Constify d2i, s2i, c2i and r2i functions and other associated

[openssl.git] / crypto / evp / evp_key.c

diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c
index fd3a3d12a8ad0ac224ac471b4c13d728bf567ae2..0a27f496c9693837502c4490c67a5b5a6e7694f1 100644 (file)
--- a/crypto/evp/evp_key.c
+++ b/crypto/evp/evp_key.c
@@ -58,19 +58,23 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "x509.h"
-#include "objects.h"
-#include "evp.h"
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/ui.h>
 
 /* should be init to zeros. */
 static char prompt_string[80];
 
-void EVP_set_pw_prompt(char *prompt)
+void EVP_set_pw_prompt(const char *prompt)
        {
        if (prompt == NULL)
                prompt_string[0]='\0';
        else
+               {
                strncpy(prompt_string,prompt,79);
+               prompt_string[79]='\0';
+               }
        }
 
 char *EVP_get_pw_prompt(void)
@@ -81,20 +85,31 @@ char *EVP_get_pw_prompt(void)
                return(prompt_string);
        }
 
-#ifdef NO_DES
-int des_read_pw_string(char *buf,int len,char *prompt,int verify);
-#endif
-
+/* For historical reasons, the standard function for reading passwords is
+ * in the DES library -- if someone ever wants to disable DES,
+ * this function will fail */
 int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
        {
+       int ret;
+       char buff[BUFSIZ];
+       UI *ui;
+
        if ((prompt == NULL) && (prompt_string[0] != '\0'))
                prompt=prompt_string;
-       return(des_read_pw_string(buf,len,prompt,verify));
+       ui = UI_new();
+       UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len);
+       if (verify)
+               UI_add_verify_string(ui,prompt,0,
+                       buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
+       ret = UI_process(ui);
+       UI_free(ui);
+       OPENSSL_cleanse(buff,BUFSIZ);
+       return ret;
        }
 
-int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt,
-            unsigned char *data, int datal, int count, unsigned char *key,
-            unsigned char *iv)
+int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, 
+            const unsigned char *salt, const unsigned char *data, int datal,
+            int count, unsigned char *key, unsigned char *iv)
        {
        EVP_MD_CTX c;
        unsigned char md_buf[EVP_MAX_MD_SIZE];
@@ -103,24 +118,27 @@ int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt,
 
        nkey=type->key_len;
        niv=type->iv_len;
+       OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
+       OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
 
        if (data == NULL) return(nkey);
 
+       EVP_MD_CTX_init(&c);
        for (;;)
                {
-               EVP_DigestInit(&c,md);
+               EVP_DigestInit_ex(&c,md, NULL);
                if (addmd++)
                        EVP_DigestUpdate(&c,&(md_buf[0]),mds);
                EVP_DigestUpdate(&c,data,datal);
                if (salt != NULL)
-                       EVP_DigestUpdate(&c,salt,8);
-               EVP_DigestFinal(&c,&(md_buf[0]),&mds);
+                       EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN);
+               EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
 
                for (i=1; i<(unsigned int)count; i++)
                        {
-                       EVP_DigestInit(&c,md);
+                       EVP_DigestInit_ex(&c,md, NULL);
                        EVP_DigestUpdate(&c,&(md_buf[0]),mds);
-                       EVP_DigestFinal(&c,&(md_buf[0]),&mds);
+                       EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
                        }
                i=0;
                if (nkey)
@@ -149,8 +167,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt,
                        }
                if ((nkey == 0) && (niv == 0)) break;
                }
-       memset(&c,0,sizeof(c));
-       memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
+       EVP_MD_CTX_cleanup(&c);
+       OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
        return(type->key_len);
        }