diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-06-06 13:07:13 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-06-06 13:07:13 +0000 |
commit | 69cbf468119d6a85289e4720d609c38d4329de23 (patch) | |
tree | 74b95aaf00f25cd802bc38b83c37e157bc117ae8 /crypto/evp | |
parent | 095ce35378bc42b1684c1fc29f6ceb3c17fdada3 (diff) |
Rewrite PBE handling read to support PKCS#5 v2.0 and update the function
list for Win32.
Diffstat (limited to 'crypto/evp')
-rw-r--r-- | crypto/evp/evp.h | 14 | ||||
-rw-r--r-- | crypto/evp/evp_err.c | 2 | ||||
-rw-r--r-- | crypto/evp/evp_pbe.c | 40 | ||||
-rw-r--r-- | crypto/evp/p5_crpt.c | 22 |
4 files changed, 34 insertions, 44 deletions
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 3d5b27f389..5e12b21f9c 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -396,7 +396,7 @@ typedef struct evp_Encode_Ctx_st /* Password based encryption function */ typedef int (EVP_PBE_KEYGEN)(const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, EVP_CIPHER *cipher, + ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, unsigned char *key, unsigned char *iv); #define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ @@ -635,12 +635,18 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); /* PKCS5 password based encryption */ -int PKCS5_PBE_keyivgen(const char *pass, int passlen, unsigned char *salt, - int saltlen, int iter, EVP_CIPHER *cipher, EVP_MD *md, +int PKCS5_PBE_keyivgen(const char *pass, int passlen, ASN1_TYPE *param, + EVP_CIPHER *cipher, EVP_MD *md, unsigned char *key, unsigned char *iv); void PKCS5_PBE_add(void); +int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); +int EVP_PBE_alg_add(int nid, EVP_CIPHER *cipher, EVP_MD *md, + EVP_PBE_KEYGEN *keygen); +void EVP_PBE_cleanup(void); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -653,9 +659,9 @@ void PKCS5_PBE_add(void); #define EVP_F_EVP_DECRYPTFINAL 101 #define EVP_F_EVP_MD_CTX_COPY 110 #define EVP_F_EVP_OPENINIT 102 -#define EVP_F_EVP_PBE_ALGOR_CIPHERINIT 114 #define EVP_F_EVP_PBE_ALG_ADD 115 #define EVP_F_EVP_PBE_CIPHERINIT 116 +#define EVP_F_EVP_PKCS5_PBE_KEYIVGEN 117 #define EVP_F_EVP_PKCS82PKEY 111 #define EVP_F_EVP_PKCS8_SET_BROKEN 112 #define EVP_F_EVP_PKEY2PKCS8 113 diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 63ce3ae17d..cd00af8b77 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -69,9 +69,9 @@ static ERR_STRING_DATA EVP_str_functs[]= {ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"}, {ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"}, {ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"}, -{ERR_PACK(0,EVP_F_EVP_PBE_ALGOR_CIPHERINIT,0), "EVP_PBE_ALGOR_CipherInit"}, {ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_alg_add"}, {ERR_PACK(0,EVP_F_EVP_PBE_CIPHERINIT,0), "EVP_PBE_CipherInit"}, +{ERR_PACK(0,EVP_F_EVP_PKCS5_PBE_KEYIVGEN,0), "EVP_PKCS5_PBE_KEYIVGEN"}, {ERR_PACK(0,EVP_F_EVP_PKCS82PKEY,0), "EVP_PKCS82PKEY"}, {ERR_PACK(0,EVP_F_EVP_PKCS8_SET_BROKEN,0), "EVP_PKCS8_SET_BROKEN"}, {ERR_PACK(0,EVP_F_EVP_PKEY2PKCS8,0), "EVP_PKEY2PKCS8"}, diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 848edddd8c..abc4d0683c 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -75,8 +75,7 @@ EVP_PBE_KEYGEN *keygen; } EVP_PBE_CTL; int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, EVP_CIPHER_CTX *ctx, - int en_de) + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) { EVP_PBE_CTL *pbetmp, pbelu; @@ -96,8 +95,8 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, } if (passlen == -1) passlen = strlen(pass); pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i); - i = (*pbetmp->keygen)(pass, passlen, salt, saltlen, iter, - pbetmp->cipher, pbetmp->md, key, iv); + i = (*pbetmp->keygen)(pass, passlen, param, pbetmp->cipher, + pbetmp->md, key, iv); if (!i) { EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE); return 0; @@ -106,39 +105,6 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, return 1; } -/* Setup a PBE algorithm but take most parameters from AlgorithmIdentifier */ - -int EVP_PBE_ALGOR_CipherInit (X509_ALGOR *algor, const char *pass, - int passlen, EVP_CIPHER_CTX *ctx, int en_de) -{ - PBEPARAM *pbe; - int saltlen, iter; - unsigned char *salt, *pbuf; - - /* Extract useful info from algor */ - pbuf = algor->parameter->value.sequence->data; - if (!(pbe = d2i_PBEPARAM (NULL, &pbuf, - algor->parameter->value.sequence->length))) { - EVPerr(EVP_F_EVP_PBE_ALGOR_CIPHERINIT,EVP_R_DECODE_ERROR); - return 0; - } - - if (!pbe->iter) iter = 1; - else iter = ASN1_INTEGER_get (pbe->iter); - salt = pbe->salt->data; - saltlen = pbe->salt->length; - - if (!(EVP_PBE_CipherInit (algor->algorithm, pass, passlen, salt, - saltlen, iter, ctx, en_de))) { - EVPerr(EVP_F_EVP_PBE_ALGOR_CIPHERINIT,EVP_R_EVP_PBE_CIPHERINIT_ERROR); - PBEPARAM_free(pbe); - return 0; - } - PBEPARAM_free(pbe); - return 1; -} - - static int pbe_cmp (EVP_PBE_CTL **pbe1, EVP_PBE_CTL **pbe2) { return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index 11bf88b96d..857835bc74 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -85,16 +85,34 @@ EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(), #endif } -int PKCS5_PBE_keyivgen(const char *pass, int passlen, unsigned char *salt, - int saltlen, int iter, EVP_CIPHER *cipher, EVP_MD *md, +int PKCS5_PBE_keyivgen(const char *pass, int passlen, ASN1_TYPE *param, + EVP_CIPHER *cipher, EVP_MD *md, unsigned char *key, unsigned char *iv) { EVP_MD_CTX ctx; unsigned char md_tmp[EVP_MAX_MD_SIZE]; int i; + PBEPARAM *pbe; + int saltlen, iter; + unsigned char *salt, *pbuf; + + /* Extract useful info from parameter */ + pbuf = param->value.sequence->data; + if (!(pbe = d2i_PBEPARAM (NULL, &pbuf, + param->value.sequence->length))) { + EVPerr(EVP_F_EVP_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); + return 0; + } + + if (!pbe->iter) iter = 1; + else iter = ASN1_INTEGER_get (pbe->iter); + salt = pbe->salt->data; + saltlen = pbe->salt->length; + EVP_DigestInit (&ctx, md); EVP_DigestUpdate (&ctx, pass, passlen); EVP_DigestUpdate (&ctx, salt, saltlen); + PBEPARAM_free(pbe); EVP_DigestFinal (&ctx, md_tmp, NULL); for (i = 1; i < iter; i++) { EVP_DigestInit(&ctx, md); |