X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fpem%2Fpem_lib.c;h=b5e0a650f8ded59bb8c06c06e46dc8b73d942a62;hp=449a1fe9849c9aaa2381f1880de784ad938b9c61;hb=d6f68fa3149102bc6778935c700af5c7b4044d7d;hpb=eb952088f0d5da59e569ae2aa33e9b96bc3b586d diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 449a1fe984..b5e0a650f8 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -85,7 +85,7 @@ static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder, char *kstr, int klen, pem_password_cb *cb, void *u); -static int def_callback(char *buf, int num, int w, void *userdata) +static int def_callback(char *buf, int num, int w, void *key) { #ifdef NO_FP_API /* We should not ever call the default callback routine from @@ -95,6 +95,12 @@ static int def_callback(char *buf, int num, int w, void *userdata) #else int i,j; const char *prompt; + if(key) { + i=strlen(key); + i=(i > num)?num:i; + memcpy(buf,key,i); + return(i); + } prompt=EVP_get_pw_prompt(); if (prompt == NULL) @@ -121,22 +127,6 @@ static int def_callback(char *buf, int num, int w, void *userdata) #endif } -/* This is a generic callback. If the user data is not NULL it is assumed - * to be a null terminated password. Otherwise the default password callback - * is called. - */ - - -int MS_CALLBACK PEM_cb(char *buf, int len, int verify, void *key) -{ - int i; - if (key == NULL) return def_callback(buf, len, verify, key); - i=strlen(key); - i=(i > len)?len:i; - memcpy(buf,key,i); - return(i); -} - void PEM_proc_type(char *buf, int type) { const char *str; @@ -227,6 +217,10 @@ static int check_pem(const char *nm, const char *name) if(!strcmp(nm,PEM_STRING_X509_OLD) && !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1; + /* Some CAs use PKCS#7 with CERTIFICATE headers */ + if(!strcmp(nm, PEM_STRING_X509) && + !strcmp(name, PEM_STRING_PKCS7)) return 1; + return 0; } @@ -379,7 +373,8 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, kstr=(unsigned char *)buf; } RAND_add(data,i,0);/* put in the RSA key. */ - RAND_bytes(iv,8); /* Generate a salt */ + if (RAND_pseudo_bytes(iv,8) < 0) /* Generate a salt */ + goto err; /* The 'iv' is used as the iv and as a salt. It is * NOT taken from the BytesToKey function */ EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);