summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp/p5_crpt2.c
diff options
context:
space:
mode:
authorbeck <>2017-01-29 17:49:23 +0000
committerbeck <>2017-01-29 17:49:23 +0000
commitd1f47bd292f36094480caa49ada36b99a69c59b0 (patch)
tree1a54abba678898ee5270ae4f3404a50ee9a92eea /src/lib/libcrypto/evp/p5_crpt2.c
parentf8c627888330b75c2eea8a3c27d0efe947a4f9da (diff)
downloadopenbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.tar.gz
openbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.tar.bz2
openbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.zip
Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
Diffstat (limited to 'src/lib/libcrypto/evp/p5_crpt2.c')
-rw-r--r--src/lib/libcrypto/evp/p5_crpt2.c36
1 files changed, 15 insertions, 21 deletions
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
index 44e8b331fb..4bef287706 100644
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p5_crpt2.c,v 1.22 2016/11/08 20:01:06 miod Exp $ */ 1/* $OpenBSD: p5_crpt2.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -175,22 +175,21 @@ PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
175 175
176 if (param == NULL || param->type != V_ASN1_SEQUENCE || 176 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
177 param->value.sequence == NULL) { 177 param->value.sequence == NULL) {
178 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); 178 EVPerror(EVP_R_DECODE_ERROR);
179 goto err; 179 goto err;
180 } 180 }
181 181
182 pbuf = param->value.sequence->data; 182 pbuf = param->value.sequence->data;
183 plen = param->value.sequence->length; 183 plen = param->value.sequence->length;
184 if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { 184 if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
185 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); 185 EVPerror(EVP_R_DECODE_ERROR);
186 goto err; 186 goto err;
187 } 187 }
188 188
189 /* See if we recognise the key derivation function */ 189 /* See if we recognise the key derivation function */
190 190
191 if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) { 191 if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
192 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, 192 EVPerror(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
193 EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
194 goto err; 193 goto err;
195 } 194 }
196 195
@@ -200,8 +199,7 @@ PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
200 cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm); 199 cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm);
201 200
202 if (!cipher) { 201 if (!cipher) {
203 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, 202 EVPerror(EVP_R_UNSUPPORTED_CIPHER);
204 EVP_R_UNSUPPORTED_CIPHER);
205 goto err; 203 goto err;
206 } 204 }
207 205
@@ -209,8 +207,7 @@ PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
209 if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de)) 207 if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
210 goto err; 208 goto err;
211 if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { 209 if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
212 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, 210 EVPerror(EVP_R_CIPHER_PARAMETER_ERROR);
213 EVP_R_CIPHER_PARAMETER_ERROR);
214 goto err; 211 goto err;
215 } 212 }
216 rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen, 213 rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen,
@@ -235,19 +232,19 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
235 const EVP_MD *prfmd; 232 const EVP_MD *prfmd;
236 233
237 if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { 234 if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
238 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_NO_CIPHER_SET); 235 EVPerror(EVP_R_NO_CIPHER_SET);
239 return 0; 236 return 0;
240 } 237 }
241 keylen = EVP_CIPHER_CTX_key_length(ctx); 238 keylen = EVP_CIPHER_CTX_key_length(ctx);
242 if (keylen > sizeof key) { 239 if (keylen > sizeof key) {
243 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_BAD_KEY_LENGTH); 240 EVPerror(EVP_R_BAD_KEY_LENGTH);
244 return 0; 241 return 0;
245 } 242 }
246 243
247 /* Decode parameter */ 244 /* Decode parameter */
248 245
249 if (!param || (param->type != V_ASN1_SEQUENCE)) { 246 if (!param || (param->type != V_ASN1_SEQUENCE)) {
250 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); 247 EVPerror(EVP_R_DECODE_ERROR);
251 return 0; 248 return 0;
252 } 249 }
253 250
@@ -255,7 +252,7 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
255 plen = param->value.sequence->length; 252 plen = param->value.sequence->length;
256 253
257 if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { 254 if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
258 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); 255 EVPerror(EVP_R_DECODE_ERROR);
259 return 0; 256 return 0;
260 } 257 }
261 258
@@ -263,8 +260,7 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
263 260
264 if (kdf->keylength && 261 if (kdf->keylength &&
265 (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ 262 (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){
266 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, 263 EVPerror(EVP_R_UNSUPPORTED_KEYLENGTH);
267 EVP_R_UNSUPPORTED_KEYLENGTH);
268 goto err; 264 goto err;
269 } 265 }
270 266
@@ -274,19 +270,18 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
274 prf_nid = NID_hmacWithSHA1; 270 prf_nid = NID_hmacWithSHA1;
275 271
276 if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) { 272 if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) {
277 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); 273 EVPerror(EVP_R_UNSUPPORTED_PRF);
278 goto err; 274 goto err;
279 } 275 }
280 276
281 prfmd = EVP_get_digestbynid(hmac_md_nid); 277 prfmd = EVP_get_digestbynid(hmac_md_nid);
282 if (prfmd == NULL) { 278 if (prfmd == NULL) {
283 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); 279 EVPerror(EVP_R_UNSUPPORTED_PRF);
284 goto err; 280 goto err;
285 } 281 }
286 282
287 if (kdf->salt->type != V_ASN1_OCTET_STRING) { 283 if (kdf->salt->type != V_ASN1_OCTET_STRING) {
288 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, 284 EVPerror(EVP_R_UNSUPPORTED_SALT_TYPE);
289 EVP_R_UNSUPPORTED_SALT_TYPE);
290 goto err; 285 goto err;
291 } 286 }
292 287
@@ -294,8 +289,7 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
294 salt = kdf->salt->value.octet_string->data; 289 salt = kdf->salt->value.octet_string->data;
295 saltlen = kdf->salt->value.octet_string->length; 290 saltlen = kdf->salt->value.octet_string->length;
296 if ((iter = ASN1_INTEGER_get(kdf->iter)) <= 0) { 291 if ((iter = ASN1_INTEGER_get(kdf->iter)) <= 0) {
297 EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, 292 EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
298 EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
299 goto err; 293 goto err;
300 } 294 }
301 if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd, 295 if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-09 13:03:27 +0000