Added PKCS5_PBE_keyivgen_ex() to allow PBKDF1 algorithms to be fetched for a specific library context

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14326)

6 files changed, 49 insertions, 25 deletions

diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index 7c73cfc501..6347a0635f 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -34,11 +34,11 @@ static STACK_OF(EVP_PBE_CTL) *pbe_algs;
 
 static const EVP_PBE_CTL builtin_pbe[] = {
     {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC,
-     NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen, NULL},
+     NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
     {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC,
-     NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen, NULL},
+     NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
     {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
-     NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen, NULL},
+     NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
 
     {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
 
@@ -58,11 +58,11 @@ static const EVP_PBE_CTL builtin_pbe[] = {
     {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen, &PKCS5_v2_PBE_keyivgen_ex},
 
     {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC,
-     NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen, NULL},
+     NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
     {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC,
-     NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen, NULL},
+     NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
     {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC,
-     NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen, NULL},
+     NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
 
     {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0},
     {EVP_PBE_TYPE_PRF, NID_hmac_md5, -1, NID_md5, 0},
diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c
index 59d1a23ad6..abf153cb43 100644
--- a/crypto/evp/p5_crpt.c
+++ b/crypto/evp/p5_crpt.c
@@ -15,9 +15,6 @@
 #include <openssl/core_names.h>
 #include <openssl/kdf.h>
 
-#define PKCS5_PBES1_OUTPUT_LENGTH   16
-#define PKCS5_PBES1_KEY_IV_LENGTH   8
-
 /*
  * Doesn't do anything now: Builtin PBE algorithms in static table.
  */
@@ -26,15 +23,18 @@ void PKCS5_PBE_add(void)
 {
 }
 
-int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
-                       ASN1_TYPE *param, const EVP_CIPHER *cipher,
-                       const EVP_MD *md, int en_de)
+int PKCS5_PBE_keyivgen_ex(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
+                          ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                          const EVP_MD *md, int en_de, OSSL_LIB_CTX *libctx,
+                          const char *propq)
 {
-    unsigned char out[PKCS5_PBES1_OUTPUT_LENGTH];
+    unsigned char md_tmp[EVP_MAX_MD_SIZE];
+    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
     int ivl, kl;
     PBEPARAM *pbe = NULL;
     int saltlen, iter;
     unsigned char *salt;
+    int mdsize;
     int rv = 0;
     EVP_KDF *kdf;
     EVP_KDF_CTX *kctx = NULL;
@@ -55,12 +55,12 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
     }
 
     ivl = EVP_CIPHER_iv_length(cipher);
-    if (ivl != PKCS5_PBES1_KEY_IV_LENGTH) {
+    if (ivl < 0 || ivl > 16) {
         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
         goto err;
     }
     kl = EVP_CIPHER_key_length(cipher);
-    if (kl != PKCS5_PBES1_KEY_IV_LENGTH) {
+    if (kl < 0 || kl > (int)sizeof(md_tmp)) {
         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
         goto err;
     }
@@ -77,7 +77,11 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
     else if (passlen == -1)
         passlen = strlen(pass);
 
