1 files changed, 33 insertions, 56 deletions
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
index 975d004df4..334379f310 100644
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -62,7 +62,6 @@
 #include <openssl/x509.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
-#include "evp_locl.h"
 /* set this to print out info about the keygen algorithm */
 /* #define DEBUG_PKCS5V2 */
@@ -111,14 +110,10 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
                itmp[1] = (unsigned char)((i >> 16) & 0xff);
                itmp[2] = (unsigned char)((i >> 8) & 0xff);
                itmp[3] = (unsigned char)(i & 0xff);
-                if (!HMAC_Init_ex(&hctx, pass, passlen, digest, NULL)
+                HMAC_Init_ex(&hctx, pass, passlen, digest, NULL);
-                        || !HMAC_Update(&hctx, salt, saltlen)
+                HMAC_Update(&hctx, salt, saltlen);
-                        || !HMAC_Update(&hctx, itmp, 4)
+                HMAC_Update(&hctx, itmp, 4);
-                        || !HMAC_Final(&hctx, digtmp, NULL))
+                HMAC_Final(&hctx, digtmp, NULL);
-                        {
-                        HMAC_CTX_cleanup(&hctx);
-                        return 0;
-                        }
                memcpy(p, digtmp, cplen);
                for(j = 1; j < iter; j++)
                        {
@@ -173,24 +168,27 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                         ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md,
                         int en_de)
 {
+        unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
        const unsigned char *pbuf;
-        int plen;
+        int saltlen, iter, plen;
+        unsigned int keylen;
        PBE2PARAM *pbe2 = NULL;
        const EVP_CIPHER *cipher;
+        PBKDF2PARAM *kdf = NULL;
-        int rv = 0;
+        const EVP_MD *prfmd;
+        int prf_nid, hmac_md_nid;
        if (param == NULL || param->type != V_ASN1_SEQUENCE ||
            param->value.sequence == NULL) {
                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-                goto err;
+                return 0;
        }
        pbuf = param->value.sequence->data;
        plen = param->value.sequence->length;
        if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-                goto err;
+                return 0;
        }
        /* See if we recognise the key derivation function */
@@ -213,63 +211,38 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        }
        /* Fixup cipher based on AlgorithmIdentifier */
-        if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
+        EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de);
-                goto err;
        if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
                                        EVP_R_CIPHER_PARAMETER_ERROR);
                goto err;
        }
-        rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen,
-                                        pbe2->keyfunc->parameter, c, md, en_de);
-        err:
-        PBE2PARAM_free(pbe2);
-        return rv;
-}
-int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-                         ASN1_TYPE *param,
-                         const EVP_CIPHER *c, const EVP_MD *md, int en_de)
-{
-        unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
-        const unsigned char *pbuf;
-        int saltlen, iter, plen;
-        int rv = 0;
-        unsigned int keylen = 0;
-        int prf_nid, hmac_md_nid;
-        PBKDF2PARAM *kdf = NULL;
-        const EVP_MD *prfmd;
-        if (EVP_CIPHER_CTX_cipher(ctx) == NULL)
-                {
-                EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,EVP_R_NO_CIPHER_SET);
-                goto err;
-                }
        keylen = EVP_CIPHER_CTX_key_length(ctx);
        OPENSSL_assert(keylen <= sizeof key);
-        /* Decode parameter */
+        /* Now decode key derivation function */
-        if(!param || (param->type != V_ASN1_SEQUENCE))
+        if(!pbe2->keyfunc->parameter ||
+                 (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE))
                {
-                EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,EVP_R_DECODE_ERROR);
+                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
                goto err;
                }
-        pbuf = param->value.sequence->data;
+        pbuf = pbe2->keyfunc->parameter->value.sequence->data;
-        plen = param->value.sequence->length;
+        plen = pbe2->keyfunc->parameter->value.sequence->length;
        if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
-                EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,EVP_R_DECODE_ERROR);
+                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
                goto err;
        }
-        keylen = EVP_CIPHER_CTX_key_length(ctx);
+        PBE2PARAM_free(pbe2);
+        pbe2 = NULL;
