diff options
Diffstat (limited to 'src/lib/libcrypto/asn1/p5_pbev2.c')
| -rw-r--r-- | src/lib/libcrypto/asn1/p5_pbev2.c | 30 |
1 files changed, 13 insertions, 17 deletions
diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c index 2d80334e01..01563a68fd 100644 --- a/src/lib/libcrypto/asn1/p5_pbev2.c +++ b/src/lib/libcrypto/asn1/p5_pbev2.c | |||
| @@ -114,13 +114,12 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, | |||
| 114 | if(!(scheme->parameter = ASN1_TYPE_new())) goto merr; | 114 | if(!(scheme->parameter = ASN1_TYPE_new())) goto merr; |
| 115 | 115 | ||
| 116 | /* Create random IV */ | 116 | /* Create random IV */ |
| 117 | if (EVP_CIPHER_iv_length(cipher)) | 117 | if (EVP_CIPHER_iv_length(cipher)) { |
| 118 | { | ||
| 119 | if (aiv) | 118 | if (aiv) |
| 120 | memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); | 119 | memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); |
| 121 | else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) | 120 | else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) |
| 122 | goto err; | 121 | goto err; |
| 123 | } | 122 | } |
| 124 | 123 | ||
| 125 | EVP_CIPHER_CTX_init(&ctx); | 124 | EVP_CIPHER_CTX_init(&ctx); |
| 126 | 125 | ||
| @@ -137,11 +136,10 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, | |||
| 137 | * An error is OK here: just means use default PRF. | 136 | * An error is OK here: just means use default PRF. |
| 138 | */ | 137 | */ |
| 139 | if ((prf_nid == -1) && | 138 | if ((prf_nid == -1) && |
| 140 | EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) | 139 | EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { |
| 141 | { | ||
| 142 | ERR_clear_error(); | 140 | ERR_clear_error(); |
| 143 | prf_nid = NID_hmacWithSHA1; | 141 | prf_nid = NID_hmacWithSHA1; |
| 144 | } | 142 | } |
| 145 | EVP_CIPHER_CTX_cleanup(&ctx); | 143 | EVP_CIPHER_CTX_cleanup(&ctx); |
| 146 | 144 | ||
| 147 | /* If its RC2 then we'd better setup the key length */ | 145 | /* If its RC2 then we'd better setup the key length */ |
| @@ -178,7 +176,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, | |||
| 178 | 176 | ||
| 179 | return ret; | 177 | return ret; |
| 180 | 178 | ||
| 181 | merr: | 179 | merr: |
| 182 | ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,ERR_R_MALLOC_FAILURE); | 180 | ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,ERR_R_MALLOC_FAILURE); |
| 183 | 181 | ||
| 184 | err: | 182 | err: |
| @@ -193,13 +191,13 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, | |||
| 193 | 191 | ||
| 194 | X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, | 192 | X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, |
| 195 | unsigned char *salt, int saltlen) | 193 | unsigned char *salt, int saltlen) |
| 196 | { | 194 | { |
| 197 | return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1); | 195 | return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1); |
| 198 | } | 196 | } |
| 199 | 197 | ||
| 200 | X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, | 198 | X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, |
| 201 | int prf_nid, int keylen) | 199 | int prf_nid, int keylen) |
| 202 | { | 200 | { |
| 203 | X509_ALGOR *keyfunc = NULL; | 201 | X509_ALGOR *keyfunc = NULL; |
| 204 | PBKDF2PARAM *kdf = NULL; | 202 | PBKDF2PARAM *kdf = NULL; |
| 205 | ASN1_OCTET_STRING *osalt = NULL; | 203 | ASN1_OCTET_STRING *osalt = NULL; |
| @@ -232,8 +230,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, | |||
| 232 | 230 | ||
| 233 | /* If have a key len set it up */ | 231 | /* If have a key len set it up */ |
| 234 | 232 | ||
| 235 | if(keylen > 0) | 233 | if(keylen > 0) { |
| 236 | { | ||
| 237 | if(!(kdf->keylength = M_ASN1_INTEGER_new())) | 234 | if(!(kdf->keylength = M_ASN1_INTEGER_new())) |
| 238 | goto merr; | 235 | goto merr; |
| 239 | if(!ASN1_INTEGER_set (kdf->keylength, keylen)) | 236 | if(!ASN1_INTEGER_set (kdf->keylength, keylen)) |
| @@ -241,14 +238,13 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, | |||
| 241 | } | 238 | } |
| 242 | 239 | ||
| 243 | /* prf can stay NULL if we are using hmacWithSHA1 */ | 240 | /* prf can stay NULL if we are using hmacWithSHA1 */ |
| 244 | if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) | 241 | if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) { |
| 245 | { | ||
| 246 | kdf->prf = X509_ALGOR_new(); | 242 | kdf->prf = X509_ALGOR_new(); |
| 247 | if (!kdf->prf) | 243 | if (!kdf->prf) |
| 248 | goto merr; | 244 | goto merr; |
| 249 | X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), | 245 | X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), |
| 250 | V_ASN1_NULL, NULL); | 246 | V_ASN1_NULL, NULL); |
| 251 | } | 247 | } |
| 252 | 248 | ||
| 253 | /* Finally setup the keyfunc structure */ | 249 | /* Finally setup the keyfunc structure */ |
| 254 | 250 | ||
| @@ -271,10 +267,10 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, | |||
| 271 | PBKDF2PARAM_free(kdf); | 267 | PBKDF2PARAM_free(kdf); |
| 272 | return keyfunc; | 268 | return keyfunc; |
| 273 | 269 | ||
| 274 | merr: | 270 | merr: |
| 275 | ASN1err(ASN1_F_PKCS5_PBKDF2_SET,ERR_R_MALLOC_FAILURE); | 271 | ASN1err(ASN1_F_PKCS5_PBKDF2_SET,ERR_R_MALLOC_FAILURE); |
| 276 | PBKDF2PARAM_free(kdf); | 272 | PBKDF2PARAM_free(kdf); |
| 277 | X509_ALGOR_free(keyfunc); | 273 | X509_ALGOR_free(keyfunc); |
| 278 | return NULL; | 274 | return NULL; |
| 279 | } | 275 | } |
| 280 | 276 | ||