Fix to PKCS#12 code to use the cipher block length when allocating a buffer
authorDr. Stephen Henson <steve@openssl.org>
Fri, 30 Jul 1999 10:11:21 +0000 (10:11 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 30 Jul 1999 10:11:21 +0000 (10:11 +0000)
for encrypted data, rather than hard coding '8'.

crypto/pkcs12/p12_decr.c

index 8f502fa..d3d288e 100644 (file)
@@ -76,17 +76,18 @@ unsigned char * PKCS12_pbe_crypt (X509_ALGOR *algor, const char *pass,
        int outlen, i;
        EVP_CIPHER_CTX ctx;
 
-       if(!(out = Malloc (inlen + 8))) {
-               PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);
-               return NULL;
-       }
-
        /* Decrypt data */
         if (!EVP_PBE_CipherInit (algor->algorithm, pass, passlen,
                                         algor->parameter, &ctx, en_de)) {
                PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
                return NULL;
        }
+
+       if(!(out = Malloc (inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
+               PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);
+               return NULL;
+       }
+
        EVP_CipherUpdate (&ctx, out, &i, in, inlen);
        outlen = i;
        if(!EVP_CipherFinal (&ctx, out + i, &i)) {