projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
make update
[openssl.git]
/
crypto
/
evp
/
evp_key.c
diff --git
a/crypto/evp/evp_key.c
b/crypto/evp/evp_key.c
index dc103bd1d7ff2614de7584e3b1a1d3b58c247a7d..7961fbebf2e7245672776715d4f9628e5e823f82 100644
(file)
--- a/
crypto/evp/evp_key.c
+++ b/
crypto/evp/evp_key.c
@@
-66,7
+66,7
@@
/* should be init to zeros. */
static char prompt_string[80];
/* should be init to zeros. */
static char prompt_string[80];
-void EVP_set_pw_prompt(char *prompt)
+void EVP_set_pw_prompt(c
onst c
har *prompt)
{
if (prompt == NULL)
prompt_string[0]='\0';
{
if (prompt == NULL)
prompt_string[0]='\0';
@@
-89,6
+89,11
@@
char *EVP_get_pw_prompt(void)
* in the DES library -- if someone ever wants to disable DES,
* this function will fail */
int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
* in the DES library -- if someone ever wants to disable DES,
* this function will fail */
int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
+ {
+ return EVP_read_pw_string_min(buf, 0, len, prompt, verify);
+ }
+
+int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int verify)
{
int ret;
char buff[BUFSIZ];
{
int ret;
char buff[BUFSIZ];
@@
-97,13
+102,13
@@
int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
if ((prompt == NULL) && (prompt_string[0] != '\0'))
prompt=prompt_string;
ui = UI_new();
if ((prompt == NULL) && (prompt_string[0] != '\0'))
prompt=prompt_string;
ui = UI_new();
- UI_add_input_string(ui,prompt,0,buf,
0
,(len>=BUFSIZ)?BUFSIZ-1:len);
+ UI_add_input_string(ui,prompt,0,buf,
min
,(len>=BUFSIZ)?BUFSIZ-1:len);
if (verify)
UI_add_verify_string(ui,prompt,0,
if (verify)
UI_add_verify_string(ui,prompt,0,
- buff,
0
,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
+ buff,
min
,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
ret = UI_process(ui);
UI_free(ui);
ret = UI_process(ui);
UI_free(ui);
-
memset(buff,0
,BUFSIZ);
+
OPENSSL_cleanse(buff
,BUFSIZ);
return ret;
}
return ret;
}
@@
-115,7
+120,7
@@
int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
unsigned char md_buf[EVP_MAX_MD_SIZE];
int niv,nkey,addmd=0;
unsigned int mds=0,i;
unsigned char md_buf[EVP_MAX_MD_SIZE];
int niv,nkey,addmd=0;
unsigned int mds=0,i;
-
+ int rv = 0;
nkey=type->key_len;
niv=type->iv_len;
OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
nkey=type->key_len;
niv=type->iv_len;
OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
@@
-126,19
+131,27
@@
int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
EVP_MD_CTX_init(&c);
for (;;)
{
EVP_MD_CTX_init(&c);
for (;;)
{
- EVP_DigestInit_ex(&c,md, NULL);
+ if (!EVP_DigestInit_ex(&c,md, NULL))
+ return 0;
if (addmd++)
if (addmd++)
- EVP_DigestUpdate(&c,&(md_buf[0]),mds);
- EVP_DigestUpdate(&c,data,datal);
+ if (!EVP_DigestUpdate(&c,&(md_buf[0]),mds))
+ goto err;
+ if (!EVP_DigestUpdate(&c,data,datal))
+ goto err;
if (salt != NULL)
if (salt != NULL)
- EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN);
- EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
+ if (!EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN))
+ goto err;
+ if (!EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds))
+ goto err;
for (i=1; i<(unsigned int)count; i++)
{
for (i=1; i<(unsigned int)count; i++)
{
- EVP_DigestInit_ex(&c,md, NULL);
- EVP_DigestUpdate(&c,&(md_buf[0]),mds);
- EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
+ if (!EVP_DigestInit_ex(&c,md, NULL))
+ goto err;
+ if (!EVP_DigestUpdate(&c,&(md_buf[0]),mds))
+ goto err;
+ if (!EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds))
+ goto err;
}
i=0;
if (nkey)
}
i=0;
if (nkey)
@@
-167,8
+180,10
@@
int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
}
if ((nkey == 0) && (niv == 0)) break;
}
}
if ((nkey == 0) && (niv == 0)) break;
}
+ rv = type->key_len;
+ err:
EVP_MD_CTX_cleanup(&c);
EVP_MD_CTX_cleanup(&c);
-
memset(&(md_buf[0]),0
,EVP_MAX_MD_SIZE);
- return
(type->key_len)
;
+
OPENSSL_cleanse(&(md_buf[0])
,EVP_MAX_MD_SIZE);
+ return
rv
;
}
}