1 /*
2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include "internal/cryptlib.h"
12 #include <openssl/x509.h>
13 #include <openssl/objects.h>
14 #include <openssl/evp.h>
15 #include <openssl/ui.h>
16
17 #ifndef BUFSIZ
18 #define BUFSIZ 256
19 #endif
20
21 /* should be init to zeros. */
22 static char prompt_string[80];
23
EVP_set_pw_prompt(const char * prompt)24 void EVP_set_pw_prompt(const char *prompt)
25 {
26 if (prompt == NULL)
27 prompt_string[0] = '\0';
28 else {
29 strncpy(prompt_string, prompt, 79);
30 prompt_string[79] = '\0';
31 }
32 }
33
EVP_get_pw_prompt(void)34 char *EVP_get_pw_prompt(void)
35 {
36 if (prompt_string[0] == '\0')
37 return NULL;
38 else
39 return prompt_string;
40 }
41
42 /*
43 * For historical reasons, the standard function for reading passwords is in
44 * the DES library -- if someone ever wants to disable DES, this function
45 * will fail
46 */
EVP_read_pw_string(char * buf,int len,const char * prompt,int verify)47 int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
48 {
49 return EVP_read_pw_string_min(buf, 0, len, prompt, verify);
50 }
51
EVP_read_pw_string_min(char * buf,int min,int len,const char * prompt,int verify)52 int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
53 int verify)
54 {
55 int ret = -1;
56 char buff[BUFSIZ];
57 UI *ui;
58
59 if ((prompt == NULL) && (prompt_string[0] != '\0'))
60 prompt = prompt_string;
61 ui = UI_new();
62 if (ui == NULL)
63 return ret;
64 if (UI_add_input_string(ui, prompt, 0, buf, min,
65 (len >= BUFSIZ) ? BUFSIZ - 1 : len)
66 < 0
67 || (verify
68 && UI_add_verify_string(ui, prompt, 0, buff, min,
69 (len >= BUFSIZ) ? BUFSIZ - 1 : len,
70 buf)
71 < 0))
72 goto end;
73 ret = UI_process(ui);
74 OPENSSL_cleanse(buff, BUFSIZ);
75 end:
76 UI_free(ui);
77 return ret;
78 }
79
EVP_BytesToKey(const EVP_CIPHER * type,const EVP_MD * md,const unsigned char * salt,const unsigned char * data,int datal,int count,unsigned char * key,unsigned char * iv)80 int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
81 const unsigned char *salt, const unsigned char *data,
82 int datal, int count, unsigned char *key,
83 unsigned char *iv)
84 {
85 EVP_MD_CTX *c;
86 unsigned char md_buf[EVP_MAX_MD_SIZE];
87 int niv, nkey, addmd = 0;
88 unsigned int mds = 0, i;
89 int rv = 0;
90 nkey = EVP_CIPHER_get_key_length(type);
91 niv = EVP_CIPHER_get_iv_length(type);
92 OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
93 OPENSSL_assert(niv >= 0 && niv <= EVP_MAX_IV_LENGTH);
94
95 if (data == NULL)
96 return nkey;
97
98 c = EVP_MD_CTX_new();
99 if (c == NULL)
100 goto err;
101 for (;;) {
102 if (!EVP_DigestInit_ex(c, md, NULL))
103 goto err;
104 if (addmd++)
105 if (!EVP_DigestUpdate(c, &(md_buf[0]), mds))
106 goto err;
107 if (!EVP_DigestUpdate(c, data, datal))
108 goto err;
109 if (salt != NULL)
110 if (!EVP_DigestUpdate(c, salt, PKCS5_SALT_LEN))
111 goto err;
112 if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds))
113 goto err;
114
115 for (i = 1; i < (unsigned int)count; i++) {
116 if (!EVP_DigestInit_ex(c, md, NULL))
117 goto err;
118 if (!EVP_DigestUpdate(c, &(md_buf[0]), mds))
119 goto err;
120 if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds))
121 goto err;
122 }
123 i = 0;
124 if (nkey) {
125 for (;;) {
126 if (nkey == 0)
127 break;
128 if (i == mds)
129 break;
130 if (key != NULL)
131 *(key++) = md_buf[i];
132 nkey--;
133 i++;
134 }
135 }
136 if (niv && (i != mds)) {
137 for (;;) {
138 if (niv == 0)
139 break;
140 if (i == mds)
141 break;
142 if (iv != NULL)
143 *(iv++) = md_buf[i];
144 niv--;
145 i++;
146 }
147 }
148 if ((nkey == 0) && (niv == 0))
149 break;
150 }
151 rv = EVP_CIPHER_get_key_length(type);
152 err:
153 EVP_MD_CTX_free(c);
154 OPENSSL_cleanse(md_buf, sizeof(md_buf));
155 return rv;
156 }
157