diff options
Diffstat (limited to 'src/lib/libcrypto/evp/p5_crpt2.c')
| -rw-r--r-- | src/lib/libcrypto/evp/p5_crpt2.c | 36 |
1 files changed, 15 insertions, 21 deletions
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c index 44e8b331fb..4bef287706 100644 --- a/src/lib/libcrypto/evp/p5_crpt2.c +++ b/src/lib/libcrypto/evp/p5_crpt2.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p5_crpt2.c,v 1.22 2016/11/08 20:01:06 miod Exp $ */ | 1 | /* $OpenBSD: p5_crpt2.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -175,22 +175,21 @@ PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 175 | 175 | ||
| 176 | if (param == NULL || param->type != V_ASN1_SEQUENCE || | 176 | if (param == NULL || param->type != V_ASN1_SEQUENCE || |
| 177 | param->value.sequence == NULL) { | 177 | param->value.sequence == NULL) { |
| 178 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); | 178 | EVPerror(EVP_R_DECODE_ERROR); |
| 179 | goto err; | 179 | goto err; |
| 180 | } | 180 | } |
| 181 | 181 | ||
| 182 | pbuf = param->value.sequence->data; | 182 | pbuf = param->value.sequence->data; |
| 183 | plen = param->value.sequence->length; | 183 | plen = param->value.sequence->length; |
| 184 | if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { | 184 | if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { |
| 185 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); | 185 | EVPerror(EVP_R_DECODE_ERROR); |
| 186 | goto err; | 186 | goto err; |
| 187 | } | 187 | } |
| 188 | 188 | ||
| 189 | /* See if we recognise the key derivation function */ | 189 | /* See if we recognise the key derivation function */ |
| 190 | 190 | ||
| 191 | if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) { | 191 | if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) { |
| 192 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, | 192 | EVPerror(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); |
| 193 | EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); | ||
| 194 | goto err; | 193 | goto err; |
| 195 | } | 194 | } |
| 196 | 195 | ||
| @@ -200,8 +199,7 @@ PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 200 | cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm); | 199 | cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm); |
| 201 | 200 | ||
| 202 | if (!cipher) { | 201 | if (!cipher) { |
| 203 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, | 202 | EVPerror(EVP_R_UNSUPPORTED_CIPHER); |
| 204 | EVP_R_UNSUPPORTED_CIPHER); | ||
| 205 | goto err; | 203 | goto err; |
| 206 | } | 204 | } |
| 207 | 205 | ||
| @@ -209,8 +207,7 @@ PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 209 | if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de)) | 207 | if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de)) |
| 210 | goto err; | 208 | goto err; |
| 211 | if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { | 209 | if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { |
| 212 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, | 210 | EVPerror(EVP_R_CIPHER_PARAMETER_ERROR); |
| 213 | EVP_R_CIPHER_PARAMETER_ERROR); | ||
| 214 | goto err; | 211 | goto err; |
| 215 | } | 212 | } |
| 216 | rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen, | 213 | rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen, |
| @@ -235,19 +232,19 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 235 | const EVP_MD *prfmd; | 232 | const EVP_MD *prfmd; |
| 236 | 233 | ||
| 237 | if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { | 234 | if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { |
| 238 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_NO_CIPHER_SET); | 235 | EVPerror(EVP_R_NO_CIPHER_SET); |
| 239 | return 0; | 236 | return 0; |
| 240 | } | 237 | } |
| 241 | keylen = EVP_CIPHER_CTX_key_length(ctx); | 238 | keylen = EVP_CIPHER_CTX_key_length(ctx); |
| 242 | if (keylen > sizeof key) { | 239 | if (keylen > sizeof key) { |
| 243 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_BAD_KEY_LENGTH); | 240 | EVPerror(EVP_R_BAD_KEY_LENGTH); |
| 244 | return 0; | 241 | return 0; |
| 245 | } | 242 | } |
| 246 | 243 | ||
| 247 | /* Decode parameter */ | 244 | /* Decode parameter */ |
| 248 | 245 | ||
| 249 | if (!param || (param->type != V_ASN1_SEQUENCE)) { | 246 | if (!param || (param->type != V_ASN1_SEQUENCE)) { |
| 250 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); | 247 | EVPerror(EVP_R_DECODE_ERROR); |
| 251 | return 0; | 248 | return 0; |
| 252 | } | 249 | } |
| 253 | 250 | ||
| @@ -255,7 +252,7 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 255 | plen = param->value.sequence->length; | 252 | plen = param->value.sequence->length; |
| 256 | 253 | ||
| 257 | if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { | 254 | if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { |
| 258 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); | 255 | EVPerror(EVP_R_DECODE_ERROR); |
| 259 | return 0; | 256 | return 0; |
| 260 | } | 257 | } |
| 261 | 258 | ||
| @@ -263,8 +260,7 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 263 | 260 | ||
| 264 | if (kdf->keylength && | 261 | if (kdf->keylength && |
| 265 | (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ | 262 | (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ |
| 266 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, | 263 | EVPerror(EVP_R_UNSUPPORTED_KEYLENGTH); |
| 267 | EVP_R_UNSUPPORTED_KEYLENGTH); | ||
| 268 | goto err; | 264 | goto err; |
| 269 | } | 265 | } |
| 270 | 266 | ||
| @@ -274,19 +270,18 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 274 | prf_nid = NID_hmacWithSHA1; | 270 | prf_nid = NID_hmacWithSHA1; |
| 275 | 271 | ||
| 276 | if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) { | 272 | if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) { |
| 277 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); | 273 | EVPerror(EVP_R_UNSUPPORTED_PRF); |
| 278 | goto err; | 274 | goto err; |
| 279 | } | 275 | } |
| 280 | 276 | ||
| 281 | prfmd = EVP_get_digestbynid(hmac_md_nid); | 277 | prfmd = EVP_get_digestbynid(hmac_md_nid); |
| 282 | if (prfmd == NULL) { | 278 | if (prfmd == NULL) { |
| 283 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); | 279 | EVPerror(EVP_R_UNSUPPORTED_PRF); |
| 284 | goto err; | 280 | goto err; |
| 285 | } | 281 | } |
| 286 | 282 | ||
| 287 | if (kdf->salt->type != V_ASN1_OCTET_STRING) { | 283 | if (kdf->salt->type != V_ASN1_OCTET_STRING) { |
| 288 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, | 284 | EVPerror(EVP_R_UNSUPPORTED_SALT_TYPE); |
| 289 | EVP_R_UNSUPPORTED_SALT_TYPE); | ||
| 290 | goto err; | 285 | goto err; |
| 291 | } | 286 | } |
| 292 | 287 | ||
| @@ -294,8 +289,7 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 294 | salt = kdf->salt->value.octet_string->data; | 289 | salt = kdf->salt->value.octet_string->data; |
| 295 | saltlen = kdf->salt->value.octet_string->length; | 290 | saltlen = kdf->salt->value.octet_string->length; |
| 296 | if ((iter = ASN1_INTEGER_get(kdf->iter)) <= 0) { | 291 | if ((iter = ASN1_INTEGER_get(kdf->iter)) <= 0) { |
| 297 | EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, | 292 | EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); |
| 298 | EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); | ||
| 299 | goto err; | 293 | goto err; |
| 300 | } | 294 | } |
| 301 | if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd, | 295 | if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd, |