From 08dbdb85eeb860f5a74a7d04efc3ed56372d372a Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 30 Jul 1999 10:11:21 +0000
Subject: Fix to PKCS#12 code to use the cipher block length when allocating a
 buffer for encrypted data, rather than hard coding '8'.

---
 crypto/pkcs12/p12_decr.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'crypto/pkcs12')

diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c
index 8f502fae7f..d3d288e187 100644
--- a/crypto/pkcs12/p12_decr.c
+++ b/crypto/pkcs12/p12_decr.c
@@ -76,17 +76,18 @@ unsigned char * PKCS12_pbe_crypt (X509_ALGOR *algor, const char *pass,
 	int outlen, i;
 	EVP_CIPHER_CTX ctx;
 
-	if(!(out = Malloc (inlen + 8))) {
-		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-
 	/* Decrypt data */
         if (!EVP_PBE_CipherInit (algor->algorithm, pass, passlen,
 					 algor->parameter, &ctx, en_de)) {
 		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
 		return NULL;
 	}
+
+	if(!(out = Malloc (inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
+		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
 	EVP_CipherUpdate (&ctx, out, &i, in, inlen);
 	outlen = i;
 	if(!EVP_CipherFinal (&ctx, out + i, &i)) {
-- 
cgit v1.2.1