1.18 would introduce a possible out-of-bounds access in the error path;

Coverity CID 105346
ok doug@

1 files changed, 5 insertions, 7 deletions

diff --git a/lib/libssl/src/crypto/evp/p5_crpt2.c b/lib/libssl/src/crypto/evp/p5_crpt2.c
index 6fc88a0437a..afafb9551f8 100644
--- a/lib/libssl/src/crypto/evp/p5_crpt2.c
+++ b/lib/libssl/src/crypto/evp/p5_crpt2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p5_crpt2.c,v 1.19 2015/02/14 15:45:21 miod Exp $ */
+/* $OpenBSD: p5_crpt2.c,v 1.20 2015/02/14 15:49:51 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -236,19 +236,19 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 
 	if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
 		EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_NO_CIPHER_SET);
-		goto err;
+		return 0;
 	}
 	keylen = EVP_CIPHER_CTX_key_length(ctx);
 	if (keylen > sizeof key) {
 		EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_BAD_KEY_LENGTH);
-		goto err;
+		return 0;
 	}
 
 	/* Decode parameter */
 
 	if (!param || (param->type != V_ASN1_SEQUENCE)) {
 		EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR);
-		goto err;
+		return 0;
 	}
 
 	pbuf = param->value.sequence->data;
@@ -256,11 +256,9 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 
 	if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
 		EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR);
-		goto err;
+		return 0;
 	}
 
-	keylen = EVP_CIPHER_CTX_key_length(ctx);
-
 	/* Now check the parameters of the kdf */
 
 	if (kdf->keylength &&