X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;ds=sidebyside;f=crypto%2Fevp%2Fevp_key.c;h=361ea69ab6d5fd685ca98dfb0f94de238988a9af;hb=fee8d86d7aa2b449141eb68840681358475d5e07;hp=517a21afad1f1cf60be5bb10aba88b77297b28c4;hpb=cf1b7d96647d55e533f779e476e3d4371f40445a;p=oweals%2Fopenssl.git

diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c
index 517a21afad..361ea69ab6 100644
--- a/crypto/evp/evp_key.c
+++ b/crypto/evp/evp_key.c
@@ -61,16 +61,20 @@
 #include <openssl/x509.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include <openssl/ui.h>
 
 /* should be init to zeros. */
 static char prompt_string[80];
 
-void EVP_set_pw_prompt(char *prompt)
+void EVP_set_pw_prompt(const char *prompt)
 	{
 	if (prompt == NULL)
 		prompt_string[0]='\0';
 	else
+		{
 		strncpy(prompt_string,prompt,79);
+		prompt_string[79]='\0';
+		}
 	}
 
 char *EVP_get_pw_prompt(void)
@@ -86,18 +90,26 @@ char *EVP_get_pw_prompt(void)
  * this function will fail */
 int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
 	{
-#ifndef OPENSSL_NO_DES
+	int ret;
+	char buff[BUFSIZ];
+	UI *ui;
+
 	if ((prompt == NULL) && (prompt_string[0] != '\0'))
 		prompt=prompt_string;
-	return(des_read_pw_string(buf,len,prompt,verify));
-#else
-	return -1;
-#endif
+	ui = UI_new();
+	UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len);
+	if (verify)
+		UI_add_verify_string(ui,prompt,0,
+			buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
+	ret = UI_process(ui);
+	UI_free(ui);
+	OPENSSL_cleanse(buff,BUFSIZ);
+	return ret;
 	}
 
-int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt,
-	     unsigned char *data, int datal, int count, unsigned char *key,
-	     unsigned char *iv)
+int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, 
+	     const unsigned char *salt, const unsigned char *data, int datal,
+	     int count, unsigned char *key, unsigned char *iv)
 	{
 	EVP_MD_CTX c;
 	unsigned char md_buf[EVP_MAX_MD_SIZE];
@@ -106,24 +118,28 @@ int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt,
 
 	nkey=type->key_len;
 	niv=type->iv_len;
+	OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
+	OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
 
 	if (data == NULL) return(nkey);
 
+	EVP_MD_CTX_init(&c);
 	for (;;)
 		{
-		EVP_DigestInit(&c,md);
+		if (!EVP_DigestInit_ex(&c,md, NULL))
+			return 0;
 		if (addmd++)
 			EVP_DigestUpdate(&c,&(md_buf[0]),mds);
 		EVP_DigestUpdate(&c,data,datal);
 		if (salt != NULL)
 			EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN);
-		EVP_DigestFinal(&c,&(md_buf[0]),&mds);
+		EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
 
 		for (i=1; i<(unsigned int)count; i++)
 			{
-			EVP_DigestInit(&c,md);
+			EVP_DigestInit_ex(&c,md, NULL);
 			EVP_DigestUpdate(&c,&(md_buf[0]),mds);
-			EVP_DigestFinal(&c,&(md_buf[0]),&mds);
+			EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
 			}
 		i=0;
 		if (nkey)
@@ -152,8 +168,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt,
 			}
 		if ((nkey == 0) && (niv == 0)) break;
 		}
-	memset(&c,0,sizeof(c));
-	memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
+	EVP_MD_CTX_cleanup(&c);
+	OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
 	return(type->key_len);
 	}