Make PKCS#12 code handle missing passwords.

[openssl.git] / crypto / pkcs12 / p12_key.c

diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c
index b59ac2b2d16325bcd13d78efc12b7e2887971354..743b5bd88df7ea7582883ff2315c56b1ac013c88 100644 (file)
--- a/crypto/pkcs12/p12_key.c
+++ b/crypto/pkcs12/p12_key.c
@@ -58,13 +58,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
 
 #include <stdio.h>
 #include "cryptlib.h"

-#include "pkcs12.h"
+#include <openssl/pkcs12.h>

 
 
 /* Uncomment out this line to get debugging info about key generation */
 /*#define DEBUG_KEYGEN*/
 #ifdef DEBUG_KEYGEN
 
 
 /* Uncomment out this line to get debugging info about key generation */
 /*#define DEBUG_KEYGEN*/
 #ifdef DEBUG_KEYGEN

-#include <bio.h>
+#include <openssl/bio.h>

 extern BIO *bio_err;
 void h__dump (unsigned char *p, int len);
 #endif
 extern BIO *bio_err;
 void h__dump (unsigned char *p, int len);
 #endif


@@ -74,25 +74,30 @@ void h__dump (unsigned char *p, int len);
 #define min(a,b) ((a) < (b) ? (a) : (b))
 #endif
 
 #define min(a,b) ((a) < (b) ? (a) : (b))
 #endif
 

-int PKCS12_key_gen_asc (const char *pass, int passlen, unsigned char *salt,
+int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,

             int saltlen, int id, int iter, int n, unsigned char *out,
             const EVP_MD *md_type)
 {
        int ret;
        unsigned char *unipass;
        int uniplen;
             int saltlen, int id, int iter, int n, unsigned char *out,
             const EVP_MD *md_type)
 {
        int ret;
        unsigned char *unipass;
        int uniplen;

-       if (!asc2uni (pass, &unipass, &uniplen)) {
+       if(!pass) {
+               unipass = NULL;
+               uniplen = 0;
+       } else if (!asc2uni(pass, &unipass, &uniplen)) {

                PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
                return 0;
        }
                PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
                return 0;
        }

-       ret = PKCS12_key_gen_uni (unipass, uniplen, salt, saltlen,
+       ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,

                                                 id, iter, n, out, md_type);
                                                 id, iter, n, out, md_type);

-       memset(unipass, 0, uniplen);    /* Clear password from memory */
-       Free(unipass);
+       if(unipass) {
+               memset(unipass, 0, uniplen);    /* Clear password from memory */
+               Free(unipass);
+       }

        return ret;
 }
 
        return ret;
 }
 

-int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,

             int saltlen, int id, int iter, int n, unsigned char *out,
             const EVP_MD *md_type)
 {
             int saltlen, int id, int iter, int n, unsigned char *out,
             const EVP_MD *md_type)
 {


@@ -104,13 +109,22 @@ int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
 #ifdef  DEBUG_KEYGEN
        unsigned char *tmpout = out;
        int tmpn = n;
 #ifdef  DEBUG_KEYGEN
        unsigned char *tmpout = out;
        int tmpn = n;

-       BIO_printf (bio_err, "KEYGEN DEBUG\n");
-       BIO_printf (bio_err, "ID %d, ITER %d\n", id, iter);
-       BIO_printf (bio_err, "Password (length %d):\n", passlen);
-       h__dump (pass, passlen);
-       BIO_printf (bio_err, "Salt (length %d):\n", saltlen);
-       h__dump (salt, saltlen);
-       BIO_printf (bio_err, "ID %d, ITER %d\n\n", id, iter);
+#endif
+
+#if 0
+       if (!pass) {
+               PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+       }
+#endif
+
+#ifdef  DEBUG_KEYGEN
+       fprintf(stderr, "KEYGEN DEBUG\n");
+       fprintf(stderr, "ID %d, ITER %d\n", id, iter);
+       fprintf(stderr, "Password (length %d):\n", passlen);
+       h__dump(pass, passlen);
+       fprintf(stderr, "Salt (length %d):\n", saltlen);
+       h__dump(salt, saltlen);

 #endif
        v = EVP_MD_block_size (md_type);
        u = EVP_MD_size (md_type);
 #endif
        v = EVP_MD_block_size (md_type);
        u = EVP_MD_size (md_type);


@@ -118,7 +132,8 @@ int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
        Ai = Malloc (u);
        B = Malloc (v + 1);
        Slen = v * ((saltlen+v-1)/v);
        Ai = Malloc (u);
        B = Malloc (v + 1);
        Slen = v * ((saltlen+v-1)/v);

-       Plen = v * ((passlen+v-1)/v);
+       if(passlen) Plen = v * ((passlen+v-1)/v);
+       else Plen = 0;

        Ilen = Slen + Plen;
        I = Malloc (Ilen);
        Ij = BN_new();
        Ilen = Slen + Plen;
        I = Malloc (Ilen);
        Ij = BN_new();


@@ -150,8 +165,8 @@ int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
                        BN_free (Ij);
                        BN_free (Bpl1);
 #ifdef DEBUG_KEYGEN
                        BN_free (Ij);
                        BN_free (Bpl1);
 #ifdef DEBUG_KEYGEN

-                       BIO_printf (bio_err, "Output KEY (length %d)\n", tmpn);
-                       h__dump (tmpout, tmpn);
+                       fprintf(stderr, "Output KEY (length %d)\n", tmpn);
+                       h__dump(tmpout, tmpn);

 #endif
                        return 1;       
                }
 #endif
                        return 1;       
                }


@@ -172,12 +187,11 @@ int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
                        } else BN_bn2bin (Ij, I + j);
                }
        }
                        } else BN_bn2bin (Ij, I + j);
                }
        }

-       return 0; /* This can't happen */

 }
 #ifdef DEBUG_KEYGEN
 void h__dump (unsigned char *p, int len)
 {
 }
 #ifdef DEBUG_KEYGEN
 void h__dump (unsigned char *p, int len)
 {

-       for (; len --; p++) BIO_printf (bio_err, "%02X", *p);
-       BIO_printf (bio_err, "\n");     
+       for (; len --; p++) fprintf(stderr, "%02X", *p);
+       fprintf(stderr, "\n");  

 }
 #endif
 }
 #endif