-    kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF1, NULL);
+    mdsize = EVP_MD_size(md);
+    if (mdsize < 0)
+        goto err;
+
+    kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF1, propq);
     kctx = EVP_KDF_CTX_new(kdf);
     EVP_KDF_free(kdf);
     if (kctx == NULL)
@@ -90,16 +94,27 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
                                             (char *)mdname, 0);
     *p = OSSL_PARAM_construct_end();
-    if (EVP_KDF_derive(kctx, out, PKCS5_PBES1_OUTPUT_LENGTH, params) != 1)
+    if (EVP_KDF_derive(kctx, md_tmp, mdsize, params) != 1)
         goto err;
-
-    if (!EVP_CipherInit_ex(cctx, cipher, NULL, out,
-                           out + PKCS5_PBES1_KEY_IV_LENGTH, en_de))
+    memcpy(key, md_tmp, kl);
+    memcpy(iv, md_tmp + (16 - ivl), ivl);
+    if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
         goto err;
-    OPENSSL_cleanse(out, PKCS5_PBES1_OUTPUT_LENGTH);
+    OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
+    OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+    OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
     rv = 1;
  err:
     EVP_KDF_CTX_free(kctx);
     PBEPARAM_free(pbe);
     return rv;
 }
+
+int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
+                       ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                       const EVP_MD *md, int en_de)
+{
+    return PKCS5_PBE_keyivgen_ex(cctx, pass, passlen, param, cipher, md, en_de,
+                                 NULL, NULL);
+}
+
diff --git a/doc/man3/PKCS5_PBE_keyivgen.pod b/doc/man3/PKCS5_PBE_keyivgen.pod
index 67a7957987..72de3153b9 100644
--- a/doc/man3/PKCS5_PBE_keyivgen.pod
+++ b/doc/man3/PKCS5_PBE_keyivgen.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-PKCS5_PBE_keyivgen, PKCS5_pbe2_set, PKCS5_pbe2_set_iv,
+PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex, PKCS5_pbe2_set, PKCS5_pbe2_set_iv,
 PKCS5_pbe2_set_iv_ex, PKCS5_pbe_set, PKCS5_pbe_set_ex, PKCS5_pbe2_set_scrypt,
 PKCS5_pbe_set0_algor, PKCS5_pbe_set0_algor_ex,
 PKCS5_v2_PBE_keyivgen, PKCS5_v2_PBE_keyivgen_ex,
@@ -17,6 +17,10 @@ PKCS5_pbkdf2_set, PKCS5_pbkdf2_set_ex, EVP_PBE_scrypt, EVP_PBE_scrypt_ex
  int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                         ASN1_TYPE *param, const EVP_CIPHER *cipher,
                         const EVP_MD *md, int en_de);
+ int PKCS5_PBE_keyivgen_ex(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
+                           ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                           const EVP_MD *md, int en_de, OSSL_LIB_CTX *libctx,
+                           const char *propq);
  int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                            ASN1_TYPE *param, const EVP_CIPHER *cipher,
                            const EVP_MD *md, int en_de);
@@ -79,7 +83,7 @@ PKCS5_pbkdf2_set, PKCS5_pbkdf2_set_ex, EVP_PBE_scrypt, EVP_PBE_scrypt_ex
 
 =head2 Key Derivation
 
-PKCS5_PBE_keyivgen() takes a password I<pass> of
+PKCS5_PBE_keyivgen() and PKCS5_PBE_keyivgen_ex() take a password I<pass> of
 length I<passlen>, parameters I<param> and a message digest function I<md_type>
 and performs a key derivation according to PKCS#5 PBES1. The resulting key is
 then used to initialise the cipher context I<ctx> with a cipher I<cipher> for
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 27e14d07b6..a793db6e0e 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1438,6 +1438,10 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
 int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                        ASN1_TYPE *param, const EVP_CIPHER *cipher,
                        const EVP_MD *md, int en_de);
+int PKCS5_PBE_keyivgen_ex(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
+                          ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                          const EVP_MD *md, int en_de, OSSL_LIB_CTX *libctx,
+                          const char *propq);
 int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
                            const unsigned char *salt, int saltlen, int iter,
                            int keylen, unsigned char *out);
diff --git a/providers/implementations/kdfs/pbkdf1.c b/providers/implementations/kdfs/pbkdf1.c
index 1a803774d6..af715efc91 100644
--- a/providers/implementations/kdfs/pbkdf1.c
+++ b/providers/implementations/kdfs/pbkdf1.c
@@ -175,9 +175,9 @@ static int kdf_pbkdf1_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
     const OSSL_PARAM *p;
     KDF_PBKDF1 *ctx = vctx;
-    OSSL_LIB_CTX *provctx = PROV_LIBCTX_OF(ctx->provctx);
+    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
 
-    if (!ossl_prov_digest_load_from_params(&ctx->digest, params, provctx))
+    if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx))
         return 0;
 
     if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL)
diff --git a/util/libcrypto.num b/util/libcrypto.num
index c0c9ee7024..0ac771216c 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5413,3 +5413,4 @@ BIO_get_line                            5540	3_0_0	EXIST::FUNCTION:
 OSSL_LIB_CTX_new_from_dispatch          5541	3_0_0	EXIST::FUNCTION:
 OSSL_LIB_CTX_new_child                  5542	3_0_0	EXIST::FUNCTION:
 OSSL_PROVIDER_get0_dispatch             5543	3_0_0	EXIST::FUNCTION:
+PKCS5_PBE_keyivgen_ex                   5544	3_0_0	EXIST::FUNCTION: