summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pem/pvkfmt.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/pem/pvkfmt.c58
1 files changed, 35 insertions, 23 deletions
diff --git a/src/lib/libcrypto/pem/pvkfmt.c b/src/lib/libcrypto/pem/pvkfmt.c
index 5f130c4528..b1bf71a5da 100644
--- a/src/lib/libcrypto/pem/pvkfmt.c
+++ b/src/lib/libcrypto/pem/pvkfmt.c
@@ -709,13 +709,16 @@ static int derive_pvk_key(unsigned char *key,
709 const unsigned char *pass, int passlen) 709 const unsigned char *pass, int passlen)
710 { 710 {
711 EVP_MD_CTX mctx; 711 EVP_MD_CTX mctx;
712 int rv = 1;
712 EVP_MD_CTX_init(&mctx); 713 EVP_MD_CTX_init(&mctx);
713 EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL); 714 if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)
714 EVP_DigestUpdate(&mctx, salt, saltlen); 715 || !EVP_DigestUpdate(&mctx, salt, saltlen)
715 EVP_DigestUpdate(&mctx, pass, passlen); 716 || !EVP_DigestUpdate(&mctx, pass, passlen)
716 EVP_DigestFinal_ex(&mctx, key, NULL); 717 || !EVP_DigestFinal_ex(&mctx, key, NULL))
718 rv = 0;
719
717 EVP_MD_CTX_cleanup(&mctx); 720 EVP_MD_CTX_cleanup(&mctx);
718 return 1; 721 return rv;
719 } 722 }
720 723
721 724
@@ -727,11 +730,12 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
727 const unsigned char *p = *in; 730 const unsigned char *p = *in;
728 unsigned int magic; 731 unsigned int magic;
729 unsigned char *enctmp = NULL, *q; 732 unsigned char *enctmp = NULL, *q;
733 EVP_CIPHER_CTX cctx;
734 EVP_CIPHER_CTX_init(&cctx);
730 if (saltlen) 735 if (saltlen)
731 { 736 {
732 char psbuf[PEM_BUFSIZE]; 737 char psbuf[PEM_BUFSIZE];
733 unsigned char keybuf[20]; 738 unsigned char keybuf[20];
734 EVP_CIPHER_CTX cctx;
735 int enctmplen, inlen; 739 int enctmplen, inlen;
736 if (cb) 740 if (cb)
737 inlen=cb(psbuf,PEM_BUFSIZE,0,u); 741 inlen=cb(psbuf,PEM_BUFSIZE,0,u);
@@ -757,37 +761,41 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
757 p += 8; 761 p += 8;
758 inlen = keylen - 8; 762 inlen = keylen - 8;
759 q = enctmp + 8; 763 q = enctmp + 8;
760 EVP_CIPHER_CTX_init(&cctx); 764 if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
761 EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL); 765 goto err;
762 EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen); 766 if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
763 EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen); 767 goto err;
768 if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
769 goto err;
764 magic = read_ledword((const unsigned char **)&q); 770 magic = read_ledword((const unsigned char **)&q);
765 if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) 771 if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC)
766 { 772 {
767 q = enctmp + 8; 773 q = enctmp + 8;
768 memset(keybuf + 5, 0, 11); 774 memset(keybuf + 5, 0, 11);
769 EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, 775 if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf,
770 NULL); 776 NULL))
777 goto err;
771 OPENSSL_cleanse(keybuf, 20); 778 OPENSSL_cleanse(keybuf, 20);
772 EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen); 779 if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
773 EVP_DecryptFinal_ex(&cctx, q + enctmplen, 780 goto err;
774 &enctmplen); 781 if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen,
782 &enctmplen))
783 goto err;
775 magic = read_ledword((const unsigned char **)&q); 784 magic = read_ledword((const unsigned char **)&q);
776 if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) 785 if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC)
777 { 786 {
778 EVP_CIPHER_CTX_cleanup(&cctx);
779 PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT); 787 PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
780 goto err; 788 goto err;
781 } 789 }
782 } 790 }
783 else 791 else
784 OPENSSL_cleanse(keybuf, 20); 792 OPENSSL_cleanse(keybuf, 20);
785 EVP_CIPHER_CTX_cleanup(&cctx);
786 p = enctmp; 793 p = enctmp;
787 } 794 }
788 795
789 ret = b2i_PrivateKey(&p, keylen); 796 ret = b2i_PrivateKey(&p, keylen);
790 err: 797 err:
798 EVP_CIPHER_CTX_cleanup(&cctx);
791 if (enctmp && saltlen) 799 if (enctmp && saltlen)
792 OPENSSL_free(enctmp); 800 OPENSSL_free(enctmp);
793 return ret; 801 return ret;
@@ -841,6 +849,8 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
841 { 849 {
842 int outlen = 24, pklen; 850 int outlen = 24, pklen;
843 unsigned char *p, *salt = NULL; 851 unsigned char *p, *salt = NULL;
852 EVP_CIPHER_CTX cctx;
853 EVP_CIPHER_CTX_init(&cctx);
844 if (enclevel) 854 if (enclevel)
845 outlen += PVK_SALTLEN; 855 outlen += PVK_SALTLEN;
846 pklen = do_i2b(NULL, pk, 0); 856 pklen = do_i2b(NULL, pk, 0);
@@ -885,7 +895,6 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
885 { 895 {
886 char psbuf[PEM_BUFSIZE]; 896 char psbuf[PEM_BUFSIZE];
887 unsigned char keybuf[20]; 897 unsigned char keybuf[20];
888 EVP_CIPHER_CTX cctx;
889 int enctmplen, inlen; 898 int enctmplen, inlen;
890 if (cb) 899 if (cb)
891 inlen=cb(psbuf,PEM_BUFSIZE,1,u); 900 inlen=cb(psbuf,PEM_BUFSIZE,1,u);
@@ -902,16 +911,19 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
902 if (enclevel == 1) 911 if (enclevel == 1)
903 memset(keybuf + 5, 0, 11); 912 memset(keybuf + 5, 0, 11);
904 p = salt + PVK_SALTLEN + 8; 913 p = salt + PVK_SALTLEN + 8;
905 EVP_CIPHER_CTX_init(&cctx); 914 if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
906 EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL); 915 goto error;
907 OPENSSL_cleanse(keybuf, 20); 916 OPENSSL_cleanse(keybuf, 20);
908 EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8); 917 if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8))
909 EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen); 918 goto error;
910 EVP_CIPHER_CTX_cleanup(&cctx); 919 if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen))
920 goto error;
911 } 921 }
922 EVP_CIPHER_CTX_cleanup(&cctx);
912 return outlen; 923 return outlen;
913 924
914 error: 925 error:
926 EVP_CIPHER_CTX_cleanup(&cctx);
915 return -1; 927 return -1;
916 } 928 }
917 929
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 05:16:28 +0000