diff options
-rw-r--r-- | lib/x509/privkey_openssl.c | 43 |
1 files changed, 29 insertions, 14 deletions
diff --git a/lib/x509/privkey_openssl.c b/lib/x509/privkey_openssl.c index 563ab99de6..643b3788f7 100644 --- a/lib/x509/privkey_openssl.c +++ b/lib/x509/privkey_openssl.c @@ -34,38 +34,50 @@ #include <random.h> static int -openssl_hash_password(const char *pass, gnutls_datum_t * key, +openssl_hash_password(const char *_password, gnutls_datum_t * key, gnutls_datum_t * salt) { unsigned char md5[16]; digest_hd_st hd; unsigned int count = 0; - int err; + int ret; + char *password = NULL; + + if (_password != NULL) { + gnutls_datum_t pout; + ret = _gnutls_utf8_password_normalize(_password, strlen(_password), &pout); + if (ret < 0) + return gnutls_assert_val(ret); + + password = (char*)pout.data; + } while (count < key->size) { - err = _gnutls_hash_init(&hd, mac_to_entry(GNUTLS_MAC_MD5)); - if (err) { + ret = _gnutls_hash_init(&hd, mac_to_entry(GNUTLS_MAC_MD5)); + if (ret < 0) { gnutls_assert(); - return err; + goto cleanup; } + if (count) { - err = _gnutls_hash(&hd, md5, sizeof(md5)); - if (err) { + ret = _gnutls_hash(&hd, md5, sizeof(md5)); + if (ret < 0) { hash_err: _gnutls_hash_deinit(&hd, NULL); gnutls_assert(); - return err; + goto cleanup; } } - if (pass) { - err = _gnutls_hash(&hd, pass, strlen(pass)); - if (err) { + + if (password) { + ret = _gnutls_hash(&hd, password, strlen(password)); + if (ret < 0) { gnutls_assert(); goto hash_err; } } - err = _gnutls_hash(&hd, salt->data, 8); - if (err) { + ret = _gnutls_hash(&hd, salt->data, 8); + if (ret < 0) { gnutls_assert(); goto hash_err; } @@ -80,8 +92,11 @@ openssl_hash_password(const char *pass, gnutls_datum_t * key, memcpy(&key->data[count], md5, sizeof(md5)); count += sizeof(md5); } + ret = 0; - return 0; + cleanup: + gnutls_free(password); + return ret; } struct pem_cipher { |