diff options
author | djm <> | 2012-10-13 21:23:50 +0000 |
---|---|---|
committer | djm <> | 2012-10-13 21:23:50 +0000 |
commit | e9d65189905c6e99c1062d65e26bf83eebb0a26a (patch) | |
tree | 10ebe51c3542099b0ab8325d8f322372375dc3b4 /src/lib/libcrypto/pem | |
parent | 59625e84c89bf82e1c6d20c55785b618eb56ea72 (diff) | |
parent | 228cae30b117c2493f69ad3c195341cd6ec8d430 (diff) | |
download | openbsd-e9d65189905c6e99c1062d65e26bf83eebb0a26a.tar.gz openbsd-e9d65189905c6e99c1062d65e26bf83eebb0a26a.tar.bz2 openbsd-e9d65189905c6e99c1062d65e26bf83eebb0a26a.zip |
This commit was generated by cvs2git to track changes on a CVS vendor
branch.
Diffstat (limited to 'src/lib/libcrypto/pem')
-rw-r--r-- | src/lib/libcrypto/pem/pvkfmt.c | 58 |
1 files changed, 35 insertions, 23 deletions
diff --git a/src/lib/libcrypto/pem/pvkfmt.c b/src/lib/libcrypto/pem/pvkfmt.c index 5f130c4528..b1bf71a5da 100644 --- a/src/lib/libcrypto/pem/pvkfmt.c +++ b/src/lib/libcrypto/pem/pvkfmt.c | |||
@@ -709,13 +709,16 @@ static int derive_pvk_key(unsigned char *key, | |||
709 | const unsigned char *pass, int passlen) | 709 | const unsigned char *pass, int passlen) |
710 | { | 710 | { |
711 | EVP_MD_CTX mctx; | 711 | EVP_MD_CTX mctx; |
712 | int rv = 1; | ||
712 | EVP_MD_CTX_init(&mctx); | 713 | EVP_MD_CTX_init(&mctx); |
713 | EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL); | 714 | if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL) |
714 | EVP_DigestUpdate(&mctx, salt, saltlen); | 715 | || !EVP_DigestUpdate(&mctx, salt, saltlen) |
715 | EVP_DigestUpdate(&mctx, pass, passlen); | 716 | || !EVP_DigestUpdate(&mctx, pass, passlen) |
716 | EVP_DigestFinal_ex(&mctx, key, NULL); | 717 | || !EVP_DigestFinal_ex(&mctx, key, NULL)) |
718 | rv = 0; | ||
719 | |||
717 | EVP_MD_CTX_cleanup(&mctx); | 720 | EVP_MD_CTX_cleanup(&mctx); |
718 | return 1; | 721 | return rv; |
719 | } | 722 | } |
720 | 723 | ||
721 | 724 | ||
@@ -727,11 +730,12 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, | |||
727 | const unsigned char *p = *in; | 730 | const unsigned char *p = *in; |
728 | unsigned int magic; | 731 | unsigned int magic; |
729 | unsigned char *enctmp = NULL, *q; | 732 | unsigned char *enctmp = NULL, *q; |
733 | EVP_CIPHER_CTX cctx; | ||
734 | EVP_CIPHER_CTX_init(&cctx); | ||
730 | if (saltlen) | 735 | if (saltlen) |
731 | { | 736 | { |
732 | char psbuf[PEM_BUFSIZE]; | 737 | char psbuf[PEM_BUFSIZE]; |
733 | unsigned char keybuf[20]; | 738 | unsigned char keybuf[20]; |
734 | EVP_CIPHER_CTX cctx; | ||
735 | int enctmplen, inlen; | 739 | int enctmplen, inlen; |
736 | if (cb) | 740 | if (cb) |
737 | inlen=cb(psbuf,PEM_BUFSIZE,0,u); | 741 | inlen=cb(psbuf,PEM_BUFSIZE,0,u); |
@@ -757,37 +761,41 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, | |||
757 | p += 8; | 761 | p += 8; |
758 | inlen = keylen - 8; | 762 | inlen = keylen - 8; |
759 | q = enctmp + 8; | 763 | q = enctmp + 8; |
760 | EVP_CIPHER_CTX_init(&cctx); | 764 | if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL)) |
761 | EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL); | 765 | goto err; |
762 | EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen); | 766 | if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen)) |
763 | EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen); | 767 | goto err; |
768 | if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen)) | ||
769 | goto err; | ||
764 | magic = read_ledword((const unsigned char **)&q); | 770 | magic = read_ledword((const unsigned char **)&q); |
765 | if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) | 771 | if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) |
766 | { | 772 | { |
767 | q = enctmp + 8; | 773 | q = enctmp + 8; |
768 | memset(keybuf + 5, 0, 11); | 774 | memset(keybuf + 5, 0, 11); |
