forked from wolfSSL/wolfssl
Fixed some OpenSSL compatibility issues in wolfSSL_EVP_BytesToKey
Fixed wrong error checks, changed return value to the size of the derived key, added support for the case where data == NULL and removed the assignment of constant value to info->ivSz (the correct value is assigned to it inside 'wc_EncryptedInfoGet')
This commit is contained in:
Victor Kolesnikov
30
src/ssl.c
30
src/ssl.c
@ -12247,21 +12247,31 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
XMEMSET(info, 0, sizeof(EncryptedInfo));
|
XMEMSET(info, 0, sizeof(EncryptedInfo));
|
||||||
info->ivSz = EVP_SALT_SIZE;
|
|
||||||
|
|
||||||
ret = wolfSSL_EVP_get_hashinfo(md, &hashType, NULL);
|
ret = wc_EncryptedInfoGet(info, type);
|
||||||
if (ret == 0)
|
if (ret < 0)
|
||||||
ret = wc_EncryptedInfoGet(info, type);
|
goto end;
|
||||||
if (ret == 0)
|
|
||||||
ret = wc_PBKDF1_ex(key, info->keySz, iv, info->ivSz, data, sz, salt,
|
|
||||||
EVP_SALT_SIZE, count, hashType, NULL);
|
|
||||||
|
|
||||||
|
if (data == NULL) {
|
||||||
|
ret = info->keySz;
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = wolfSSL_EVP_get_hashinfo(md, &hashType, NULL);
|
||||||
|
if (ret == WOLFSSL_FAILURE)
|
||||||
|
goto end;
|
||||||
|
|
||||||
|
ret = wc_PBKDF1_ex(key, info->keySz, iv, info->ivSz, data, sz, salt,
|
||||||
|
EVP_SALT_SIZE, count, hashType, NULL);
|
||||||
|
if (ret == 0)
|
||||||
|
ret = info->keySz;
|
||||||
|
|
||||||
|
end:
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
|
XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
|
||||||
#endif
|
#endif
|
||||||
|
if (ret < 0)
|
||||||
if (ret <= 0)
|
return 0; /* failure - for compatibility */
|
||||||
return 0; /* failure - for compatibility */
|
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user