void PEM_dek_info(char *buf, const char *type, int len, char *str)
{
- static unsigned char map[17]="0123456789ABCDEF";
+ static const unsigned char map[17]="0123456789ABCDEF";
long i;
int j;
goto err;
}
/* dzise + 8 bytes are needed */
+ /* actually it needs the cipher block size extra... */
data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);
if (data == NULL)
{
kstr=(unsigned char *)buf;
}
RAND_add(data,i,0);/* put in the RSA key. */
+ OPENSSL_assert(enc->iv_len <= sizeof iv);
if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
goto err;
/* The 'iv' is used as the iv and as a salt. It is
* NOT taken from the BytesToKey function */
EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
- if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);
+ if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
+
+ OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
buf[0]='\0';
PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
i=PEM_write_bio(bp,name,buf,data,i);
if (i <= 0) ret=0;
err:
- memset(key,0,sizeof(key));
- memset(iv,0,sizeof(iv));
- memset((char *)&ctx,0,sizeof(ctx));
- memset(buf,0,PEM_BUFSIZE);
+ OPENSSL_cleanse(key,sizeof(key));
+ OPENSSL_cleanse(iv,sizeof(iv));
+ OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+ OPENSSL_cleanse(buf,PEM_BUFSIZE);
if (data != NULL)
{
- memset(data,0,(unsigned int)dsize);
+ OPENSSL_cleanse(data,(unsigned int)dsize);
OPENSSL_free(data);
}
return(ret);
EVP_DecryptUpdate(&ctx,data,&i,data,j);
o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
EVP_CIPHER_CTX_cleanup(&ctx);
- memset((char *)buf,0,sizeof(buf));
- memset((char *)key,0,sizeof(key));
+ OPENSSL_cleanse((char *)buf,sizeof(buf));
+ OPENSSL_cleanse((char *)key,sizeof(key));
j+=i;
if (!o)
{
if (strncmp(buf,"-----END ",9) == 0)
break;
if (i > 65) break;
- if (!BUF_MEM_grow(dataB,i+bl+9))
+ if (!BUF_MEM_grow_clean(dataB,i+bl+9))
{
PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
goto err;