769 | EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, | 775 | if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, |
770 | NULL); | 776 | NULL)) |
777 | goto err; | ||
771 | OPENSSL_cleanse(keybuf, 20); | 778 | OPENSSL_cleanse(keybuf, 20); |
772 | EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen); | 779 | if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen)) |
773 | EVP_DecryptFinal_ex(&cctx, q + enctmplen, | 780 | goto err; |
774 | &enctmplen); | 781 | if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, |
782 | &enctmplen)) | ||
783 | goto err; | ||
775 | magic = read_ledword((const unsigned char **)&q); | 784 | magic = read_ledword((const unsigned char **)&q); |
776 | if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) | 785 | if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) |
777 | { | 786 | { |
778 | EVP_CIPHER_CTX_cleanup(&cctx); | ||
779 | PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT); | 787 | PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT); |
780 | goto err; | 788 | goto err; |
781 | } | 789 | } |
782 | } | 790 | } |
783 | else | 791 | else |
784 | OPENSSL_cleanse(keybuf, 20); | 792 | OPENSSL_cleanse(keybuf, 20); |
785 | EVP_CIPHER_CTX_cleanup(&cctx); | ||
786 | p = enctmp; | 793 | p = enctmp; |
787 | } | 794 | } |
788 | 795 | ||
789 | ret = b2i_PrivateKey(&p, keylen); | 796 | ret = b2i_PrivateKey(&p, keylen); |
790 | err: | 797 | err: |
798 | EVP_CIPHER_CTX_cleanup(&cctx); | ||
791 | if (enctmp && saltlen) | 799 | if (enctmp && saltlen) |
792 | OPENSSL_free(enctmp); | 800 | OPENSSL_free(enctmp); |
793 | return ret; | 801 | return ret; |
@@ -841,6 +849,8 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, | |||
841 | { | 849 | { |
842 | int outlen = 24, pklen; | 850 | int outlen = 24, pklen; |
843 | unsigned char *p, *salt = NULL; | 851 | unsigned char *p, *salt = NULL; |
852 | EVP_CIPHER_CTX cctx; | ||
853 | EVP_CIPHER_CTX_init(&cctx); | ||
844 | if (enclevel) | 854 | if (enclevel) |
845 | outlen += PVK_SALTLEN; | 855 | outlen += PVK_SALTLEN; |
846 | pklen = do_i2b(NULL, pk, 0); | 856 | pklen = do_i2b(NULL, pk, 0); |
@@ -885,7 +895,6 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, | |||
885 | { | 895 | { |
886 | char psbuf[PEM_BUFSIZE]; | 896 | char psbuf[PEM_BUFSIZE]; |
887 | unsigned char keybuf[20]; | 897 | unsigned char keybuf[20]; |
888 | EVP_CIPHER_CTX cctx; | ||
889 | int enctmplen, inlen; | 898 | int enctmplen, inlen; |
890 | if (cb) | 899 | if (cb) |
891 | inlen=cb(psbuf,PEM_BUFSIZE,1,u); | 900 | inlen=cb(psbuf,PEM_BUFSIZE,1,u); |
@@ -902,16 +911,19 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, | |||
902 | if (enclevel == 1) | 911 | if (enclevel == 1) |
903 | memset(keybuf + 5, 0, 11); | 912 | memset(keybuf + 5, 0, 11); |
904 | p = salt + PVK_SALTLEN + 8; | 913 | p = salt + PVK_SALTLEN + 8; |
905 | EVP_CIPHER_CTX_init(&cctx); | 914 | if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL)) |
906 | EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL); | 915 | goto error; |
907 | OPENSSL_cleanse(keybuf, 20); | 916 | OPENSSL_cleanse(keybuf, 20); |
908 | EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8); | 917 | if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8)) |
909 | EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen); | 918 | goto error; |
910 | EVP_CIPHER_CTX_cleanup(&cctx); | 919 | if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen)) |
920 | goto error; | ||
911 | } | 921 | } |
922 | EVP_CIPHER_CTX_cleanup(&cctx); | ||
912 | return outlen; | 923 | return outlen; |
913 | 924 | ||
914 | error: | 925 | error: |
926 | EVP_CIPHER_CTX_cleanup(&cctx); | ||
915 | return -1; | 927 | return -1; |
916 | } | 928 | } |
917 | 929 | ||