Add library context and property query support into the PKCS12 API

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14434)

1 files changed, 31 insertions, 18 deletions

diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c
index 8a6f71f7bb..aeea598696 100644
--- a/crypto/pkcs12/p12_crpt.c
+++ b/crypto/pkcs12/p12_crpt.c
@@ -9,6 +9,9 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
+#include <openssl/core.h>
+#include <openssl/core_names.h>
+#include "crypto/evp.h"
 #include <openssl/pkcs12.h>
 
 /* PKCS#12 PBE algorithms now in static table */
@@ -17,21 +20,16 @@ void PKCS12_PBE_add(void)
 {
 }
 
-int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-                        ASN1_TYPE *param, const EVP_CIPHER *cipher,
-                        const EVP_MD *md, int en_de)
+int PKCS12_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                           ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                           const EVP_MD *md, int en_de,
+                           OSSL_LIB_CTX *libctx, const char *propq)
 {
     PBEPARAM *pbe;
     int saltlen, iter, ret;
     unsigned char *salt;
     unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
-    int (*pkcs12_key_gen)(const char *pass, int passlen,
-                          unsigned char *salt, int slen,
-                          int id, int iter, int n,
-                          unsigned char *out,
-                          const EVP_MD *md_type);
-
-    pkcs12_key_gen = PKCS12_key_gen_utf8;
+    unsigned char *piv = iv;
 
     if (cipher == NULL)
         return 0;
@@ -50,21 +48,36 @@ int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
         iter = ASN1_INTEGER_get(pbe->iter);
     salt = pbe->salt->data;
     saltlen = pbe->salt->length;
-    if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
-                           iter, EVP_CIPHER_key_length(cipher), key, md)) {
+    if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
+                                iter, EVP_CIPHER_key_length(cipher), key, md,
+                                libctx, propq)) {
         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR);
         PBEPARAM_free(pbe);
         return 0;
     }
-    if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_IV_ID,
-                           iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
-        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_IV_GEN_ERROR);
-        PBEPARAM_free(pbe);
-        return 0;
+    if (EVP_CIPHER_iv_length(cipher) > 0) {
+        if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_IV_ID,
+                                    iter, EVP_CIPHER_iv_length(cipher), iv, md,
+                                    libctx, propq)) {
+            ERR_raise(ERR_LIB_PKCS12, PKCS12_R_IV_GEN_ERROR);
+            PBEPARAM_free(pbe);
+            return 0;
+        }
+    } else {
+        piv = NULL;
     }
     PBEPARAM_free(pbe);
-    ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
+    ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, piv, en_de);
     OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
     OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
     return ret;
 }
+
+int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                        ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                        const EVP_MD *md, int en_de)
+{
+    return PKCS12_PBE_keyivgen_ex(ctx, pass, passlen, param, cipher, md, en_de,
+                                  NULL, NULL);
+}
+