(EVP_PKEY_CTX *ctx)
                return 0;
        hctx->md = NULL;
        hctx->ktmp.data = NULL;
+       hctx->ktmp.length = 0;
+       hctx->ktmp.flags = 0;
+       hctx->ktmp.type = V_ASN1_OCTET_STRING;
        HMAC_CTX_init(&hctx->ctx);
 
        ctx->data = hctx;
        ctx->keygen_info_count = 0;
-       
+
        return 1;
        }
 
@@ -113,7 +116,8 @@ static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx)
        HMAC_CTX_cleanup(&hctx->ctx);
        if (hctx->ktmp.data)
                {
-               OPENSSL_cleanse(hctx->ktmp.data, hctx->ktmp.length);
+               if (hctx->ktmp.length)
+                       OPENSSL_cleanse(hctx->ktmp.data, hctx->ktmp.length);
                OPENSSL_free(hctx->ktmp.data);
                hctx->ktmp.data = NULL;
                }
@@ -153,7 +157,11 @@ static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
        {
        unsigned int hlen;
        HMAC_PKEY_CTX *hctx = ctx->data;
-       *siglen = EVP_MD_CTX_size(mctx);
+       int l = EVP_MD_CTX_size(mctx);
+
+       if (l < 0)
+               return 0;
+       *siglen = l;
        if (!sig)
                return 1;
 
@@ -202,8 +210,9 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
                }
        if (!strcmp(type, "key"))
                {
+               void *p = (void *)value;
                return pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
-                               -1, (void *)value);
+                               -1, p);
                }
        if (!strcmp(type, "hexkey"))
                {