Discussion:
[openssl.org #3462] PATCH: fix return code on bad parameter in EVP_BytesToKey
noloader@gmail.com via RT
2014-07-19 07:13:58 UTC
Permalink
EVP_BytesToKey is supposed to return 0 on failure; and the number of
bytes derived on success.

The initial test for the 'data' parameter crossed its wires.

*****

$ git diff crypto/evp/evp_key.c
diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c
index 7961fbe..c94de05 100644
--- a/crypto/evp/evp_key.c
+++ b/crypto/evp/evp_key.c
@@ -126,7 +126,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);

- if (data == NULL) return(nkey);
+ if (data == NULL) return(0);

EVP_MD_CTX_init(&c);
for (;;)
Rich Salz via RT
2014-10-03 14:40:45 UTC
Permalink
OpenSSL_1_0_2-stable 20d1c81 RT3462: Document actions when data==NULL

master 5aed169 RT3462: Document actions when data==NULL


Author: Rich Salz <***@openssl.org>
Date: Mon Sep 8 11:48:34 2014 -0400

RT3462: Document actions when data==NULL

If data is NULL, return the size needed to hold the
derived key. No other API to do this, so document
the behavior.

Reviewed-by: Richard Levitte <***@openssl.org>
;
--
Rich Salz, OpenSSL dev team; ***@openssl.org

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
Loading...