diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libcrypto/pkcs12/p12_key.c | 91 |
1 files changed, 50 insertions, 41 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c index 24c86b7fc8..ffa736a04f 100644 --- a/src/lib/libcrypto/pkcs12/p12_key.c +++ b/src/lib/libcrypto/pkcs12/p12_key.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p12_key.c,v 1.15 2014/06/12 15:49:30 deraadt Exp $ */ | 1 | /* $OpenBSD: p12_key.c,v 1.16 2014/07/08 09:24:53 jsing Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -10,7 +10,7 @@ | |||
| 10 | * are met: | 10 | * are met: |
| 11 | * | 11 | * |
| 12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. |
| 14 | * | 14 | * |
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | 15 | * 2. Redistributions in binary form must reproduce the above copyright |
| 16 | * notice, this list of conditions and the following disclaimer in | 16 | * notice, this list of conditions and the following disclaimer in |
| @@ -74,35 +74,37 @@ void h__dump (unsigned char *p, int len); | |||
| 74 | #define min(a,b) ((a) < (b) ? (a) : (b)) | 74 | #define min(a,b) ((a) < (b) ? (a) : (b)) |
| 75 | #endif | 75 | #endif |
| 76 | 76 | ||
| 77 | int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, | 77 | int |
| 78 | int saltlen, int id, int iter, int n, unsigned char *out, | 78 | PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, |
| 79 | const EVP_MD *md_type) | 79 | int saltlen, int id, int iter, int n, unsigned char *out, |
| 80 | const EVP_MD *md_type) | ||
| 80 | { | 81 | { |
| 81 | int ret; | 82 | int ret; |
| 82 | unsigned char *unipass; | 83 | unsigned char *unipass; |
| 83 | int uniplen; | 84 | int uniplen; |
| 84 | 85 | ||
| 85 | if(!pass) { | 86 | if (!pass) { |
| 86 | unipass = NULL; | 87 | unipass = NULL; |
| 87 | uniplen = 0; | 88 | uniplen = 0; |
| 88 | } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) { | 89 | } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) { |
| 89 | PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE); | 90 | PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC, ERR_R_MALLOC_FAILURE); |
| 90 | return 0; | 91 | return 0; |
| 91 | } | 92 | } |
| 92 | ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, | 93 | ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, |
| 93 | id, iter, n, out, md_type); | 94 | id, iter, n, out, md_type); |
| 94 | if (ret <= 0) | 95 | if (ret <= 0) |
| 95 | return 0; | 96 | return 0; |
| 96 | if(unipass) { | 97 | if (unipass) { |
| 97 | OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */ | 98 | OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */ |
| 98 | free(unipass); | 99 | free(unipass); |
| 99 | } | 100 | } |
| 100 | return ret; | 101 | return ret; |
| 101 | } | 102 | } |
| 102 | 103 | ||
| 103 | int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, | 104 | int |
| 104 | int saltlen, int id, int iter, int n, unsigned char *out, | 105 | PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, |
| 105 | const EVP_MD *md_type) | 106 | int saltlen, int id, int iter, int n, unsigned char *out, |
| 107 | const EVP_MD *md_type) | ||
| 106 | { | 108 | { |
| 107 | unsigned char *B, *D, *I, *p, *Ai; | 109 | unsigned char *B, *D, *I, *p, *Ai; |
| 108 | int Slen, Plen, Ilen, Ijlen; | 110 | int Slen, Plen, Ilen, Ijlen; |
| @@ -117,7 +119,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, | |||
| 117 | 119 | ||
| 118 | #if 0 | 120 | #if 0 |
| 119 | if (!pass) { | 121 | if (!pass) { |
| 120 | PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER); | 122 | PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_PASSED_NULL_PARAMETER); |
| 121 | return 0; | 123 | return 0; |
| 122 | } | 124 | } |
| 123 | #endif | 125 | #endif |
| @@ -131,37 +133,42 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, | |||
| 131 | fprintf(stderr, "Salt (length %d):\n", saltlen); | 133 | fprintf(stderr, "Salt (length %d):\n", saltlen); |
| 132 | h__dump(salt, saltlen); | 134 | h__dump(salt, saltlen); |
| 133 | #endif | 135 | #endif |
| 134 | v = EVP_MD_block_size (md_type); | 136 | v = EVP_MD_block_size(md_type); |
| 135 | u = EVP_MD_size (md_type); | 137 | u = EVP_MD_size(md_type); |
| 136 | if (u < 0) | 138 | if (u < 0) |
| 137 | return 0; | 139 | return 0; |
| 138 | D = malloc (v); | 140 | D = malloc(v); |
| 139 | Ai = malloc (u); | 141 | Ai = malloc(u); |
| 140 | B = malloc (v + 1); | 142 | B = malloc(v + 1); |