        /* Now check the parameters of the kdf */
        if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){
-                EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,
+                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
                                                EVP_R_UNSUPPORTED_KEYLENGTH);
                goto err;
        }
@@ -281,19 +254,19 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0))
                {
-                EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
+                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
                goto err;
                }
        prfmd = EVP_get_digestbynid(hmac_md_nid);
        if (prfmd == NULL)
                {
-                EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
+                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
                goto err;
                }
        if(kdf->salt->type != V_ASN1_OCTET_STRING) {
-                EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,
+                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
                                                EVP_R_UNSUPPORTED_SALT_TYPE);
                goto err;
        }
@@ -305,11 +278,15 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        if(!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
                                                   keylen, key))
                goto err;
-        rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
+        EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
-        err:
        OPENSSL_cleanse(key, keylen);
        PBKDF2PARAM_free(kdf);
-        return rv;
+        return 1;
+        err:
+        PBE2PARAM_free(pbe2);
+        PBKDF2PARAM_free(kdf);
+        return 0;
 }
 #ifdef DEBUG_PKCS5V2

diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c index 975d004df4..334379f310 100644 --- a/src/lib/libcrypto/evp/p5_crpt2.c +++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -62,7 +62,6 @@
62	#include <openssl/x509.h>	62	#include <openssl/x509.h>
63	#include <openssl/evp.h>	63	#include <openssl/evp.h>
64	#include <openssl/hmac.h>	64	#include <openssl/hmac.h>
65	#include "evp_locl.h"
66		65
67	/* set this to print out info about the keygen algorithm */	66	/* set this to print out info about the keygen algorithm */
68	/* #define DEBUG_PKCS5V2 */	67	/* #define DEBUG_PKCS5V2 */
@@ -111,14 +110,10 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
111	itmp[1] = (unsigned char)((i >> 16) & 0xff);	110	itmp[1] = (unsigned char)((i >> 16) & 0xff);
112	itmp[2] = (unsigned char)((i >> 8) & 0xff);	111	itmp[2] = (unsigned char)((i >> 8) & 0xff);
113	itmp[3] = (unsigned char)(i & 0xff);	112	itmp[3] = (unsigned char)(i & 0xff);
114	if (!HMAC_Init_ex(&hctx, pass, passlen, digest, NULL)	113	HMAC_Init_ex(&hctx, pass, passlen, digest, NULL);
115	\|\| !HMAC_Update(&hctx, salt, saltlen)	114	HMAC_Update(&hctx, salt, saltlen);
116	\|\| !HMAC_Update(&hctx, itmp, 4)	115	HMAC_Update(&hctx, itmp, 4);
117	\|\| !HMAC_Final(&hctx, digtmp, NULL))	116	HMAC_Final(&hctx, digtmp, NULL);
118	{
119	HMAC_CTX_cleanup(&hctx);
120	return 0;
121	}
122	memcpy(p, digtmp, cplen);	117	memcpy(p, digtmp, cplen);
123	for(j = 1; j < iter; j++)	118	for(j = 1; j < iter; j++)
124	{	119	{
@@ -173,24 +168,27 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX ctx, const char pass, int passlen,
173	ASN1_TYPE param, const EVP_CIPHER c, const EVP_MD *md,	168	ASN1_TYPE param, const EVP_CIPHER c, const EVP_MD *md,
174	int en_de)	169	int en_de)
175	{	170	{
		171	unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
176	const unsigned char *pbuf;	172	const unsigned char *pbuf;
177	int plen;	173	int saltlen, iter, plen;
		174	unsigned int keylen;
178	PBE2PARAM *pbe2 = NULL;	175	PBE2PARAM *pbe2 = NULL;
179	const EVP_CIPHER *cipher;	176	const EVP_CIPHER *cipher;
180		177	PBKDF2PARAM *kdf = NULL;
181	int rv = 0;	178	const EVP_MD *prfmd;
		179	int prf_nid, hmac_md_nid;
182		180
183	if (param == NULL \|\| param->type != V_ASN1_SEQUENCE \|\|	181	if (param == NULL \|\| param->type != V_ASN1_SEQUENCE \|\|
184	param->value.sequence == NULL) {	182	param->value.sequence == NULL) {
185	EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);	183	EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
186	goto err;	184	return 0;
187	}	185	}
188		186
189	pbuf = param->value.sequence->data;	187	pbuf = param->value.sequence->data;
190	plen = param->value.sequence->length;	188	plen = param->value.sequence->length;
191	if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {	189	if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
192	EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);	190	EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
193	goto err;	191	return 0;
194	}	192	}
195		193
196	/* See if we recognise the key derivation function */	194	/* See if we recognise the key derivation function */
