diff options
| author | djm <> | 2012-10-13 21:23:50 +0000 |
|---|---|---|
| committer | djm <> | 2012-10-13 21:23:50 +0000 |
| commit | 228cae30b117c2493f69ad3c195341cd6ec8d430 (patch) | |
| tree | 29ff00b10d52c0978077c4fd83c33b065bade73e /src/lib/libcrypto/pem | |
| parent | 731838c66b52c0ae5888333005b74115a620aa96 (diff) | |
| download | openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.tar.gz openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.tar.bz2 openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.zip | |
import OpenSSL-1.0.1c
Diffstat (limited to 'src/lib/libcrypto/pem')
| -rw-r--r-- | src/lib/libcrypto/pem/pvkfmt.c | 58 |
1 files changed, 35 insertions, 23 deletions
diff --git a/src/lib/libcrypto/pem/pvkfmt.c b/src/lib/libcrypto/pem/pvkfmt.c index 5f130c4528..b1bf71a5da 100644 --- a/src/lib/libcrypto/pem/pvkfmt.c +++ b/src/lib/libcrypto/pem/pvkfmt.c | |||
| @@ -709,13 +709,16 @@ static int derive_pvk_key(unsigned char *key, | |||
| 709 | const unsigned char *pass, int passlen) | 709 | const unsigned char *pass, int passlen) |
| 710 | { | 710 | { |
| 711 | EVP_MD_CTX mctx; | 711 | EVP_MD_CTX mctx; |
| 712 | int rv = 1; | ||
| 712 | EVP_MD_CTX_init(&mctx); | 713 | EVP_MD_CTX_init(&mctx); |
| 713 | EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL); | 714 | if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL) |
| 714 | EVP_DigestUpdate(&mctx, salt, saltlen); | 715 | || !EVP_DigestUpdate(&mctx, salt, saltlen) |
| 715 | EVP_DigestUpdate(&mctx, pass, passlen); | 716 | || !EVP_DigestUpdate(&mctx, pass, passlen) |
| 716 | EVP_DigestFinal_ex(&mctx, key, NULL); | 717 | || !EVP_DigestFinal_ex(&mctx, key, NULL)) |
| 718 | rv = 0; | ||
| 719 | |||
| 717 | EVP_MD_CTX_cleanup(&mctx); | 720 | EVP_MD_CTX_cleanup(&mctx); |
| 718 | return 1; | 721 | return rv; |
| 719 | } | 722 | } |
| 720 | 723 | ||
| 721 | 724 | ||
| @@ -727,11 +730,12 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, | |||
| 727 | const unsigned char *p = *in; | 730 | const unsigned char *p = *in; |
| 728 | unsigned int magic; | 731 | unsigned int magic; |
| 729 | unsigned char *enctmp = NULL, *q; | 732 | unsigned char *enctmp = NULL, *q; |
| 733 | EVP_CIPHER_CTX cctx; | ||
| 734 | EVP_CIPHER_CTX_init(&cctx); | ||
| 730 | if (saltlen) | 735 | if (saltlen) |
| 731 | { | 736 | { |
| 732 | char psbuf[PEM_BUFSIZE]; | 737 | char psbuf[PEM_BUFSIZE]; |
| 733 | unsigned char keybuf[20]; | 738 | unsigned char keybuf[20]; |
| 734 | EVP_CIPHER_CTX cctx; | ||
| 735 | int enctmplen, inlen; | 739 | int enctmplen, inlen; |
| 736 | if (cb) | 740 | if (cb) |
| 737 | inlen=cb(psbuf,PEM_BUFSIZE,0,u); | 741 | inlen=cb(psbuf,PEM_BUFSIZE,0,u); |
| @@ -757,37 +761,41 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, | |||
| 757 | p += 8; | 761 | p += 8; |
| 758 | inlen = keylen - 8; | 762 | inlen = keylen - 8; |
| 759 | q = enctmp + 8; | 763 | q = enctmp + 8; |
| 760 | EVP_CIPHER_CTX_init(&cctx); | 764 | if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL)) |
| 761 | EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL); | 765 | goto err; |
| 762 | EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen); | 766 | if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen)) |
| 763 | EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen); | 767 | goto err; |
| 768 | if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen)) | ||
| 769 | goto err; | ||
| 764 | magic = read_ledword((const unsigned char **)&q); | 770 | magic = read_ledword((const unsigned char **)&q); |
| 765 | if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) | 771 | if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) |
| 766 | { | 772 | { |
| 767 | q = enctmp + 8; | 773 | q = enctmp + 8; |
| 768 | memset(keybuf + 5, 0, 11); | 774 | memset(keybuf + 5, 0, 11); |
