import openssl-0.9.7-beta1

author: markus <> 2002-09-05 12:51:50 +0000
committer: markus <> 2002-09-05 12:51:50 +0000
commit: 15b5d84f9da2ce4bfae8580e56e34a859f74ad71 (patch)
tree: bf939e82d7fd73cc8a01cf6959002209972091bc /src/lib/libcrypto/pkcs12/p12_key.c
parent: 027351f729b9e837200dae6e1520cda6577ab930 (diff)
download: openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.tar.gz
openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.tar.bz2
openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.zip
1 files changed, 60 insertions, 36 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
index 25d8cdae57..0d39ebde8c 100644
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ b/src/lib/libcrypto/pkcs12/p12_key.c
@@ -64,7 +64,7 @@
 /* Uncomment out this line to get debugging info about key generation */
 /*#define DEBUG_KEYGEN*/
 #ifdef DEBUG_KEYGEN
-#include <bio.h>
+#include <openssl/bio.h>
 extern BIO *bio_err;
 void h__dump (unsigned char *p, int len);
 #endif
@@ -74,53 +74,69 @@ void h__dump (unsigned char *p, int len);
 #define min(a,b) ((a) < (b) ? (a) : (b))
 #endif
-int PKCS12_key_gen_asc (const char *pass, int passlen, unsigned char *salt,
+int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
             int saltlen, int id, int iter, int n, unsigned char *out,
             const EVP_MD *md_type)
 {
        int ret;
        unsigned char *unipass;
        int uniplen;
-        if (!asc2uni (pass, &unipass, &uniplen)) {
+        if(!pass) {
+                unipass = NULL;
+                uniplen = 0;
+        } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
                PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
                return 0;
        }
-        ret = PKCS12_key_gen_uni (unipass, uniplen, salt, saltlen,
+        ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
                                                 id, iter, n, out, md_type);
-        memset(unipass, 0, uniplen);    /* Clear password from memory */
+        if(unipass) {
-        Free(unipass);
+                memset(unipass, 0, uniplen);    /* Clear password from memory */
+                OPENSSL_free(unipass);
+        }
        return ret;
 }
-int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
             int saltlen, int id, int iter, int n, unsigned char *out,
             const EVP_MD *md_type)
 {
        unsigned char *B, *D, *I, *p, *Ai;
-        int Slen, Plen, Ilen;
+        int Slen, Plen, Ilen, Ijlen;
        int i, j, u, v;
        BIGNUM *Ij, *Bpl1;      /* These hold Ij and B + 1 */
        EVP_MD_CTX ctx;
 #ifdef  DEBUG_KEYGEN
        unsigned char *tmpout = out;
        int tmpn = n;
-        BIO_printf (bio_err, "KEYGEN DEBUG\n");
+#endif
-        BIO_printf (bio_err, "ID %d, ITER %d\n", id, iter);
-        BIO_printf (bio_err, "Password (length %d):\n", passlen);
+#if 0
-        h__dump (pass, passlen);
+        if (!pass) {
-        BIO_printf (bio_err, "Salt (length %d):\n", saltlen);
+                PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);
-        h__dump (salt, saltlen);
+                return 0;
-        BIO_printf (bio_err, "ID %d, ITER %d\n\n", id, iter);
+        }
+#endif
+        EVP_MD_CTX_init(&ctx);
+#ifdef  DEBUG_KEYGEN
+        fprintf(stderr, "KEYGEN DEBUG\n");
+        fprintf(stderr, "ID %d, ITER %d\n", id, iter);
+        fprintf(stderr, "Password (length %d):\n", passlen);
+        h__dump(pass, passlen);
+        fprintf(stderr, "Salt (length %d):\n", saltlen);
+        h__dump(salt, saltlen);
 #endif
        v = EVP_MD_block_size (md_type);
        u = EVP_MD_size (md_type);
-        D = Malloc (v);
+        D = OPENSSL_malloc (v);
-        Ai = Malloc (u);
+        Ai = OPENSSL_malloc (u);
-        B = Malloc (v + 1);
