openssl/crypto/evp/evp_key.c

/*
 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/x509.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/ui.h>

#ifndef BUFSIZ
# define BUFSIZ 256
#endif

/* should be init to zeros. */
static char prompt_string[80];

void EVP_set_pw_prompt(const char *prompt)
{
    if (prompt == NULL)
        prompt_string[0] = '\0';
    else {
        strncpy(prompt_string, prompt, 79);
        prompt_string[79] = '\0';
    }
}

char *EVP_get_pw_prompt(void)
{
    if (prompt_string[0] == '\0')
        return NULL;
    else
        return prompt_string;
}

/*
 * For historical reasons, the standard function for reading passwords is in
 * the DES library -- if someone ever wants to disable DES, this function
 * will fail
 */
int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
{
    return EVP_read_pw_string_min(buf, 0, len, prompt, verify);
}

int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
                           int verify)
{
    int ret = -1;
    char buff[BUFSIZ];
    UI *ui;

    if ((prompt == NULL) && (prompt_string[0] != '\0'))
        prompt = prompt_string;
    ui = UI_new();
    if (ui == NULL)
        return ret;
    if (UI_add_input_string(ui, prompt, 0, buf, min,
                            (len >= BUFSIZ) ? BUFSIZ - 1 : len) < 0
        || (verify
            && UI_add_verify_string(ui, prompt, 0, buff, min,
                                    (len >= BUFSIZ) ? BUFSIZ - 1 : len,
                                    buf) < 0))
        goto end;
    ret = UI_process(ui);
    OPENSSL_cleanse(buff, BUFSIZ);
 end:
    UI_free(ui);
    return ret;
}

int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
                   const unsigned char *salt, const unsigned char *data,
                   int datal, int count, unsigned char *key,
                   unsigned char *iv)
{
    EVP_MD_CTX *c;
    unsigned char md_buf[EVP_MAX_MD_SIZE];
    int niv, nkey, addmd = 0;
    unsigned int mds = 0, i;
    int rv = 0;
    nkey = EVP_CIPHER_get_key_length(type);
    niv = EVP_CIPHER_get_iv_length(type);
    OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
    OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);

    if (data == NULL)
        return nkey;

    c = EVP_MD_CTX_new();
    if (c == NULL)
        goto err;
    for (;;) {
        if (!EVP_DigestInit_ex(c, md, NULL))
            goto err;
        if (addmd++)
            if (!EVP_DigestUpdate(c, &(md_buf[0]), mds))
                goto err;
        if (!EVP_DigestUpdate(c, data, datal))
            goto err;
        if (salt != NULL)
            if (!EVP_DigestUpdate(c, salt, PKCS5_SALT_LEN))
                goto err;
        if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds))
            goto err;

        for (i = 1; i < (unsigned int)count; i++) {
            if (!EVP_DigestInit_ex(c, md, NULL))
                goto err;
            if (!EVP_DigestUpdate(c, &(md_buf[0]), mds))
                goto err;
            if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds))
                goto err;
        }
        i = 0;
        if (nkey) {
            for (;;) {
                if (nkey == 0)
                    break;
                if (i == mds)
                    break;
                if (key != NULL)
                    *(key++) = md_buf[i];
                nkey--;
                i++;
            }
        }
        if (niv && (i != mds)) {
            for (;;) {
                if (niv == 0)
                    break;
                if (i == mds)
                    break;
                if (iv != NULL)
                    *(iv++) = md_buf[i];
                niv--;
                i++;
            }
        }
        if ((nkey == 0) && (niv == 0))
            break;
    }
    rv = EVP_CIPHER_get_key_length(type);
 err:
    EVP_MD_CTX_free(c);
    OPENSSL_cleanse(md_buf, sizeof(md_buf));
    return rv;
}
Copyright consolidation 04/10 Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 02:24:46 +08:00			`/*`
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15801) 2021-06-17 20:24:59 +08:00			`* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`*`
Following the license change, modify the boilerplates in crypto/evp/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7794) 2018-12-06 20:40:06 +08:00			`* Licensed under the Apache License 2.0 (the "License"). You may not use`
Copyright consolidation 04/10 Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 02:24:46 +08:00			`* this file except in compliance with the License. You can obtain a copy`
			`* in the file LICENSE in the source distribution or at`
			`* https://www.openssl.org/source/license.html`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00			`*/`

