X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fcms%2Fcms_pwri.c;h=d662938768cb268d3e60056de19330576f173c7f;hp=dd5f6361451264efaae3f7f73e2b3ab676500343;hb=eda34e4bef33a3b8f1e207bf04769007c70cbd1e;hpb=5fe736e5fc29353706c2c1a5ae8bd97f3d7a35e9

diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index dd5f636145..d662938768 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -52,7 +52,7 @@
  * ====================================================================
  */
 
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
@@ -121,6 +121,9 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
 
     /* Setup algorithm identifier for cipher */
     encalg = X509_ALGOR_new();
+    if (encalg == NULL) {
+        goto merr;
+    }
     EVP_CIPHER_CTX_init(&ctx);
 
     if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) {
@@ -131,7 +134,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
     ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
 
     if (ivlen > 0) {
-        if (RAND_pseudo_bytes(iv, ivlen) <= 0)
+        if (RAND_bytes(iv, ivlen) <= 0)
             goto err;
         if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) {
             CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
@@ -155,11 +158,11 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
 
     /* Initialize recipient info */
     ri = M_ASN1_new_of(CMS_RecipientInfo);
-    if (!ri)
+    if (ri == NULL)
         goto merr;
 
     ri->d.pwri = M_ASN1_new_of(CMS_PasswordRecipientInfo);
-    if (!ri->d.pwri)
+    if (ri->d.pwri == NULL)
         goto merr;
     ri->type = CMS_RECIPINFO_PASS;
 
@@ -167,11 +170,11 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
     /* Since this is overwritten, free up empty structure already there */
     X509_ALGOR_free(pwri->keyEncryptionAlgorithm);
     pwri->keyEncryptionAlgorithm = X509_ALGOR_new();
-    if (!pwri->keyEncryptionAlgorithm)
+    if (pwri->keyEncryptionAlgorithm == NULL)
         goto merr;
     pwri->keyEncryptionAlgorithm->algorithm = OBJ_nid2obj(wrap_nid);
     pwri->keyEncryptionAlgorithm->parameter = ASN1_TYPE_new();
-    if (!pwri->keyEncryptionAlgorithm->parameter)
+    if (pwri->keyEncryptionAlgorithm->parameter == NULL)
         goto merr;
 
     if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR),
@@ -204,8 +207,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
     EVP_CIPHER_CTX_cleanup(&ctx);
     if (ri)
         M_ASN1_free_of(ri, CMS_RecipientInfo);
-    if (encalg)
-        X509_ALGOR_free(encalg);
+    X509_ALGOR_free(encalg);
     return NULL;
 
 }
@@ -231,7 +233,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
         return 0;
     }
     tmp = OPENSSL_malloc(inlen);
-    if(!tmp)
+    if (tmp == NULL)
         return 0;
     /* setup IV by decrypting last two blocks */
     if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
@@ -264,8 +266,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
     memcpy(out, tmp + 4, *outlen);
     rv = 1;
  err:
-    OPENSSL_cleanse(tmp, inlen);
-    OPENSSL_free(tmp);
+    OPENSSL_clear_free(tmp, inlen);
     return rv;
 
 }
@@ -299,8 +300,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
         out[3] = in[2] ^ 0xFF;
         memcpy(out + 4, in, inlen);
         /* Add random padding to end */
-        if (olen > inlen + 4)
-            RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen);
+        if (olen > inlen + 4
+            && RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0)
+            return 0;
         /* Encrypt twice */
         if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen)
             || !EVP_EncryptUpdate(ctx, out, &dummy, out, olen))
@@ -319,8 +321,6 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 {
     CMS_EncryptedContentInfo *ec;
     CMS_PasswordRecipientInfo *pwri;
-    const unsigned char *p = NULL;
-    int plen;
     int r = 0;
     X509_ALGOR *algtmp, *kekalg = NULL;
     EVP_CIPHER_CTX kekctx;
@@ -345,11 +345,9 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
         return 0;
     }
 
-    if (algtmp->parameter->type == V_ASN1_SEQUENCE) {
-        p = algtmp->parameter->value.sequence->data;
-        plen = algtmp->parameter->value.sequence->length;
-        kekalg = d2i_X509_ALGOR(NULL, &p, plen);
-    }
+    kekalg = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR),
+                                       algtmp->parameter);
+
     if (kekalg == NULL) {
         CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
                CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
@@ -393,7 +391,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 
         key = OPENSSL_malloc(keylen);
 
-        if (!key)
+        if (key == NULL)
             goto err;
 
         if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, &kekctx))
@@ -403,7 +401,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
     } else {
         key = OPENSSL_malloc(pwri->encryptedKey->length);
 
-        if (!key) {
+        if (key == NULL) {
             CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE);
             goto err;
         }
@@ -425,7 +423,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 
     EVP_CIPHER_CTX_cleanup(&kekctx);
 
-    if (!r && key)
+    if (!r)
         OPENSSL_free(key);
     X509_ALGOR_free(kekalg);