diff options
Diffstat (limited to 'src/lib/libcrypto/evp/p5_crpt.c')
| -rw-r--r-- | src/lib/libcrypto/evp/p5_crpt.c | 33 |
1 files changed, 11 insertions, 22 deletions
diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c index 294cc90d87..7ecfa8dad9 100644 --- a/src/lib/libcrypto/evp/p5_crpt.c +++ b/src/lib/libcrypto/evp/p5_crpt.c | |||
| @@ -82,8 +82,6 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, | |||
| 82 | unsigned char *salt; | 82 | unsigned char *salt; |
| 83 | const unsigned char *pbuf; | 83 | const unsigned char *pbuf; |
| 84 | int mdsize; | 84 | int mdsize; |
| 85 | int rv = 0; | ||
| 86 | EVP_MD_CTX_init(&ctx); | ||
| 87 | 85 | ||
| 88 | /* Extract useful info from parameter */ | 86 | /* Extract useful info from parameter */ |
| 89 | if (param == NULL || param->type != V_ASN1_SEQUENCE || | 87 | if (param == NULL || param->type != V_ASN1_SEQUENCE || |
| @@ -106,38 +104,29 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, | |||
| 106 | if(!pass) passlen = 0; | 104 | if(!pass) passlen = 0; |
| 107 | else if(passlen == -1) passlen = strlen(pass); | 105 | else if(passlen == -1) passlen = strlen(pass); |
| 108 | 106 | ||
| 109 | if (!EVP_DigestInit_ex(&ctx, md, NULL)) | 107 | EVP_MD_CTX_init(&ctx); |
| 110 | goto err; | 108 | EVP_DigestInit_ex(&ctx, md, NULL); |
| 111 | if (!EVP_DigestUpdate(&ctx, pass, passlen)) | 109 | EVP_DigestUpdate(&ctx, pass, passlen); |
| 112 | goto err; | 110 | EVP_DigestUpdate(&ctx, salt, saltlen); |
| 113 | if (!EVP_DigestUpdate(&ctx, salt, saltlen)) | ||
| 114 | goto err; | ||
| 115 | PBEPARAM_free(pbe); | 111 | PBEPARAM_free(pbe); |
| 116 | if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) | 112 | EVP_DigestFinal_ex(&ctx, md_tmp, NULL); |
| 117 | goto err; | ||
| 118 | mdsize = EVP_MD_size(md); | 113 | mdsize = EVP_MD_size(md); |
| 119 | if (mdsize < 0) | 114 | if (mdsize < 0) |
| 120 | return 0; | 115 | return 0; |
| 121 | for (i = 1; i < iter; i++) { | 116 | for (i = 1; i < iter; i++) { |
| 122 | if (!EVP_DigestInit_ex(&ctx, md, NULL)) | 117 | EVP_DigestInit_ex(&ctx, md, NULL); |
| 123 | goto err; | 118 | EVP_DigestUpdate(&ctx, md_tmp, mdsize); |
| 124 | if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize)) | 119 | EVP_DigestFinal_ex (&ctx, md_tmp, NULL); |
| 125 | goto err; | ||
| 126 | if (!EVP_DigestFinal_ex (&ctx, md_tmp, NULL)) | ||
| 127 | goto err; | ||
| 128 | } | 120 | } |
| 121 | EVP_MD_CTX_cleanup(&ctx); | ||
| 129 | OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); | 122 | OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); |
| 130 | memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); | 123 | memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); |
| 131 | OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); | 124 | OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); |
| 132 | memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), | 125 | memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), |
| 133 | EVP_CIPHER_iv_length(cipher)); | 126 | EVP_CIPHER_iv_length(cipher)); |
| 134 | if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) | 127 | EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de); |
| 135 | goto err; | ||
| 136 | OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); | 128 | OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); |
| 137 | OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); | 129 | OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); |
| 138 | OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); | 130 | OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); |
| 139 | rv = 1; | 131 | return 1; |
| 140 | err: | ||
| 141 | EVP_MD_CTX_cleanup(&ctx); | ||
| 142 | return rv; | ||
| 143 | } | 132 | } |