Enc doesn't support AEAD ciphers.

[openssl.git] / crypto / evp / evp_key.c

diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c
index 4271393069d7f1359ed96d389ce958f402bec80f..7961fbebf2e7245672776715d4f9628e5e823f82 100644 (file)
--- a/crypto/evp/evp_key.c
+++ b/crypto/evp/evp_key.c
@@ -66,7 +66,7 @@
 /* should be init to zeros. */
 static char prompt_string[80];
 
-void EVP_set_pw_prompt(char *prompt)
+void EVP_set_pw_prompt(const char *prompt)
        {
        if (prompt == NULL)
                prompt_string[0]='\0';
@@ -89,6 +89,11 @@ char *EVP_get_pw_prompt(void)
  * in the DES library -- if someone ever wants to disable DES,
  * this function will fail */
 int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
+       {
+       return EVP_read_pw_string_min(buf, 0, len, prompt, verify);
+       }
+
+int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int verify)
        {
        int ret;
        char buff[BUFSIZ];
@@ -97,13 +102,13 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
        if ((prompt == NULL) && (prompt_string[0] != '\0'))
                prompt=prompt_string;
        ui = UI_new();
-       UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len);
+       UI_add_input_string(ui,prompt,0,buf,min,(len>=BUFSIZ)?BUFSIZ-1:len);
        if (verify)
                UI_add_verify_string(ui,prompt,0,
-                       buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
+                       buff,min,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
        ret = UI_process(ui);
        UI_free(ui);
-       memset(buff,0,BUFSIZ);
+       OPENSSL_cleanse(buff,BUFSIZ);
        return ret;
        }
 
@@ -115,28 +120,38 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
        unsigned char md_buf[EVP_MAX_MD_SIZE];
        int niv,nkey,addmd=0;
        unsigned int mds=0,i;
-
+       int rv = 0;
        nkey=type->key_len;
        niv=type->iv_len;
+       OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
+       OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
 
        if (data == NULL) return(nkey);
 
        EVP_MD_CTX_init(&c);
        for (;;)
                {
-               EVP_DigestInit_ex(&c,md, NULL);
+               if (!EVP_DigestInit_ex(&c,md, NULL))
+                       return 0;
                if (addmd++)
-                       EVP_DigestUpdate(&c,&(md_buf[0]),mds);
-               EVP_DigestUpdate(&c,data,datal);
+                       if (!EVP_DigestUpdate(&c,&(md_buf[0]),mds))
+                               goto err;
+               if (!EVP_DigestUpdate(&c,data,datal))
+                       goto err;
                if (salt != NULL)
-                       EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN);
-               EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
+                       if (!EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN))
+                               goto err;
+               if (!EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds))
+                       goto err;
 
                for (i=1; i<(unsigned int)count; i++)
                        {
-                       EVP_DigestInit_ex(&c,md, NULL);
-                       EVP_DigestUpdate(&c,&(md_buf[0]),mds);
-                       EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
+                       if (!EVP_DigestInit_ex(&c,md, NULL))
+                               goto err;
+                       if (!EVP_DigestUpdate(&c,&(md_buf[0]),mds))
+                               goto err;
+                       if (!EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds))
+                               goto err;
                        }
                i=0;
                if (nkey)
@@ -165,8 +180,10 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
                        }
                if ((nkey == 0) && (niv == 0)) break;
                }
+       rv = type->key_len;
+       err:
        EVP_MD_CTX_cleanup(&c);
-       memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
-       return(type->key_len);
+       OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
+       return rv;
        }