X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fpkcs12%2Fp12_crpt.c;h=f8b952e27eedb8c7ff711c4aa149b8984e7c2ee7;hb=efaa569c3b0e131cc760138f3c4bc27972a21dc1;hp=cb65c4200079b2263369d027df2b7e6e1a8c4982;hpb=69cbf468119d6a85289e4720d609c38d4329de23;p=oweals%2Fopenssl.git

diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c
index cb65c42000..f8b952e27e 100644
--- a/crypto/pkcs12/p12_crpt.c
+++ b/crypto/pkcs12/p12_crpt.c
@@ -1,5 +1,5 @@
 /* p12_crpt.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
 /* ====================================================================
@@ -64,17 +64,19 @@
 
 void PKCS12_PBE_add(void)
 {
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(),
 							 PKCS12_PBE_keyivgen);
 EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),
 							 PKCS12_PBE_keyivgen);
 #endif
+#ifndef OPENSSL_NO_DES
 EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
 		 	EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
 EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 
 			EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
-#ifndef NO_RC2
+#endif
+#ifndef OPENSSL_NO_RC2
 EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),
 					EVP_sha1(), PKCS12_PBE_keyivgen);
 EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
@@ -82,19 +84,25 @@ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
 #endif
 }
 
-int PKCS12_PBE_keyivgen (const char *pass, int passlen, ASN1_TYPE *param,
-	     EVP_CIPHER *cipher, EVP_MD *md,
-	     unsigned char *key, unsigned char *iv)
+int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+		ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
 {
 	PBEPARAM *pbe;
-	int saltlen, iter;
-	unsigned char *salt, *pbuf;
+	int saltlen, iter, ret;
+	unsigned char *salt;
+	const unsigned char *pbuf;
+	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
 
 	/* Extract useful info from parameter */
+	if (param == NULL || param->type != V_ASN1_SEQUENCE ||
+	    param->value.sequence == NULL) {
+		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);
+		return 0;
+	}
+
 	pbuf = param->value.sequence->data;
-	if (!(pbe = d2i_PBEPARAM (NULL, &pbuf,
-					param->value.sequence->length))) {
-		EVPerr(PKCS12_F_PKCS12_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+	if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
+		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);
 		return 0;
 	}
 
@@ -115,5 +123,8 @@ int PKCS12_PBE_keyivgen (const char *pass, int passlen, ASN1_TYPE *param,
 		return 0;
 	}
 	PBEPARAM_free(pbe);
-	return 1;
+	ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
+	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+	return ret;
 }