Looks good, but if you chase something like this, it's ok to send a
diff that kills all of them at once in the same file, like this. which
replaces everywhere the original author didn't know about sizeof(buf)
:)
-Bob
Index: n_pkey.c
===
RCS file: /cvs/src/lib/libssl/src/crypto/asn1/n_pkey.c,v
retrieving revision 1.15
diff -u -p -u -p -r1.15 n_pkey.c
--- n_pkey.c21 Apr 2014 11:37:41 - 1.15
+++ n_pkey.c23 Apr 2014 04:14:39 -
@@ -189,7 +189,7 @@ i2d_RSA_NET(const RSA *a, unsigned char
if (cb == NULL)
cb = EVP_read_pw_string;
- i = cb((char *)buf, 256, "Enter Private Key password:", 1);
+ i = cb((char *)buf, sizeof(buf), "Enter Private Key password:", 1);
if (i != 0) {
ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
goto err;
@@ -205,7 +205,7 @@ i2d_RSA_NET(const RSA *a, unsigned char
if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
goto err;
- OPENSSL_cleanse(buf, 256);
+ OPENSSL_cleanse(buf, sizeof(buf));
/* Encrypt private key in place */
zz = enckey->enckey->digest->data;
@@ -286,7 +286,7 @@ d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
- i=cb((char *)buf,256, "Enter Private Key password:",0);
+ i=cb((char *)buf, sizeof(buf), "Enter Private Key password:",0);
if (i != 0) {
ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ);
goto err;
@@ -302,7 +302,7 @@ d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING
if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
goto err;
- OPENSSL_cleanse(buf, 256);
+ OPENSSL_cleanse(buf, sizeof(buf));
if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
goto err;
