RT3246: req command prints version number wrong

[oweals/openssl.git] / crypto / cms / cms_pwri.c

diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index 5fe7f494bdbb288f090eab2d6a50f67eadd252e7..28f8f261a6940b08e115a9b4a4bf53c0872bf8ea 100644 (file)
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -63,7 +63,7 @@
 #include "asn1_locl.h"
 
 int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, 
-                               unsigned char *pass, ssize_t passlen)
+                               unsigned char *pass, ossl_ssize_t passlen)
        {
        CMS_PasswordRecipientInfo *pwri;
        if (ri->type != CMS_RECIPINFO_PASS)
@@ -82,7 +82,8 @@ int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
 
 CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
                                        int iter, int wrap_nid, int pbe_nid,
-                                       unsigned char *pass, ssize_t passlen,
+                                       unsigned char *pass,
+                                       ossl_ssize_t passlen,
                                        const EVP_CIPHER *kekciph)
        {
        CMS_RecipientInfo *ri = NULL;
@@ -92,9 +93,10 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
        X509_ALGOR *encalg = NULL;
        unsigned char iv[EVP_MAX_IV_LENGTH];
        int ivlen;
+
        env = cms_get0_enveloped(cms);
        if (!env)
-               goto err;
+               return NULL;
 
        if (wrap_nid <= 0)
                wrap_nid = NID_id_alg_PWRI_KEK;
@@ -238,21 +240,22 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
                }
        tmp = OPENSSL_malloc(inlen);
        /* setup IV by decrypting last two blocks */
-       EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
-                               in  + inlen - 2 * blocklen, blocklen * 2);
+       if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
+                              in  + inlen - 2 * blocklen, blocklen * 2)
        /* Do a decrypt of last decrypted block to set IV to correct value
         * output it to start of buffer so we don't corrupt decrypted block
         * this works because buffer is at least two block lengths long.
         */
-       EVP_DecryptUpdate(ctx, tmp, &outl,
-                               tmp  + inlen - blocklen, blocklen);
+           || !EVP_DecryptUpdate(ctx, tmp, &outl,
+                                 tmp  + inlen - blocklen, blocklen)
        /* Can now decrypt first n - 1 blocks */
-       EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen);
+           || !EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen)
 
        /* Reset IV to original value */
-       EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
+           || !EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL)
        /* Decrypt again */
-       EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen);
+           || !EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen))
+               goto err;
        /* Check check bytes */
        if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff)
                {
@@ -307,8 +310,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
                if (olen > inlen + 4)
                        RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen);
                /* Encrypt twice */
-               EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
-               EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
+               if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen)
+                   || !EVP_EncryptUpdate(ctx, out, &dummy, out, olen))
+                       return 0;
                }
 
        *outlen = olen;