summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pem
diff options
context:
space:
mode:
authormarkus <>2003-05-11 21:36:58 +0000
committermarkus <>2003-05-11 21:36:58 +0000
commit1c98a87f0daac81245653c227eb2f2508a22a965 (patch)
tree3de6d603296ec563b936da4e6a8a1e33d48f8884 /src/lib/libcrypto/pem
parent31392c89d1135cf2a416f97295f6d21681b3fbc4 (diff)
downloadopenbsd-1c98a87f0daac81245653c227eb2f2508a22a965.tar.gz
openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.tar.bz2
openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.zip
import 0.9.7b (without idea and rc5)
Diffstat (limited to 'src/lib/libcrypto/pem')
-rw-r--r--src/lib/libcrypto/pem/pem.h8
-rw-r--r--src/lib/libcrypto/pem/pem_info.c5
-rw-r--r--src/lib/libcrypto/pem/pem_lib.c26
-rw-r--r--src/lib/libcrypto/pem/pem_pk8.c2
-rw-r--r--src/lib/libcrypto/pem/pem_seal.c2
5 files changed, 25 insertions, 18 deletions
diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h
index 3785fca77d..d330cbf9a3 100644
--- a/src/lib/libcrypto/pem/pem.h
+++ b/src/lib/libcrypto/pem/pem.h
@@ -149,7 +149,7 @@ typedef struct pem_recip_st
149 149
150 int cipher; 150 int cipher;
151 int key_enc; 151 int key_enc;
152 char iv[8]; 152 /* char iv[8]; unused and wrong size */
153 } PEM_USER; 153 } PEM_USER;
154 154
155typedef struct pem_ctx_st 155typedef struct pem_ctx_st
@@ -165,7 +165,8 @@ typedef struct pem_ctx_st
165 165
166 struct { 166 struct {
167 int cipher; 167 int cipher;
168 unsigned char iv[8]; 168 /* unused, and wrong size
169 unsigned char iv[8]; */
169 } DEK_info; 170 } DEK_info;
170 171
171 PEM_USER *originator; 172 PEM_USER *originator;
@@ -187,7 +188,8 @@ typedef struct pem_ctx_st
187 EVP_CIPHER *dec; /* date encryption cipher */ 188 EVP_CIPHER *dec; /* date encryption cipher */
188 int key_len; /* key length */ 189 int key_len; /* key length */
189 unsigned char *key; /* key */ 190 unsigned char *key; /* key */
190 unsigned char iv[8]; /* the iv */ 191 /* unused, and wrong size
192 unsigned char iv[8]; */
191 193
192 194
193 int data_enc; /* is the data encrypted */ 195 int data_enc; /* is the data encrypted */
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
index 9a6dffb45c..9e4af29c95 100644
--- a/src/lib/libcrypto/pem/pem_info.c
+++ b/src/lib/libcrypto/pem/pem_info.c
@@ -324,6 +324,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
324 } 324 }
325 325
326 /* create the right magic header stuff */ 326 /* create the right magic header stuff */
327 OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
327 buf[0]='\0'; 328 buf[0]='\0';
328 PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); 329 PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
329 PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); 330 PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
@@ -358,7 +359,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
358 ret=1; 359 ret=1;
359 360
360err: 361err:
361 memset((char *)&ctx,0,sizeof(ctx)); 362 OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
362 memset(buf,0,PEM_BUFSIZE); 363 OPENSSL_cleanse(buf,PEM_BUFSIZE);
363 return(ret); 364 return(ret);
364 } 365 }
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index a8db6ffbf5..70b5446797 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -138,7 +138,7 @@ void PEM_proc_type(char *buf, int type)
138 138
139void PEM_dek_info(char *buf, const char *type, int len, char *str) 139void PEM_dek_info(char *buf, const char *type, int len, char *str)
140 { 140 {
141 static unsigned char map[17]="0123456789ABCDEF"; 141 static const unsigned char map[17]="0123456789ABCDEF";
142 long i; 142 long i;
143 int j; 143 int j;
144 144
@@ -249,7 +249,7 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char
249 ret = 1; 249 ret = 1;
250 250
251err: 251err:
252 if (!pnm) OPENSSL_free(nm); 252 if (!ret || !pnm) OPENSSL_free(nm);
253 OPENSSL_free(header); 253 OPENSSL_free(header);
254 if (!ret) OPENSSL_free(data); 254 if (!ret) OPENSSL_free(data);
255 return ret; 255 return ret;
@@ -304,6 +304,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
304 goto err; 304 goto err;
305 } 305 }
306 /* dzise + 8 bytes are needed */ 306 /* dzise + 8 bytes are needed */
307 /* actually it needs the cipher block size extra... */
307 data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20); 308 data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);
