Fix for d2i_ASN1_bytes and stop PKCS#7 routines crashing is signed message

[oweals/openssl.git] / crypto / asn1 / p5_pbev2.c

diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
index 51e587e9231d25ac338fc704b334c8bf93c67ac0..09f4bf61121b2a0a9c064c59ccf8ac57ea68b338 100644 (file)
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 #include <openssl/rand.h>
 
 /* PKCS#5 v2.0 password based encryption structures */
@@ -153,7 +154,7 @@ PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, unsigned char **pp,
 void PBKDF2PARAM_free (PBKDF2PARAM *a)
 {
        if(a==NULL) return;
-       ASN1_OCTET_STRING_free(a->salt);
+       ASN1_TYPE_free(a->salt);
        ASN1_INTEGER_free(a->iter);
        ASN1_INTEGER_free(a->keylength);
        X509_ALGOR_free(a->prf);
@@ -164,8 +165,8 @@ void PBKDF2PARAM_free (PBKDF2PARAM *a)
  * yes I know this is horrible!
  */
 
-X509_ALGOR *PKCS5_pbe2_set(EVP_CIPHER *cipher, int iter, unsigned char *salt,
-            int saltlen)
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+                                unsigned char *salt, int saltlen)
 {
        X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
        int alg_nid;
@@ -206,6 +207,7 @@ X509_ALGOR *PKCS5_pbe2_set(EVP_CIPHER *cipher, int iter, unsigned char *salt,
        if (salt) memcpy (osalt->data, salt, saltlen);
        else RAND_bytes (osalt->data, saltlen);
 
+       if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
        if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
 
        /* Now include salt in kdf structure */