			`#include <stdio.h>`
Identify and move common internal libcrypto header files There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: Rich Salz <rsalz@openssl.org> 2015-05-14 22:56:48 +08:00			`#include "internal/cryptlib.h"`
Change #include filenames from <foo.h> to <openssl.h>. Submitted by: Reviewed by: PR: 1999-04-24 06:13:45 +08:00			`#include <openssl/x509.h>`
			`#include <openssl/objects.h>`
			`#include <openssl/evp.h>`
Add a general user interface API. This is designed to replace things like des_read_password and friends (backward compatibility functions using this new API are provided). The purpose is to remove prompting functions from the DES code section as well as provide for prompting through dialog boxes in a window system and the like. 2001-05-07 07:19:37 +08:00			`#include <openssl/ui.h>`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00
crypto/evp/evp_key.c: #define BUFSIZ if <stdio.h> doesn't #define it CLA: trivial Fixes #8904 Commit 48feaceb53fa ("Remove the possibility to disable the UI module entirely", 2017-07-03) made the BUFSIZ references in "evp_key.c" unconditional, by deleting the preprocessing directive "#ifndef OPENSSL_NO_UI". This breaks the build when compiling OpenSSL for edk2 (OPENSSL_SYS_UEFI), because edk2's <stdio.h> doesn't #define BUFSIZ. Provide a fallback definition, like we do in "crypto/ui/ui_util.c" (from commit 984d6c605216, "Fix no-stdio build", 2015-09-29). Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8922) 2019-05-10 03:29:48 +08:00			`#ifndef BUFSIZ`
			`# define BUFSIZ 256`
			`#endif`

Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00			`/* should be init to zeros. */`
			`static char prompt_string[80];`