+        B = OPENSSL_malloc (v + 1);
        Slen = v * ((saltlen+v-1)/v);
-        Plen = v * ((passlen+v-1)/v);
+        if(passlen) Plen = v * ((passlen+v-1)/v);
+        else Plen = 0;
        Ilen = Slen + Plen;
-        I = Malloc (Ilen);
+        I = OPENSSL_malloc (Ilen);
        Ij = BN_new();
        Bpl1 = BN_new();
        if (!D || !Ai || !B || !I || !Ij || !Bpl1) {
@@ -132,26 +148,27 @@ int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
        for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
        for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];
        for (;;) {
-                EVP_DigestInit (&ctx, md_type);
+                EVP_DigestInit_ex(&ctx, md_type, NULL);
-                EVP_DigestUpdate (&ctx, D, v);
+                EVP_DigestUpdate(&ctx, D, v);
-                EVP_DigestUpdate (&ctx, I, Ilen);
+                EVP_DigestUpdate(&ctx, I, Ilen);
-                EVP_DigestFinal (&ctx, Ai, NULL);
+                EVP_DigestFinal_ex(&ctx, Ai, NULL);
                for (j = 1; j < iter; j++) {
-                        EVP_DigestInit (&ctx, md_type);
+                        EVP_DigestInit_ex(&ctx, md_type, NULL);
-                        EVP_DigestUpdate (&ctx, Ai, u);
+                        EVP_DigestUpdate(&ctx, Ai, u);
-                        EVP_DigestFinal (&ctx, Ai, NULL);
+                        EVP_DigestFinal_ex(&ctx, Ai, NULL);
                }
                memcpy (out, Ai, min (n, u));
                if (u >= n) {
-                        Free (Ai);
+                        OPENSSL_free (Ai);
-                        Free (B);
+                        OPENSSL_free (B);
-                        Free (D);
+                        OPENSSL_free (D);
-                        Free (I);
+                        OPENSSL_free (I);
                        BN_free (Ij);
                        BN_free (Bpl1);
+                        EVP_MD_CTX_cleanup(&ctx);
 #ifdef DEBUG_KEYGEN
-                        BIO_printf (bio_err, "Output KEY (length %d)\n", tmpn);
+                        fprintf(stderr, "Output KEY (length %d)\n", tmpn);
-                        h__dump (tmpout, tmpn);
+                        h__dump(tmpout, tmpn);
 #endif
                        return 1;       
                }
@@ -165,10 +182,17 @@ int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
                        BN_bin2bn (I + j, v, Ij);
                        BN_add (Ij, Ij, Bpl1);
                        BN_bn2bin (Ij, B);
+                        Ijlen = BN_num_bytes (Ij);
                        /* If more than 2^(v*8) - 1 cut off MSB */
-                        if (BN_num_bytes (Ij) > v) {
+                        if (Ijlen > v) {
                                BN_bn2bin (Ij, B);
                                memcpy (I + j, B + 1, v);
+#ifndef PKCS12_BROKEN_KEYGEN
+                        /* If less than v bytes pad with zeroes */
+                        } else if (Ijlen < v) {
+                                memset(I + j, 0, v - Ijlen);
+                                BN_bn2bin(Ij, I + j + v - Ijlen); 
+#endif
                        } else BN_bn2bin (Ij, I + j);
                }
        }
@@ -176,7 +200,7 @@ int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt,
 #ifdef DEBUG_KEYGEN
 void h__dump (unsigned char *p, int len)
 {
-        for (; len --; p++) BIO_printf (bio_err, "%02X", *p);
+        for (; len --; p++) fprintf(stderr, "%02X", *p);
-        BIO_printf (bio_err, "\n");     
+        fprintf(stderr, "\n");  
 }
 #endif
author	markus <>	2002-09-05 12:51:50 +0000
committer	markus <>	2002-09-05 12:51:50 +0000
commit	15b5d84f9da2ce4bfae8580e56e34a859f74ad71 (patch)
tree	bf939e82d7fd73cc8a01cf6959002209972091bc /src/lib/libcrypto/pkcs12/p12_key.c
