diff options
Diffstat (limited to 'src/lib/libcrypto/evp/p5_crpt.c')
| -rw-r--r-- | src/lib/libcrypto/evp/p5_crpt.c | 33 |
1 files changed, 22 insertions, 11 deletions
diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c index 7ecfa8dad9..294cc90d87 100644 --- a/src/lib/libcrypto/evp/p5_crpt.c +++ b/src/lib/libcrypto/evp/p5_crpt.c | |||
| @@ -82,6 +82,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, | |||
| 82 | unsigned char *salt; | 82 | unsigned char *salt; |
| 83 | const unsigned char *pbuf; | 83 | const unsigned char *pbuf; |
| 84 | int mdsize; | 84 | int mdsize; |
| 85 | int rv = 0; | ||
| 86 | EVP_MD_CTX_init(&ctx); | ||
| 85 | 87 | ||
| 86 | /* Extract useful info from parameter */ | 88 | /* Extract useful info from parameter */ |
| 87 | if (param == NULL || param->type != V_ASN1_SEQUENCE || | 89 | if (param == NULL || param->type != V_ASN1_SEQUENCE || |
| @@ -104,29 +106,38 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, | |||
| 104 | if(!pass) passlen = 0; | 106 | if(!pass) passlen = 0; |
| 105 | else if(passlen == -1) passlen = strlen(pass); | 107 | else if(passlen == -1) passlen = strlen(pass); |
| 106 | 108 | ||
| 107 | EVP_MD_CTX_init(&ctx); | 109 | if (!EVP_DigestInit_ex(&ctx, md, NULL)) |
| 108 | EVP_DigestInit_ex(&ctx, md, NULL); | 110 | goto err; |
| 109 | EVP_DigestUpdate(&ctx, pass, passlen); | 111 | if (!EVP_DigestUpdate(&ctx, pass, passlen)) |
| 110 | EVP_DigestUpdate(&ctx, salt, saltlen); | 112 | goto err; |
| 113 | if (!EVP_DigestUpdate(&ctx, salt, saltlen)) | ||
| 114 | goto err; | ||
| 111 | PBEPARAM_free(pbe); | 115 | PBEPARAM_free(pbe); |
| 112 | EVP_DigestFinal_ex(&ctx, md_tmp, NULL); | 116 | if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) |
| 117 | goto err; | ||
| 113 | mdsize = EVP_MD_size(md); | 118 | mdsize = EVP_MD_size(md); |
| 114 | if (mdsize < 0) | 119 | if (mdsize < 0) |
| 115 | return 0; | 120 | return 0; |
| 116 | for (i = 1; i < iter; i++) { | 121 | for (i = 1; i < iter; i++) { |
| 117 | EVP_DigestInit_ex(&ctx, md, NULL); | 122 | if (!EVP_DigestInit_ex(&ctx, md, NULL)) |
| 118 | EVP_DigestUpdate(&ctx, md_tmp, mdsize); | 123 | goto err; |
| 119 | EVP_DigestFinal_ex (&ctx, md_tmp, NULL); | 124 | if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize)) |
| 125 | goto err; | ||
| 126 | if (!EVP_DigestFinal_ex (&ctx, md_tmp, NULL)) | ||
| 127 | goto err; | ||
| 120 | } | 128 | } |
| 121 | EVP_MD_CTX_cleanup(&ctx); | ||
| 122 | OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); | 129 | OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); |
| 123 | memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); | 130 | memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); |
| 124 | OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); | 131 | OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); |
| 125 | memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), | 132 | memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), |
| 126 | EVP_CIPHER_iv_length(cipher)); | 133 | EVP_CIPHER_iv_length(cipher)); |
| 127 | EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de); | 134 | if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) |
| 135 | goto err; | ||
| 128 | OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); | 136 | OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); |
| 129 | OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); | 137 | OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); |
| 130 | OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); | 138 | OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); |
| 131 | return 1; | 139 | rv = 1; |
| 140 | err: | ||
| 141 | EVP_MD_CTX_cleanup(&ctx); | ||
| 142 | return rv; | ||
| 132 | } | 143 | } |