#include <openssl/engine.h>
#endif
-const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT;
+const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT;
#define MIN_LENGTH 4
for (;;)
{
- i=EVP_read_pw_string(buf,num,prompt,w);
+ i=EVP_read_pw_string_min(buf,MIN_LENGTH,num,prompt,w);
if (i != 0)
{
PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
}
return 0;
}
+ /* If reading DH parameters handle X9.42 DH format too */
+ if(!strcmp(nm,PEM_STRING_DHXPARAMS) &&
+ !strcmp(name,PEM_STRING_DHPARAMS)) return 1;
/* Permit older strings */
if(!strcmp(nm, PEM_STRING_X509) &&
!strcmp(name, PEM_STRING_PKCS7)) return 1;
+ if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) &&
+ !strcmp(name, PEM_STRING_PKCS7)) return 1;
+
+#ifndef OPENSSL_NO_CMS
+ if(!strcmp(nm, PEM_STRING_X509) &&
+ !strcmp(name, PEM_STRING_CMS)) return 1;
+ /* Allow CMS to be read from PKCS#7 headers */
+ if(!strcmp(nm, PEM_STRING_PKCS7) &&
+ !strcmp(name, PEM_STRING_CMS)) return 1;
+#endif
+
return 0;
}
#ifndef OPENSSL_NO_FP_API
int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
- char *x, const EVP_CIPHER *enc, unsigned char *kstr,
+ void *x, const EVP_CIPHER *enc, unsigned char *kstr,
int klen, pem_password_cb *callback, void *u)
{
BIO *b;
#endif
int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
- char *x, const EVP_CIPHER *enc, unsigned char *kstr,
+ void *x, const EVP_CIPHER *enc, unsigned char *kstr,
int klen, pem_password_cb *callback, void *u)
{
EVP_CIPHER_CTX ctx;
goto err;
/* The 'iv' is used as the iv and as a salt. It is
* NOT taken from the BytesToKey function */
- EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
+ if (!EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL))
+ goto err;
if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
/* k=strlen(buf); */
EVP_CIPHER_CTX_init(&ctx);
- EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
- EVP_EncryptUpdate(&ctx,data,&j,data,i);
- EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
+ ret = 1;
+ if (!EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv)
+ || !EVP_EncryptUpdate(&ctx,data,&j,data,i)
+ || !EVP_EncryptFinal_ex(&ctx,&(data[j]),&i))
+ ret = 0;
EVP_CIPHER_CTX_cleanup(&ctx);
+ if (ret == 0)
+ goto err;
i+=j;
- ret=1;
}
else
{
ebcdic2ascii(buf, buf, klen);
#endif
- EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
- (unsigned char *)buf,klen,1,key,NULL);
+ if (!EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
+ (unsigned char *)buf,klen,1,key,NULL))
+ return 0;
j=(int)len;
EVP_CIPHER_CTX_init(&ctx);
- EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
- EVP_DecryptUpdate(&ctx,data,&i,data,j);
- o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
+ o = EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
+ if (o)
+ o = EVP_DecryptUpdate(&ctx,data,&i,data,j);
+ if (o)
+ o = EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
EVP_CIPHER_CTX_cleanup(&ctx);
OPENSSL_cleanse((char *)buf,sizeof(buf));
OPENSSL_cleanse((char *)key,sizeof(key));
int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
{
- int o;
const EVP_CIPHER *enc=NULL;
char *p,c;
char **header_pp = &header;
header++;
}
*header='\0';
- o=OBJ_sn2nid(p);
cipher->cipher=enc=EVP_get_cipherbyname(p);
*header=c;
header++;
}
#ifndef OPENSSL_NO_FP_API
-int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
- long len)
+int PEM_write(FILE *fp, const char *name, const char *header,
+ const unsigned char *data, long len)
{
BIO *b;
int ret;
}
#endif
-int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
- long len)
+int PEM_write_bio(BIO *bp, const char *name, const char *header,
+ const unsigned char *data, long len)
{
int nlen,n,i,j,outl;
unsigned char *buf = NULL;
}
EVP_EncodeFinal(&ctx,buf,&outl);
if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
+ OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
OPENSSL_free(buf);
buf = NULL;
if ( (BIO_write(bp,"-----END ",9) != 9) ||
goto err;
return(i+outl);
err:
- if (buf)
+ if (buf) {
+ OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
OPENSSL_free(buf);
+ }
PEMerr(PEM_F_PEM_WRITE_BIO,reason);
return(0);
}
projects / openssl.git / blobdiff