X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;ds=sidebyside;f=crypto%2Fevp%2Fevp_key.c;h=361ea69ab6d5fd685ca98dfb0f94de238988a9af;hb=fee8d86d7aa2b449141eb68840681358475d5e07;hp=dafa686f647a89e2217d2a5a3f58d62ac5eb0a13;hpb=78414a6a897db42c9bcf06aa21c705811ab33921;p=oweals%2Fopenssl.git diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index dafa686f64..361ea69ab6 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -58,23 +58,26 @@ #include #include "cryptlib.h" -#include "x509.h" -#include "objects.h" -#include "evp.h" +#include +#include +#include +#include /* should be init to zeros. */ static char prompt_string[80]; -void EVP_set_pw_prompt(prompt) -char *prompt; +void EVP_set_pw_prompt(const char *prompt) { if (prompt == NULL) prompt_string[0]='\0'; else + { strncpy(prompt_string,prompt,79); + prompt_string[79]='\0'; + } } -char *EVP_get_pw_prompt() +char *EVP_get_pw_prompt(void) { if (prompt_string[0] == '\0') return(NULL); @@ -82,30 +85,31 @@ char *EVP_get_pw_prompt() return(prompt_string); } -#ifdef NO_DES -int des_read_pw_string(char *buf,int len,char *prompt,int verify); -#endif - -int EVP_read_pw_string(buf,len,prompt,verify) -char *buf; -int len; -char *prompt; -int verify; +/* For historical reasons, the standard function for reading passwords is + * in the DES library -- if someone ever wants to disable DES, + * this function will fail */ +int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) { + int ret; + char buff[BUFSIZ]; + UI *ui; + if ((prompt == NULL) && (prompt_string[0] != '\0')) prompt=prompt_string; - return(des_read_pw_string(buf,len,prompt,verify)); + ui = UI_new(); + UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len); + if (verify) + UI_add_verify_string(ui,prompt,0, + buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf); + ret = UI_process(ui); + UI_free(ui); + OPENSSL_cleanse(buff,BUFSIZ); + return ret; } -int EVP_BytesToKey(type,md,salt,data,datal,count,key,iv) -EVP_CIPHER *type; -EVP_MD *md; -unsigned char *salt; -unsigned char *data; -int datal; -int count; -unsigned char *key; -unsigned char *iv; +int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + const unsigned char *salt, const unsigned char *data, int datal, + int count, unsigned char *key, unsigned char *iv) { EVP_MD_CTX c; unsigned char md_buf[EVP_MAX_MD_SIZE]; @@ -114,24 +118,28 @@ unsigned char *iv; nkey=type->key_len; niv=type->iv_len; + OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH); + OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH); if (data == NULL) return(nkey); + EVP_MD_CTX_init(&c); for (;;) { - EVP_DigestInit(&c,md); + if (!EVP_DigestInit_ex(&c,md, NULL)) + return 0; if (addmd++) EVP_DigestUpdate(&c,&(md_buf[0]),mds); EVP_DigestUpdate(&c,data,datal); if (salt != NULL) - EVP_DigestUpdate(&c,salt,8); - EVP_DigestFinal(&c,&(md_buf[0]),&mds); + EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN); + EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds); for (i=1; i<(unsigned int)count; i++) { - EVP_DigestInit(&c,md); + EVP_DigestInit_ex(&c,md, NULL); EVP_DigestUpdate(&c,&(md_buf[0]),mds); - EVP_DigestFinal(&c,&(md_buf[0]),&mds); + EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds); } i=0; if (nkey) @@ -160,8 +168,8 @@ unsigned char *iv; } if ((nkey == 0) && (niv == 0)) break; } - memset(&c,0,sizeof(c)); - memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE); + EVP_MD_CTX_cleanup(&c); + OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE); return(type->key_len); }