X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fevp%2Fevp_key.c;h=7961fbebf2e7245672776715d4f9628e5e823f82;hp=b766f73ec16eb43b3cba77d2660bb27ed7d3f2b9;hb=17c2764d2e6fc5a010ad3c12662068689ed2ad17;hpb=e778802f53c8d47e96a6e4cbc776eb6e1d4c461a diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index b766f73ec1..7961fbebf2 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -58,23 +58,26 @@ #include #include "cryptlib.h" -#include "x509.h" -#include "objects.h" -#include "evp.h" +#include +#include +#include +#include /* should be init to zeros. */ static char prompt_string[80]; -void EVP_set_pw_prompt(prompt) -char *prompt; +void EVP_set_pw_prompt(const char *prompt) { if (prompt == NULL) prompt_string[0]='\0'; else + { strncpy(prompt_string,prompt,79); + prompt_string[79]='\0'; + } } -char *EVP_get_pw_prompt() +char *EVP_get_pw_prompt(void) { if (prompt_string[0] == '\0') return(NULL); @@ -82,56 +85,73 @@ char *EVP_get_pw_prompt() return(prompt_string); } -#ifdef NO_DES -int des_read_pw_string(char *buf,int len,char *prompt,int verify); -#endif +/* For historical reasons, the standard function for reading passwords is + * in the DES library -- if someone ever wants to disable DES, + * this function will fail */ +int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) + { + return EVP_read_pw_string_min(buf, 0, len, prompt, verify); + } -int EVP_read_pw_string(buf,len,prompt,verify) -char *buf; -int len; -const char *prompt; -int verify; +int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int verify) { + int ret; + char buff[BUFSIZ]; + UI *ui; + if ((prompt == NULL) && (prompt_string[0] != '\0')) prompt=prompt_string; - return(des_read_pw_string(buf,len,prompt,verify)); + ui = UI_new(); + UI_add_input_string(ui,prompt,0,buf,min,(len>=BUFSIZ)?BUFSIZ-1:len); + if (verify) + UI_add_verify_string(ui,prompt,0, + buff,min,(len>=BUFSIZ)?BUFSIZ-1:len,buf); + ret = UI_process(ui); + UI_free(ui); + OPENSSL_cleanse(buff,BUFSIZ); + return ret; } -int EVP_BytesToKey(type,md,salt,data,datal,count,key,iv) -const EVP_CIPHER *type; -EVP_MD *md; -unsigned char *salt; -unsigned char *data; -int datal; -int count; -unsigned char *key; -unsigned char *iv; +int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + const unsigned char *salt, const unsigned char *data, int datal, + int count, unsigned char *key, unsigned char *iv) { EVP_MD_CTX c; unsigned char md_buf[EVP_MAX_MD_SIZE]; int niv,nkey,addmd=0; unsigned int mds=0,i; - + int rv = 0; nkey=type->key_len; niv=type->iv_len; + OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH); + OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH); if (data == NULL) return(nkey); + EVP_MD_CTX_init(&c); for (;;) { - EVP_DigestInit(&c,md); + if (!EVP_DigestInit_ex(&c,md, NULL)) + return 0; if (addmd++) - EVP_DigestUpdate(&c,&(md_buf[0]),mds); - EVP_DigestUpdate(&c,data,datal); + if (!EVP_DigestUpdate(&c,&(md_buf[0]),mds)) + goto err; + if (!EVP_DigestUpdate(&c,data,datal)) + goto err; if (salt != NULL) - EVP_DigestUpdate(&c,salt,8); - EVP_DigestFinal(&c,&(md_buf[0]),&mds); + if (!EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN)) + goto err; + if (!EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds)) + goto err; for (i=1; i<(unsigned int)count; i++) { - EVP_DigestInit(&c,md); - EVP_DigestUpdate(&c,&(md_buf[0]),mds); - EVP_DigestFinal(&c,&(md_buf[0]),&mds); + if (!EVP_DigestInit_ex(&c,md, NULL)) + goto err; + if (!EVP_DigestUpdate(&c,&(md_buf[0]),mds)) + goto err; + if (!EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds)) + goto err; } i=0; if (nkey) @@ -160,8 +180,10 @@ unsigned char *iv; } if ((nkey == 0) && (niv == 0)) break; } - memset(&c,0,sizeof(c)); - memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE); - return(type->key_len); + rv = type->key_len; + err: + EVP_MD_CTX_cleanup(&c); + OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE); + return rv; }