@@ -213,63 +211,38 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX ctx, const char pass, int passlen,
213	}	211	}
214		212
215	/* Fixup cipher based on AlgorithmIdentifier */	213	/* Fixup cipher based on AlgorithmIdentifier */
216	if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))	214	EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de);
217	goto err;
218	if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {	215	if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
219	EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,	216	EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
220	EVP_R_CIPHER_PARAMETER_ERROR);	217	EVP_R_CIPHER_PARAMETER_ERROR);
221	goto err;	218	goto err;
222	}	219	}
223	rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen,
224	pbe2->keyfunc->parameter, c, md, en_de);
225	err:
226	PBE2PARAM_free(pbe2);
227	return rv;
228	}
229
230	int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX ctx, const char pass, int passlen,
231	ASN1_TYPE *param,
232	const EVP_CIPHER c, const EVP_MD md, int en_de)
233	{
234	unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
235	const unsigned char *pbuf;
236	int saltlen, iter, plen;
237	int rv = 0;
238	unsigned int keylen = 0;
239	int prf_nid, hmac_md_nid;
240	PBKDF2PARAM *kdf = NULL;
241	const EVP_MD *prfmd;
242
243	if (EVP_CIPHER_CTX_cipher(ctx) == NULL)
244	{
245	EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,EVP_R_NO_CIPHER_SET);
246	goto err;
247	}
248	keylen = EVP_CIPHER_CTX_key_length(ctx);	220	keylen = EVP_CIPHER_CTX_key_length(ctx);
249	OPENSSL_assert(keylen <= sizeof key);	221	OPENSSL_assert(keylen <= sizeof key);
250		222
251	/* Decode parameter */	223	/* Now decode key derivation function */
252		224
253	if(!param \|\| (param->type != V_ASN1_SEQUENCE))	225	if(!pbe2->keyfunc->parameter \|\|
		226	(pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE))
254	{	227	{
255	EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,EVP_R_DECODE_ERROR);	228	EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
256	goto err;	229	goto err;
257	}	230	}
258		231
259	pbuf = param->value.sequence->data;	232	pbuf = pbe2->keyfunc->parameter->value.sequence->data;
260	plen = param->value.sequence->length;	233	plen = pbe2->keyfunc->parameter->value.sequence->length;
261
262	if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {	234	if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
263	EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,EVP_R_DECODE_ERROR);	235	EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
264	goto err;	236	goto err;
265	}	237	}
266		238
267	keylen = EVP_CIPHER_CTX_key_length(ctx);	239	PBE2PARAM_free(pbe2);
		240	pbe2 = NULL;
268		241
269	/* Now check the parameters of the kdf */	242	/* Now check the parameters of the kdf */
270		243
271	if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){	244	if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){
272	EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,	245	EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
273	EVP_R_UNSUPPORTED_KEYLENGTH);	246	EVP_R_UNSUPPORTED_KEYLENGTH);
274	goto err;	247	goto err;
275	}	248	}
@@ -281,19 +254,19 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX ctx, const char pass, int passlen,
281		254
282	if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0))	255	if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0))
283	{	256	{
284	EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);	257	EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
285	goto err;	258	goto err;
286	}	259	}
287		260
288	prfmd = EVP_get_digestbynid(hmac_md_nid);	261	prfmd = EVP_get_digestbynid(hmac_md_nid);
289	if (prfmd == NULL)	262	if (prfmd == NULL)
290	{	263	{
291	EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);	264	EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
292	goto err;	265	goto err;
293	}	266	}
294		267
295	if(kdf->salt->type != V_ASN1_OCTET_STRING) {	268	if(kdf->salt->type != V_ASN1_OCTET_STRING) {
296	EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,	269	EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
297	EVP_R_UNSUPPORTED_SALT_TYPE);	270	EVP_R_UNSUPPORTED_SALT_TYPE);
298	goto err;	271	goto err;
299	}	272	}
@@ -305,11 +278,15 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX ctx, const char pass, int passlen,
305	if(!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,	278	if(!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
306	keylen, key))	279	keylen, key))
307	goto err;	280	goto err;
308	rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);	281	EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
309	err:
310	OPENSSL_cleanse(key, keylen);	282	OPENSSL_cleanse(key, keylen);
311	PBKDF2PARAM_free(kdf);	283	PBKDF2PARAM_free(kdf);
312	return rv;	284	return 1;
		285
		286	err:
		287	PBE2PARAM_free(pbe2);
		288	PBKDF2PARAM_free(kdf);
		289	return 0;
313	}	290	}
314		291
315	#ifdef DEBUG_PKCS5V2	292	#ifdef DEBUG_PKCS5V2