Add functions to allow setting and adding external EVP_PKEY_METHOD.

[openssl.git] / crypto / evp / p5_crpt2.c

diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index 7485d6a278cd67780204e93f8add42b863ad2c29..f11cb701a40d6144583cfc51de50b5dd461b6d6f 100644 (file)
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -55,10 +55,10 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
-#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
 #include <stdio.h>
 #include <stdlib.h>
 #include "cryptlib.h"
+#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
 #include <openssl/x509.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
@@ -77,7 +77,7 @@
  */
 
 int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
-                          unsigned char *salt, int saltlen, int iter,
+                          const unsigned char *salt, int saltlen, int iter,
                           int keylen, unsigned char *out)
 {
        unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4];
@@ -148,16 +148,23 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                          ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md,
                          int en_de)
 {
-       unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH];
-       int saltlen, keylen, iter, plen;
+       unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
+       const unsigned char *pbuf;
+       int saltlen, iter, plen;
+       unsigned int keylen;
        PBE2PARAM *pbe2 = NULL;
        const EVP_CIPHER *cipher;
        PBKDF2PARAM *kdf = NULL;
 
+       if (param == NULL || param->type != V_ASN1_SEQUENCE ||
+           param->value.sequence == NULL) {
+               EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+               return 0;
+       }
+
        pbuf = param->value.sequence->data;
        plen = param->value.sequence->length;
-       if(!param || (param->type != V_ASN1_SEQUENCE) ||
-                                  !(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
+       if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
                return 0;
        }
@@ -190,6 +197,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                goto err;
        }
        keylen = EVP_CIPHER_CTX_key_length(ctx);
+       OPENSSL_assert(keylen <= sizeof key);
 
        /* Now decode key derivation function */
 
@@ -207,7 +215,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 
        /* Now check the parameters of the kdf */
 
-       if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != keylen)){
+       if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){
                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
                                                EVP_R_UNSUPPORTED_KEYLENGTH);
                goto err;
@@ -230,7 +238,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        iter = ASN1_INTEGER_get(kdf->iter);
        PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
        EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
-       memset(key, 0, keylen);
+       OPENSSL_cleanse(key, keylen);
        PBKDF2PARAM_free(kdf);
        return 1;