X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fevp%2Fp5_crpt.c;h=294cc90d878c19f98466d411048fecb1beab82e8;hb=701d593f7095db84459c76265349a83d30a4cae5;hp=11bf88b96d84e64bb23e7622ef6dda4855748b63;hpb=ef8335d900ee5af9d83237ad29d6904a3bb69290;p=oweals%2Fopenssl.git diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index 11bf88b96d..294cc90d87 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -1,5 +1,5 @@ /* p5_crpt.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -58,51 +58,86 @@ #include #include +#include "cryptlib.h" #include #include -#include "cryptlib.h" -/* PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info. +/* Doesn't do anything now: Builtin PBE algorithms in static table. */ void PKCS5_PBE_add(void) { -#ifndef NO_DES -EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(), - PKCS5_PBE_keyivgen); -EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(), - PKCS5_PBE_keyivgen); -EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(), - PKCS5_PBE_keyivgen); -#endif -#ifndef NO_RC2 -EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(), - PKCS5_PBE_keyivgen); -EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(), - PKCS5_PBE_keyivgen); -EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(), - PKCS5_PBE_keyivgen); -#endif } -int PKCS5_PBE_keyivgen(const char *pass, int passlen, unsigned char *salt, - int saltlen, int iter, EVP_CIPHER *cipher, EVP_MD *md, - unsigned char *key, unsigned char *iv) +int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, + int en_de) { EVP_MD_CTX ctx; unsigned char md_tmp[EVP_MAX_MD_SIZE]; + unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; int i; - EVP_DigestInit (&ctx, md); - EVP_DigestUpdate (&ctx, pass, passlen); - EVP_DigestUpdate (&ctx, salt, saltlen); - EVP_DigestFinal (&ctx, md_tmp, NULL); + PBEPARAM *pbe; + int saltlen, iter; + unsigned char *salt; + const unsigned char *pbuf; + int mdsize; + int rv = 0; + EVP_MD_CTX_init(&ctx); + + /* Extract useful info from parameter */ + if (param == NULL || param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); + return 0; + } + + pbuf = param->value.sequence->data; + if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); + return 0; + } + + if (!pbe->iter) iter = 1; + else iter = ASN1_INTEGER_get (pbe->iter); + salt = pbe->salt->data; + saltlen = pbe->salt->length; + + if(!pass) passlen = 0; + else if(passlen == -1) passlen = strlen(pass); + + if (!EVP_DigestInit_ex(&ctx, md, NULL)) + goto err; + if (!EVP_DigestUpdate(&ctx, pass, passlen)) + goto err; + if (!EVP_DigestUpdate(&ctx, salt, saltlen)) + goto err; + PBEPARAM_free(pbe); + if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) + goto err; + mdsize = EVP_MD_size(md); + if (mdsize < 0) + return 0; for (i = 1; i < iter; i++) { - EVP_DigestInit(&ctx, md); - EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md)); - EVP_DigestFinal (&ctx, md_tmp, NULL); + if (!EVP_DigestInit_ex(&ctx, md, NULL)) + goto err; + if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize)) + goto err; + if (!EVP_DigestFinal_ex (&ctx, md_tmp, NULL)) + goto err; } - memcpy (key, md_tmp, EVP_CIPHER_key_length(cipher)); - memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), + OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); + memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); + OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); + memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), EVP_CIPHER_iv_length(cipher)); - return 1; + if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) + goto err; + OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); + OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); + OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); + rv = 1; + err: + EVP_MD_CTX_cleanup(&ctx); + return rv; }