/*
- * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
* and PRIVATEKEYBLOB).
*/
+/*
+ * DSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include "internal/cryptlib.h"
#include <openssl/pem.h>
#include <openssl/rand.h>
if (!read_lebn(&p, 20, &priv_key))
goto memerr;
+ /* Set constant time flag before public key calculation */
+ BN_set_flags(priv_key, BN_FLG_CONSTTIME);
+
/* Calculate public key */
pub_key = BN_new();
if (pub_key == NULL)
static void write_rsa(unsigned char **out, RSA *rsa, int ispub);
static void write_dsa(unsigned char **out, DSA *dsa, int ispub);
-static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
+static int do_i2b(unsigned char **out, const EVP_PKEY *pk, int ispub)
{
unsigned char *p;
unsigned int bitlen, magic = 0, keyalg;
return outlen;
}
-static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
+static int do_i2b_bio(BIO *out, const EVP_PKEY *pk, int ispub)
{
unsigned char *tmp = NULL;
int outlen, wrlen;
return;
}
-int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk)
+int i2b_PrivateKey_bio(BIO *out, const EVP_PKEY *pk)
{
return do_i2b_bio(out, pk, 0);
}
-int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk)
+int i2b_PublicKey_bio(BIO *out, const EVP_PKEY *pk)
{
return do_i2b_bio(out, pk, 1);
}
{
const unsigned char *p = *in;
unsigned int pvk_magic, is_encrypted;
+
if (skip_magic) {
if (length < 20) {
PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
if (*pkeylen > PVK_MAX_KEYLEN || *psaltlen > PVK_MAX_SALTLEN)
return 0;
- if (is_encrypted && !*psaltlen) {
+ if (is_encrypted && *psaltlen == 0) {
PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
return 0;
}
const unsigned char *p = *in;
unsigned int magic;
unsigned char *enctmp = NULL, *q;
+ unsigned char keybuf[20];
EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
if (saltlen) {
char psbuf[PEM_BUFSIZE];
- unsigned char keybuf[20];
int enctmplen, inlen;
if (cb)
inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
else
inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
- if (inlen <= 0) {
+ if (inlen < 0) {
PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
goto err;
}
memset(keybuf + 5, 0, 11);
if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
goto err;
- OPENSSL_cleanse(keybuf, 20);
if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
goto err;
if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
goto err;
}
- } else
- OPENSSL_cleanse(keybuf, 20);
+ }
p = enctmp;
}
ret = b2i_PrivateKey(&p, keylen);
err:
EVP_CIPHER_CTX_free(cctx);
- OPENSSL_free(enctmp);
+ if (enctmp != NULL) {
+ OPENSSL_cleanse(keybuf, sizeof(keybuf));
+ OPENSSL_free(enctmp);
+ }
return ret;
}
return ret;
}
-static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
+static int i2b_PVK(unsigned char **out, const EVP_PKEY *pk, int enclevel,
pem_password_cb *cb, void *u)
{
int outlen = 24, pklen;
return -1;
}
-int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
+int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel,
pem_password_cb *cb, void *u)
{
unsigned char *tmp = NULL;
wrlen = BIO_write(out, tmp, outlen);
OPENSSL_free(tmp);
if (wrlen == outlen) {
- PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);
return outlen;
}
+ PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);
return -1;
}
projects / openssl.git / blobdiff