CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2025/12/07 02:27:02
Modified files:
lib/libcrypto/asn1: p5_pbe.c
Log message:
Remove last internal use of ASN1_STRING_data()
PKCS5_pbe_set0_algor() is no longer public, but its parameters are
provided directly via public API, namely the wonderful PKCS8_encrypt()
and PKCS12_pack_p7encdata().
Muppetry abounds. To wit:
If saltlen < 0, the call to ASN1_STRING_set(pbe->salt, NULL, saltlen)
would error. Let's do that up front in a more obvious way. We don't
care about side-effects to pbe->salt since we free it on error anyway.
If saltlen == 0, we default it to PKCS5_PBE1_SALT_LEN. This is
particularly funky in case the caller passed in salt != NULL, in
which case we can only hope and pray this buffer is long enough.
If the caller passed a salt, copy it to pbe->salt via ASN1_STRING_set().
If there's no salt, allocate a buffer of the appropriate length, fill it
with random and transfer ownership to pbe->salt via ASN1_STRING_set0().
There's a change of behavior in that this will not be NUL-terminated
(why should it be?). If we wanted to preserve behavior, we'd just use
calloc(1, saltlen + 1) instead of the malloc().
The exit path is quite special, too, but I didn't want to change this
right now.
tweaks/ok kenjiro