Constify d2i, s2i, c2i and r2i functions and other associated functions and macros. This change has associated tags: LEVITTE_before_const and LEVITTE_after_const. Those will be removed when this change has been properly reviewed. 2004-03-16 07:15:26 +08:00			`void EVP_set_pw_prompt(const char *prompt)`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`{`
			`if (prompt == NULL)`
			`prompt_string[0] = '\0';`
			`else {`
			`strncpy(prompt_string, prompt, 79);`
			`prompt_string[79] = '\0';`
			`}`
			`}`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00
Change functions to ANSI C. 1999-04-20 05:31:43 +08:00			`char *EVP_get_pw_prompt(void)`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`{`
			`if (prompt_string[0] == '\0')`
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4541) 2017-10-17 22:04:09 +08:00			`return NULL;`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`else`
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4541) 2017-10-17 22:04:09 +08:00			`return prompt_string;`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`}`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`/*`
			`* For historical reasons, the standard function for reading passwords is in`
			`* the DES library -- if someone ever wants to disable DES, this function`
			`* will fail`
			`*/`
Change functions to ANSI C. 1999-04-20 05:31:43 +08:00			`int EVP_read_pw_string(char buf, int len, const char prompt, int verify)`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`{`
			`return EVP_read_pw_string_min(buf, 0, len, prompt, verify);`
			`}`
Add a general user interface API. This is designed to replace things like des_read_password and friends (backward compatibility functions using this new API are provided). The purpose is to remove prompting functions from the DES code section as well as provide for prompting through dialog boxes in a window system and the like. 2001-05-07 07:19:37 +08:00
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`int EVP_read_pw_string_min(char buf, int min, int len, const char prompt,`
			`int verify)`
			`{`
Fix small UI issues - in EVP_read_pw_string_min(), the return value from UI_add_* wasn't properly checked - in UI_process(), \|state\| was never made NULL, which means an error when closing the session wouldn't be accurately reported. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3849) 2017-07-05 16:26:25 +08:00			`int ret = -1;`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`char buff[BUFSIZ];`
			`UI *ui;`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`if ((prompt == NULL) && (prompt_string[0] != '\0'))`
			`prompt = prompt_string;`
			`ui = UI_new();`
Continue standardising malloc style for libcrypto Continuing from previous commit ensure our style is consistent for malloc return checks. Reviewed-by: Kurt Roeckx <kurt@openssl.org> 2015-10-30 19:12:26 +08:00			`if (ui == NULL)`
Fix small UI issues - in EVP_read_pw_string_min(), the return value from UI_add_* wasn't properly checked - in UI_process(), \|state\| was never made NULL, which means an error when closing the session wouldn't be accurately reported. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3849) 2017-07-05 16:26:25 +08:00			`return ret;`
			`if (UI_add_input_string(ui, prompt, 0, buf, min,`
			`(len >= BUFSIZ) ? BUFSIZ - 1 : len) < 0`
			`\|\| (verify`
			`&& UI_add_verify_string(ui, prompt, 0, buff, min,`
			`(len >= BUFSIZ) ? BUFSIZ - 1 : len,`
			`buf) < 0))`
			`goto end;`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`ret = UI_process(ui);`
			`OPENSSL_cleanse(buff, BUFSIZ);`
Fix small UI issues - in EVP_read_pw_string_min(), the return value from UI_add_* wasn't properly checked - in UI_process(), \|state\| was never made NULL, which means an error when closing the session wouldn't be accurately reported. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3849) 2017-07-05 16:26:25 +08:00			`end:`
			`UI_free(ui);`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`return ret;`
			`}`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`int EVP_BytesToKey(const EVP_CIPHER type, const EVP_MD md,`
			`const unsigned char salt, const unsigned char data,`
			`int datal, int count, unsigned char *key,`
			`unsigned char *iv)`
			`{`
Have other crypto/evp files include evp_locl.h Note: this does not include the files in crypto/evp that are just instanciations of EVP_MD. Reviewed-by: Rich Salz <rsalz@openssl.org> 2015-11-27 21:17:50 +08:00			`EVP_MD_CTX *c;`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`unsigned char md_buf[EVP_MAX_MD_SIZE];`
			`int niv, nkey, addmd = 0;`
			`unsigned int mds = 0, i;`
			`int rv = 0;`
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405) 2021-05-21 22:58:08 +08:00			`nkey = EVP_CIPHER_get_key_length(type);`
			`niv = EVP_CIPHER_get_iv_length(type);`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);`
			`OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`if (data == NULL)`
Remove parentheses of return. Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4541) 2017-10-17 22:04:09 +08:00			`return nkey;`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00
Cleanup: fix all sources that used EVP_MD_CTX_(create\|init\|destroy) Reviewed-by: Rich Salz <rsalz@openssl.org> 2015-12-02 07:49:35 +08:00			`c = EVP_MD_CTX_new();`
Have other crypto/evp files include evp_locl.h Note: this does not include the files in crypto/evp that are just instanciations of EVP_MD. Reviewed-by: Rich Salz <rsalz@openssl.org> 2015-11-27 21:17:50 +08:00			`if (c == NULL)`
			`goto err;`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`for (;;) {`
Have other crypto/evp files include evp_locl.h Note: this does not include the files in crypto/evp that are just instanciations of EVP_MD. Reviewed-by: Rich Salz <rsalz@openssl.org> 2015-11-27 21:17:50 +08:00			`if (!EVP_DigestInit_ex(c, md, NULL))`
Fix memory leaks and other mistakes on errors Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-10-08 20:38:57 +08:00			`goto err;`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`if (addmd++)`
Have other crypto/evp files include evp_locl.h Note: this does not include the files in crypto/evp that are just instanciations of EVP_MD. Reviewed-by: Rich Salz <rsalz@openssl.org> 2015-11-27 21:17:50 +08:00			`if (!EVP_DigestUpdate(c, &(md_buf[0]), mds))`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`goto err;`
Have other crypto/evp files include evp_locl.h Note: this does not include the files in crypto/evp that are just instanciations of EVP_MD. Reviewed-by: Rich Salz <rsalz@openssl.org> 2015-11-27 21:17:50 +08:00			`if (!EVP_DigestUpdate(c, data, datal))`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`goto err;`
			`if (salt != NULL)`
Have other crypto/evp files include evp_locl.h Note: this does not include the files in crypto/evp that are just instanciations of EVP_MD. Reviewed-by: Rich Salz <rsalz@openssl.org> 2015-11-27 21:17:50 +08:00			`if (!EVP_DigestUpdate(c, salt, PKCS5_SALT_LEN))`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`goto err;`
Have other crypto/evp files include evp_locl.h Note: this does not include the files in crypto/evp that are just instanciations of EVP_MD. Reviewed-by: Rich Salz <rsalz@openssl.org> 2015-11-27 21:17:50 +08:00			`if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds))`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`goto err;`
Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 18:52:47 +08:00
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`for (i = 1; i < (unsigned int)count; i++) {`
Have other crypto/evp files include evp_locl.h Note: this does not include the files in crypto/evp that are just instanciations of EVP_MD. Reviewed-by: Rich Salz <rsalz@openssl.org> 2015-11-27 21:17:50 +08:00			`if (!EVP_DigestInit_ex(c, md, NULL))`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`goto err;`
Have other crypto/evp files include evp_locl.h Note: this does not include the files in crypto/evp that are just instanciations of EVP_MD. Reviewed-by: Rich Salz <rsalz@openssl.org> 2015-11-27 21:17:50 +08:00			`if (!EVP_DigestUpdate(c, &(md_buf[0]), mds))`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`goto err;`
Have other crypto/evp files include evp_locl.h Note: this does not include the files in crypto/evp that are just instanciations of EVP_MD. Reviewed-by: Rich Salz <rsalz@openssl.org> 2015-11-27 21:17:50 +08:00			`if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds))`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`goto err;`
			`}`
			`i = 0;`
			`if (nkey) {`
			`for (;;) {`
			`if (nkey == 0)`
			`break;`
			`if (i == mds)`
			`break;`
			`if (key != NULL)`
			`*(key++) = md_buf[i];`
			`nkey--;`
			`i++;`
			`}`
			`}`
			`if (niv && (i != mds)) {`
			`for (;;) {`
			`if (niv == 0)`
			`break;`
			`if (i == mds)`
			`break;`
			`if (iv != NULL)`
			`*(iv++) = md_buf[i];`
			`niv--;`
			`i++;`
			`}`
			`}`
			`if ((nkey == 0) && (niv == 0))`
			`break;`
			`}`
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405) 2021-05-21 22:58:08 +08:00			`rv = EVP_CIPHER_get_key_length(type);`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`err:`
Cleanup: fix all sources that used EVP_MD_CTX_(create\|init\|destroy) Reviewed-by: Rich Salz <rsalz@openssl.org> 2015-12-02 07:49:35 +08:00			`EVP_MD_CTX_free(c);`
Fix memory leaks and other mistakes on errors Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-10-08 20:38:57 +08:00			`OPENSSL_cleanse(md_buf, sizeof(md_buf));`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`return rv;`
			`}`