| 769 | EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, | 775 | if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, |
| 770 | NULL); | 776 | NULL)) |
| 777 | goto err; | ||
| 771 | OPENSSL_cleanse(keybuf, 20); | 778 | OPENSSL_cleanse(keybuf, 20); |
| 772 | EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen); | 779 | if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen)) |
| 773 | EVP_DecryptFinal_ex(&cctx, q + enctmplen, | 780 | goto err; |
| 774 | &enctmplen); | 781 | if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, |
| 782 | &enctmplen)) | ||
| 783 | goto err; | ||
| 775 | magic = read_ledword((const unsigned char **)&q); | 784 | magic = read_ledword((const unsigned char **)&q); |
| 776 | if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) | 785 | if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) |
| 777 | { | 786 | { |
| 778 | EVP_CIPHER_CTX_cleanup(&cctx); | ||
| 779 | PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT); | 787 | PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT); |
| 780 | goto err; | 788 | goto err; |
| 781 | } | 789 | } |
| 782 | } | 790 | } |
| 783 | else | 791 | else |
| 784 | OPENSSL_cleanse(keybuf, 20); | 792 | OPENSSL_cleanse(keybuf, 20); |
| 785 | EVP_CIPHER_CTX_cleanup(&cctx); | ||
| 786 | p = enctmp; | 793 | p = enctmp; |
| 787 | } | 794 | } |
| 788 | 795 | ||
| 789 | ret = b2i_PrivateKey(&p, keylen); | 796 | ret = b2i_PrivateKey(&p, keylen); |
| 790 | err: | 797 | err: |
| 798 | EVP_CIPHER_CTX_cleanup(&cctx); | ||
| 791 | if (enctmp && saltlen) | 799 | if (enctmp && saltlen) |
| 792 | OPENSSL_free(enctmp); | 800 | OPENSSL_free(enctmp); |
| 793 | return ret; | 801 | return ret; |
| @@ -841,6 +849,8 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, | |||
| 841 | { | 849 | { |
| 842 | int outlen = 24, pklen; | 850 | int outlen = 24, pklen; |
| 843 | unsigned char *p, *salt = NULL; | 851 | unsigned char *p, *salt = NULL; |
| 852 | EVP_CIPHER_CTX cctx; | ||
| 853 | EVP_CIPHER_CTX_init(&cctx); | ||
| 844 | if (enclevel) | 854 | if (enclevel) |
| 845 | outlen += PVK_SALTLEN; | 855 | outlen += PVK_SALTLEN; |
| 846 | pklen = do_i2b(NULL, pk, 0); | 856 | pklen = do_i2b(NULL, pk, 0); |
| @@ -885,7 +895,6 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, | |||
| 885 | { | 895 | { |
| 886 | char psbuf[PEM_BUFSIZE]; | 896 | char psbuf[PEM_BUFSIZE]; |
| 887 | unsigned char keybuf[20]; | 897 | unsigned char keybuf[20]; |
| 888 | EVP_CIPHER_CTX cctx; | ||
| 889 | int enctmplen, inlen; | 898 | int enctmplen, inlen; |
| 890 | if (cb) | 899 | if (cb) |
| 891 | inlen=cb(psbuf,PEM_BUFSIZE,1,u); | 900 | inlen=cb(psbuf,PEM_BUFSIZE,1,u); |
| @@ -902,16 +911,19 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, | |||
| 902 | if (enclevel == 1) | 911 | if (enclevel == 1) |
| 903 | memset(keybuf + 5, 0, 11); | 912 | memset(keybuf + 5, 0, 11); |
| 904 | p = salt + PVK_SALTLEN + 8; | 913 | p = salt + PVK_SALTLEN + 8; |
| 905 | EVP_CIPHER_CTX_init(&cctx); | 914 | if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL)) |
| 906 | EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL); | 915 | goto error; |
| 907 | OPENSSL_cleanse(keybuf, 20); | 916 | OPENSSL_cleanse(keybuf, 20); |
| 908 | EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8); | 917 | if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8)) |
| 909 | EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen); | 918 | goto error; |
| 910 | EVP_CIPHER_CTX_cleanup(&cctx); | 919 | if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen)) |
| 920 | goto error; | ||
| 911 | } | 921 | } |
| 922 | EVP_CIPHER_CTX_cleanup(&cctx); | ||
| 912 | return outlen; | 923 | return outlen; |
| 913 | 924 | ||
| 914 | error: | 925 | error: |
| 926 | EVP_CIPHER_CTX_cleanup(&cctx); | ||
| 915 | return -1; | 927 | return -1; |
| 916 | } | 928 | } |
| 917 | 929 | ||