parent	027351f729b9e837200dae6e1520cda6577ab930 (diff)
download	openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.tar.gz openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.tar.bz2 openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.zip

diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c index 25d8cdae57..0d39ebde8c 100644 --- a/src/lib/libcrypto/pkcs12/p12_key.c +++ b/src/lib/libcrypto/pkcs12/p12_key.c
@@ -64,7 +64,7 @@
64	/* Uncomment out this line to get debugging info about key generation */	64	/* Uncomment out this line to get debugging info about key generation */
65	/#define DEBUG_KEYGEN/	65	/#define DEBUG_KEYGEN/
66	#ifdef DEBUG_KEYGEN	66	#ifdef DEBUG_KEYGEN
67	#include <bio.h>	67	#include <openssl/bio.h>
68	extern BIO *bio_err;	68	extern BIO *bio_err;
69	void h__dump (unsigned char *p, int len);	69	void h__dump (unsigned char *p, int len);
70	#endif	70	#endif
@@ -74,53 +74,69 @@ void h__dump (unsigned char *p, int len);
74	#define min(a,b) ((a) < (b) ? (a) : (b))	74	#define min(a,b) ((a) < (b) ? (a) : (b))
75	#endif	75	#endif
76		76
77	int PKCS12_key_gen_asc (const char pass, int passlen, unsigned char salt,	77	int PKCS12_key_gen_asc(const char pass, int passlen, unsigned char salt,
78	int saltlen, int id, int iter, int n, unsigned char *out,	78	int saltlen, int id, int iter, int n, unsigned char *out,
79	const EVP_MD *md_type)	79	const EVP_MD *md_type)
80	{	80	{
81	int ret;	81	int ret;
82	unsigned char *unipass;	82	unsigned char *unipass;
83	int uniplen;	83	int uniplen;
84	if (!asc2uni (pass, &unipass, &uniplen)) {	84	if(!pass) {
		85	unipass = NULL;
		86	uniplen = 0;
		87	} else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
85	PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);	88	PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
86	return 0;	89	return 0;
87	}	90	}
88	ret = PKCS12_key_gen_uni (unipass, uniplen, salt, saltlen,	91	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
89	id, iter, n, out, md_type);	92	id, iter, n, out, md_type);
90	memset(unipass, 0, uniplen); /* Clear password from memory */	93	if(unipass) {
91	Free(unipass);	94	memset(unipass, 0, uniplen); /* Clear password from memory */
		95	OPENSSL_free(unipass);
		96	}
92	return ret;	97	return ret;
93	}	98	}
94		99
95	int PKCS12_key_gen_uni (unsigned char pass, int passlen, unsigned char salt,	100	int PKCS12_key_gen_uni(unsigned char pass, int passlen, unsigned char salt,
96	int saltlen, int id, int iter, int n, unsigned char *out,	101	int saltlen, int id, int iter, int n, unsigned char *out,
97	const EVP_MD *md_type)	102	const EVP_MD *md_type)
98	{	103	{
99	unsigned char B, D, I, p, *Ai;	104	unsigned char B, D, I, p, *Ai;
100	int Slen, Plen, Ilen;	105	int Slen, Plen, Ilen, Ijlen;
101	int i, j, u, v;	106	int i, j, u, v;
102	BIGNUM Ij, Bpl1; /* These hold Ij and B + 1 */	107	BIGNUM Ij, Bpl1; /* These hold Ij and B + 1 */
103	EVP_MD_CTX ctx;	108	EVP_MD_CTX ctx;
104	#ifdef DEBUG_KEYGEN	109	#ifdef DEBUG_KEYGEN
105	unsigned char *tmpout = out;	110	unsigned char *tmpout = out;
106	int tmpn = n;	111	int tmpn = n;
107	BIO_printf (bio_err, "KEYGEN DEBUG\n");	112	#endif
108	BIO_printf (bio_err, "ID %d, ITER %d\n", id, iter);	113
109	BIO_printf (bio_err, "Password (length %d):\n", passlen);	114	#if 0
110	h__dump (pass, passlen);	115	if (!pass) {
111	BIO_printf (bio_err, "Salt (length %d):\n", saltlen);	116	PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);
112	h__dump (salt, saltlen);	117	return 0;
113	BIO_printf (bio_err, "ID %d, ITER %d\n\n", id, iter);	118	}
		119	#endif
		120
		121	EVP_MD_CTX_init(&ctx);
		122	#ifdef DEBUG_KEYGEN
		123	fprintf(stderr, "KEYGEN DEBUG\n");
		124	fprintf(stderr, "ID %d, ITER %d\n", id, iter);
		125	fprintf(stderr, "Password (length %d):\n", passlen);
		126	h__dump(pass, passlen);