| 141 | Slen = v * ((saltlen+v-1)/v); | 143 | Slen = v * ((saltlen + v - 1) / v); |
| 142 | if(passlen) Plen = v * ((passlen+v-1)/v); | 144 | if (passlen) |
| 143 | else Plen = 0; | 145 | Plen = v * ((passlen + v - 1)/v); |
| 146 | else | ||
| 147 | Plen = 0; | ||
| 144 | Ilen = Slen + Plen; | 148 | Ilen = Slen + Plen; |
| 145 | I = malloc (Ilen); | 149 | I = malloc(Ilen); |
| 146 | Ij = BN_new(); | 150 | Ij = BN_new(); |
| 147 | Bpl1 = BN_new(); | 151 | Bpl1 = BN_new(); |
| 148 | if (!D || !Ai || !B || !I || !Ij || !Bpl1) | 152 | if (!D || !Ai || !B || !I || !Ij || !Bpl1) |
| 149 | goto err; | 153 | goto err; |
| 150 | for (i = 0; i < v; i++) D[i] = id; | 154 | for (i = 0; i < v; i++) |
| 155 | D[i] = id; | ||
| 151 | p = I; | 156 | p = I; |
| 152 | for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen]; | 157 | for (i = 0; i < Slen; i++) |
| 153 | for (i = 0; i < Plen; i++) *p++ = pass[i % passlen]; | 158 | *p++ = salt[i % saltlen]; |
| 159 | for (i = 0; i < Plen; i++) | ||
| 160 | *p++ = pass[i % passlen]; | ||
| 154 | for (;;) { | 161 | for (;;) { |
| 155 | if (!EVP_DigestInit_ex(&ctx, md_type, NULL) | 162 | if (!EVP_DigestInit_ex(&ctx, md_type, NULL) || |
| 156 | || !EVP_DigestUpdate(&ctx, D, v) | 163 | !EVP_DigestUpdate(&ctx, D, v) || |
| 157 | || !EVP_DigestUpdate(&ctx, I, Ilen) | 164 | !EVP_DigestUpdate(&ctx, I, Ilen) || |
| 158 | || !EVP_DigestFinal_ex(&ctx, Ai, NULL)) | 165 | !EVP_DigestFinal_ex(&ctx, Ai, NULL)) |
| 159 | goto err; | 166 | goto err; |
| 160 | for (j = 1; j < iter; j++) { | 167 | for (j = 1; j < iter; j++) { |
| 161 | if (!EVP_DigestInit_ex(&ctx, md_type, NULL) | 168 | if (!EVP_DigestInit_ex(&ctx, md_type, NULL) || |
| 162 | || !EVP_DigestUpdate(&ctx, Ai, u) | 169 | !EVP_DigestUpdate(&ctx, Ai, u) || |
| 163 | || !EVP_DigestFinal_ex(&ctx, Ai, NULL)) | 170 | !EVP_DigestFinal_ex(&ctx, Ai, NULL)) |
| 164 | goto err; | 171 | goto err; |
| 165 | } | 172 | } |
| 166 | memcpy (out, Ai, min (n, u)); | 173 | memcpy (out, Ai, min (n, u)); |
| 167 | if (u >= n) { | 174 | if (u >= n) { |
| @@ -174,13 +181,14 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, | |||
| 174 | } | 181 | } |
| 175 | n -= u; | 182 | n -= u; |
| 176 | out += u; | 183 | out += u; |
| 177 | for (j = 0; j < v; j++) B[j] = Ai[j % u]; | 184 | for (j = 0; j < v; j++) |
| 185 | B[j] = Ai[j % u]; | ||
| 178 | /* Work out B + 1 first then can use B as tmp space */ | 186 | /* Work out B + 1 first then can use B as tmp space */ |
| 179 | if (!BN_bin2bn (B, v, Bpl1)) | 187 | if (!BN_bin2bn (B, v, Bpl1)) |
| 180 | goto err; | 188 | goto err; |
| 181 | if (!BN_add_word (Bpl1, 1)) | 189 | if (!BN_add_word (Bpl1, 1)) |
| 182 | goto err; | 190 | goto err; |
| 183 | for (j = 0; j < Ilen ; j+=v) { | 191 | for (j = 0; j < Ilen; j += v) { |
| 184 | if (!BN_bin2bn(I + j, v, Ij)) | 192 | if (!BN_bin2bn(I + j, v, Ij)) |
| 185 | goto err; | 193 | goto err; |
| 186 | if (!BN_add(Ij, Ij, Bpl1)) | 194 | if (!BN_add(Ij, Ij, Bpl1)) |
| @@ -194,7 +202,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, | |||
| 194 | goto err; | 202 | goto err; |
| 195 | memcpy (I + j, B + 1, v); | 203 | memcpy (I + j, B + 1, v); |
| 196 | #ifndef PKCS12_BROKEN_KEYGEN | 204 | #ifndef PKCS12_BROKEN_KEYGEN |
| 197 | /* If less than v bytes pad with zeroes */ | 205 | /* If less than v bytes pad with zeroes */ |
| 198 | } else if (Ijlen < v) { | 206 | } else if (Ijlen < v) { |
| 199 | memset(I + j, 0, v - Ijlen); | 207 | memset(I + j, 0, v - Ijlen); |
| 200 | if (!BN_bn2bin(Ij, I + j + v - Ijlen)) | 208 | if (!BN_bn2bin(Ij, I + j + v - Ijlen)) |
| @@ -206,7 +214,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, | |||
| 206 | } | 214 | } |
| 207 | 215 | ||
| 208 | err: | 216 | err: |
| 209 | PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE); | 217 | PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_MALLOC_FAILURE); |
| 210 | 218 | ||
| 211 | end: | 219 | end: |
| 212 | free (Ai); | 220 | free (Ai); |
| @@ -221,7 +229,8 @@ end: | |||
| 221 | #ifdef DEBUG_KEYGEN | 229 | #ifdef DEBUG_KEYGEN |
| 222 | void h__dump (unsigned char *p, int len) | 230 | void h__dump (unsigned char *p, int len) |
| 223 | { | 231 | { |
| 224 | for (; len --; p++) fprintf(stderr, "%02X", *p); | 232 | for (; len --; p++) |
| 225 | fprintf(stderr, "\n"); | 233 | fprintf(stderr, "%02X", *p); |
| 234 | fprintf(stderr, "\n"); | ||
| 226 | } | 235 | } |
| 227 | #endif | 236 | #endif |