diff options
Diffstat (limited to 'src/lib/libcrypto/evp/p5_crpt2.c')
| -rw-r--r-- | src/lib/libcrypto/evp/p5_crpt2.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c index 1d5fabc4b2..c969d5a206 100644 --- a/src/lib/libcrypto/evp/p5_crpt2.c +++ b/src/lib/libcrypto/evp/p5_crpt2.c | |||
| @@ -55,10 +55,10 @@ | |||
| 55 | * Hudson (tjh@cryptsoft.com). | 55 | * Hudson (tjh@cryptsoft.com). |
| 56 | * | 56 | * |
| 57 | */ | 57 | */ |
| 58 | #if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) | ||
| 59 | #include <stdio.h> | 58 | #include <stdio.h> |
| 60 | #include <stdlib.h> | 59 | #include <stdlib.h> |
| 61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) | ||
| 62 | #include <openssl/x509.h> | 62 | #include <openssl/x509.h> |
| 63 | #include <openssl/evp.h> | 63 | #include <openssl/evp.h> |
| 64 | #include <openssl/hmac.h> | 64 | #include <openssl/hmac.h> |
| @@ -77,7 +77,7 @@ | |||
| 77 | */ | 77 | */ |
| 78 | 78 | ||
| 79 | int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, | 79 | int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, |
| 80 | unsigned char *salt, int saltlen, int iter, | 80 | const unsigned char *salt, int saltlen, int iter, |
| 81 | int keylen, unsigned char *out) | 81 | int keylen, unsigned char *out) |
| 82 | { | 82 | { |
| 83 | unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; | 83 | unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; |
| @@ -148,16 +148,23 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 148 | ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, | 148 | ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, |
| 149 | int en_de) | 149 | int en_de) |
| 150 | { | 150 | { |
| 151 | unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH]; | 151 | unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; |
| 152 | int saltlen, keylen, iter, plen; | 152 | const unsigned char *pbuf; |
| 153 | int saltlen, iter, plen; | ||
| 154 | unsigned int keylen; | ||
| 153 | PBE2PARAM *pbe2 = NULL; | 155 | PBE2PARAM *pbe2 = NULL; |
| 154 | const EVP_CIPHER *cipher; | 156 | const EVP_CIPHER *cipher; |
| 155 | PBKDF2PARAM *kdf = NULL; | 157 | PBKDF2PARAM *kdf = NULL; |
| 156 | 158 | ||
| 159 | if (param == NULL || param->type != V_ASN1_SEQUENCE || | ||
| 160 | param->value.sequence == NULL) { | ||
| 161 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); | ||
| 162 | return 0; | ||
| 163 | } | ||
| 164 | |||
| 157 | pbuf = param->value.sequence->data; | 165 | pbuf = param->value.sequence->data; |
| 158 | plen = param->value.sequence->length; | 166 | plen = param->value.sequence->length; |
| 159 | if(!param || (param->type != V_ASN1_SEQUENCE) || | 167 | if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { |
| 160 | !(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { | ||
| 161 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); | 168 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); |
| 162 | return 0; | 169 | return 0; |
| 163 | } | 170 | } |
| @@ -213,7 +220,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 213 | 220 | ||
| 214 | /* Now check the parameters of the kdf */ | 221 | /* Now check the parameters of the kdf */ |
| 215 | 222 | ||
| 216 | if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != keylen)){ | 223 | if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ |
| 217 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, | 224 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, |
| 218 | EVP_R_UNSUPPORTED_KEYLENGTH); | 225 | EVP_R_UNSUPPORTED_KEYLENGTH); |
| 219 | goto err; | 226 | goto err; |