308 if (data == NULL) 309 if (data == NULL)
309 { 310 {
@@ -333,13 +334,16 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
333 kstr=(unsigned char *)buf; 334 kstr=(unsigned char *)buf;
334 } 335 }
335 RAND_add(data,i,0);/* put in the RSA key. */ 336 RAND_add(data,i,0);/* put in the RSA key. */
337 OPENSSL_assert(enc->iv_len <= sizeof iv);
336 if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ 338 if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
337 goto err; 339 goto err;
338 /* The 'iv' is used as the iv and as a salt. It is 340 /* The 'iv' is used as the iv and as a salt. It is
339 * NOT taken from the BytesToKey function */ 341 * NOT taken from the BytesToKey function */
340 EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); 342 EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
341 343
342 if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE); 344 if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
345
346 OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
343 347
344 buf[0]='\0'; 348 buf[0]='\0';
345 PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); 349 PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
@@ -362,13 +366,13 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
362 i=PEM_write_bio(bp,name,buf,data,i); 366 i=PEM_write_bio(bp,name,buf,data,i);
363 if (i <= 0) ret=0; 367 if (i <= 0) ret=0;
364err: 368err:
365 memset(key,0,sizeof(key)); 369 OPENSSL_cleanse(key,sizeof(key));
366 memset(iv,0,sizeof(iv)); 370 OPENSSL_cleanse(iv,sizeof(iv));
367 memset((char *)&ctx,0,sizeof(ctx)); 371 OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
368 memset(buf,0,PEM_BUFSIZE); 372 OPENSSL_cleanse(buf,PEM_BUFSIZE);
369 if (data != NULL) 373 if (data != NULL)
370 { 374 {
371 memset(data,0,(unsigned int)dsize); 375 OPENSSL_cleanse(data,(unsigned int)dsize);
372 OPENSSL_free(data); 376 OPENSSL_free(data);
373 } 377 }
374 return(ret); 378 return(ret);
@@ -409,8 +413,8 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
409 EVP_DecryptUpdate(&ctx,data,&i,data,j); 413 EVP_DecryptUpdate(&ctx,data,&i,data,j);
410 o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j); 414 o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
411 EVP_CIPHER_CTX_cleanup(&ctx); 415 EVP_CIPHER_CTX_cleanup(&ctx);
412 memset((char *)buf,0,sizeof(buf)); 416 OPENSSL_cleanse((char *)buf,sizeof(buf));
413 memset((char *)key,0,sizeof(key)); 417 OPENSSL_cleanse((char *)key,sizeof(key));
414 j+=i; 418 j+=i;
415 if (!o) 419 if (!o)
416 { 420 {
@@ -691,7 +695,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
691 if (strncmp(buf,"-----END ",9) == 0) 695 if (strncmp(buf,"-----END ",9) == 0)
692 break; 696 break;
693 if (i > 65) break; 697 if (i > 65) break;
694 if (!BUF_MEM_grow(dataB,i+bl+9)) 698 if (!BUF_MEM_grow_clean(dataB,i+bl+9))
695 { 699 {
696 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); 700 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
697 goto err; 701 goto err;
diff --git a/src/lib/libcrypto/pem/pem_pk8.c b/src/lib/libcrypto/pem/pem_pk8.c
index f44182ffb5..db38a2a79d 100644
--- a/src/lib/libcrypto/pem/pem_pk8.c
+++ b/src/lib/libcrypto/pem/pem_pk8.c
@@ -136,7 +136,7 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER
136 kstr = buf; 136 kstr = buf;
137 } 137 }
138 p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf); 138 p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
139 if(kstr == buf) memset(buf, 0, klen); 139 if(kstr == buf) OPENSSL_cleanse(buf, klen);
140 PKCS8_PRIV_KEY_INFO_free(p8inf); 140 PKCS8_PRIV_KEY_INFO_free(p8inf);
141 if(isder) ret = i2d_PKCS8_bio(bp, p8); 141 if(isder) ret = i2d_PKCS8_bio(bp, p8);
142 else ret = PEM_write_bio_PKCS8(bp, p8); 142 else ret = PEM_write_bio_PKCS8(bp, p8);
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c
index ae463a301d..56e08abd70 100644
--- a/src/lib/libcrypto/pem/pem_seal.c
+++ b/src/lib/libcrypto/pem/pem_seal.c
@@ -112,7 +112,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
112 ret=npubk; 112 ret=npubk;
113err: 113err:
114 if (s != NULL) OPENSSL_free(s); 114 if (s != NULL) OPENSSL_free(s);
115 memset(key,0,EVP_MAX_KEY_LENGTH); 115 OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
116 return(ret); 116 return(ret);
117 } 117 }
118 118