		127	fprintf(stderr, "Salt (length %d):\n", saltlen);
		128	h__dump(salt, saltlen);
114	#endif	129	#endif
115	v = EVP_MD_block_size (md_type);	130	v = EVP_MD_block_size (md_type);
116	u = EVP_MD_size (md_type);	131	u = EVP_MD_size (md_type);
117	D = Malloc (v);	132	D = OPENSSL_malloc (v);
118	Ai = Malloc (u);	133	Ai = OPENSSL_malloc (u);
119	B = Malloc (v + 1);	134	B = OPENSSL_malloc (v + 1);
120	Slen = v * ((saltlen+v-1)/v);	135	Slen = v * ((saltlen+v-1)/v);
121	Plen = v * ((passlen+v-1)/v);	136	if(passlen) Plen = v * ((passlen+v-1)/v);
		137	else Plen = 0;
122	Ilen = Slen + Plen;	138	Ilen = Slen + Plen;
123	I = Malloc (Ilen);	139	I = OPENSSL_malloc (Ilen);
124	Ij = BN_new();	140	Ij = BN_new();
125	Bpl1 = BN_new();	141	Bpl1 = BN_new();
126	if (!D \|\| !Ai \|\| !B \|\| !I \|\| !Ij \|\| !Bpl1) {	142	if (!D \|\| !Ai \|\| !B \|\| !I \|\| !Ij \|\| !Bpl1) {
@@ -132,26 +148,27 @@ int PKCS12_key_gen_uni (unsigned char pass, int passlen, unsigned char salt,
132	for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];	148	for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
133	for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];	149	for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];
134	for (;;) {	150	for (;;) {
135	EVP_DigestInit (&ctx, md_type);	151	EVP_DigestInit_ex(&ctx, md_type, NULL);
136	EVP_DigestUpdate (&ctx, D, v);	152	EVP_DigestUpdate(&ctx, D, v);
137	EVP_DigestUpdate (&ctx, I, Ilen);	153	EVP_DigestUpdate(&ctx, I, Ilen);
138	EVP_DigestFinal (&ctx, Ai, NULL);	154	EVP_DigestFinal_ex(&ctx, Ai, NULL);
139	for (j = 1; j < iter; j++) {	155	for (j = 1; j < iter; j++) {
140	EVP_DigestInit (&ctx, md_type);	156	EVP_DigestInit_ex(&ctx, md_type, NULL);
141	EVP_DigestUpdate (&ctx, Ai, u);	157	EVP_DigestUpdate(&ctx, Ai, u);
142	EVP_DigestFinal (&ctx, Ai, NULL);	158	EVP_DigestFinal_ex(&ctx, Ai, NULL);
143	}	159	}
144	memcpy (out, Ai, min (n, u));	160	memcpy (out, Ai, min (n, u));
145	if (u >= n) {	161	if (u >= n) {
146	Free (Ai);	162	OPENSSL_free (Ai);
147	Free (B);	163	OPENSSL_free (B);
148	Free (D);	164	OPENSSL_free (D);
149	Free (I);	165	OPENSSL_free (I);
150	BN_free (Ij);	166	BN_free (Ij);
151	BN_free (Bpl1);	167	BN_free (Bpl1);
		168	EVP_MD_CTX_cleanup(&ctx);
152	#ifdef DEBUG_KEYGEN	169	#ifdef DEBUG_KEYGEN
153	BIO_printf (bio_err, "Output KEY (length %d)\n", tmpn);	170	fprintf(stderr, "Output KEY (length %d)\n", tmpn);
154	h__dump (tmpout, tmpn);	171	h__dump(tmpout, tmpn);
155	#endif	172	#endif
156	return 1;	173	return 1;
157	}	174	}
@@ -165,10 +182,17 @@ int PKCS12_key_gen_uni (unsigned char pass, int passlen, unsigned char salt,
165	BN_bin2bn (I + j, v, Ij);	182	BN_bin2bn (I + j, v, Ij);
166	BN_add (Ij, Ij, Bpl1);	183	BN_add (Ij, Ij, Bpl1);
167	BN_bn2bin (Ij, B);	184	BN_bn2bin (Ij, B);
		185	Ijlen = BN_num_bytes (Ij);
168	/* If more than 2^(v8) - 1 cut off MSB /	186	/* If more than 2^(v8) - 1 cut off MSB /
169	if (BN_num_bytes (Ij) > v) {	187	if (Ijlen > v) {
170	BN_bn2bin (Ij, B);	188	BN_bn2bin (Ij, B);
171	memcpy (I + j, B + 1, v);	189	memcpy (I + j, B + 1, v);
		190	#ifndef PKCS12_BROKEN_KEYGEN
		191	/* If less than v bytes pad with zeroes */
		192	} else if (Ijlen < v) {
		193	memset(I + j, 0, v - Ijlen);
		194	BN_bn2bin(Ij, I + j + v - Ijlen);
		195	#endif
172	} else BN_bn2bin (Ij, I + j);	196	} else BN_bn2bin (Ij, I + j);
173	}	197	}
174	}	198	}
@@ -176,7 +200,7 @@ int PKCS12_key_gen_uni (unsigned char pass, int passlen, unsigned char salt,
176	#ifdef DEBUG_KEYGEN	200	#ifdef DEBUG_KEYGEN
177	void h__dump (unsigned char *p, int len)	201	void h__dump (unsigned char *p, int len)
178	{	202	{
179	for (; len --; p++) BIO_printf (bio_err, "%02X", *p);	203	for (; len --; p++) fprintf(stderr, "%02X", *p);
180	BIO_printf (bio_err, "\n");	204	fprintf(stderr, "\n");
181	}	205	}
182	#endif	206	#endif