#include <stdio.h>
#include "cryptlib.h"
-#include "x509.h"
-#include "objects.h"
-#include "evp.h"
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/ui.h>
/* should be init to zeros. */
static char prompt_string[80];
-void EVP_set_pw_prompt(prompt)
-char *prompt;
+void EVP_set_pw_prompt(const char *prompt)
{
if (prompt == NULL)
prompt_string[0]='\0';
else
+ {
strncpy(prompt_string,prompt,79);
+ prompt_string[79]='\0';
+ }
}
-char *EVP_get_pw_prompt()
+char *EVP_get_pw_prompt(void)
{
if (prompt_string[0] == '\0')
return(NULL);
return(prompt_string);
}
-#ifdef NO_DES
-int des_read_pw_string(char *buf,int len,char *prompt,int verify);
-#endif
+/* For historical reasons, the standard function for reading passwords is
+ * in the DES library -- if someone ever wants to disable DES,
+ * this function will fail */
+int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
+ {
+ return EVP_read_pw_string_min(buf, 0, len, prompt, verify);
+ }
-int EVP_read_pw_string(buf,len,prompt,verify)
-char *buf;
-int len;
-const char *prompt;
-int verify;
+int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int verify)
{
+ int ret;
+ char buff[BUFSIZ];
+ UI *ui;
+
if ((prompt == NULL) && (prompt_string[0] != '\0'))
prompt=prompt_string;
- return(des_read_pw_string(buf,len,prompt,verify));
+ ui = UI_new();
+ UI_add_input_string(ui,prompt,0,buf,min,(len>=BUFSIZ)?BUFSIZ-1:len);
+ if (verify)
+ UI_add_verify_string(ui,prompt,0,
+ buff,min,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
+ ret = UI_process(ui);
+ UI_free(ui);
+ OPENSSL_cleanse(buff,BUFSIZ);
+ return ret;
}
-int EVP_BytesToKey(type,md,salt,data,datal,count,key,iv)
-const EVP_CIPHER *type;
-EVP_MD *md;
-unsigned char *salt;
-unsigned char *data;
-int datal;
-int count;
-unsigned char *key;
-unsigned char *iv;
+int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+ const unsigned char *salt, const unsigned char *data, int datal,
+ int count, unsigned char *key, unsigned char *iv)
{
EVP_MD_CTX c;
unsigned char md_buf[EVP_MAX_MD_SIZE];
int niv,nkey,addmd=0;
unsigned int mds=0,i;
-
+ int rv = 0;
nkey=type->key_len;
niv=type->iv_len;
+ OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
+ OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
if (data == NULL) return(nkey);
+ EVP_MD_CTX_init(&c);
for (;;)
{
- EVP_DigestInit(&c,md);
+ if (!EVP_DigestInit_ex(&c,md, NULL))
+ return 0;
if (addmd++)
- EVP_DigestUpdate(&c,&(md_buf[0]),mds);
- EVP_DigestUpdate(&c,data,datal);
+ if (!EVP_DigestUpdate(&c,&(md_buf[0]),mds))
+ goto err;
+ if (!EVP_DigestUpdate(&c,data,datal))
+ goto err;
if (salt != NULL)
- EVP_DigestUpdate(&c,salt,8);
- EVP_DigestFinal(&c,&(md_buf[0]),&mds);
+ if (!EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN))
+ goto err;
+ if (!EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds))
+ goto err;
for (i=1; i<(unsigned int)count; i++)
{
- EVP_DigestInit(&c,md);
- EVP_DigestUpdate(&c,&(md_buf[0]),mds);
- EVP_DigestFinal(&c,&(md_buf[0]),&mds);
+ if (!EVP_DigestInit_ex(&c,md, NULL))
+ goto err;
+ if (!EVP_DigestUpdate(&c,&(md_buf[0]),mds))
+ goto err;
+ if (!EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds))
+ goto err;
}
i=0;
if (nkey)
}
if ((nkey == 0) && (niv == 0)) break;
}
- memset(&c,0,sizeof(c));
- memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
- return(type->key_len);
+ rv = type->key_len;
+ err:
+ EVP_MD_CTX_cleanup(&c);
+ OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
+ return rv;
}