Add PKCS#5 v2.0 ASN1 structures.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 8 Apr 1999 23:55:42 +0000 (23:55 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 8 Apr 1999 23:55:42 +0000 (23:55 +0000)
CHANGES
crypto/asn1/Makefile.ssl
crypto/asn1/asn1.err
crypto/asn1/asn1.h
crypto/asn1/asn1_err.c
crypto/asn1/p5_pbev2.c [new file with mode: 0644]
crypto/objects/obj_dat.h
crypto/objects/objects.h
crypto/x509/x509.h

diff --git a/CHANGES b/CHANGES
index e1d946024aa5380c995a6f13f14fb1329596933e..532c48490a4dc4912aa757456c3f3826722ee932 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,10 @@
 
  Changes between 0.9.2b and 0.9.3
 
+  *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support,
+     yet...
+     [Steve Henson]
+
   *) New variables $(RANLIB) and $(PERL) in the Makefiles.
      [Ulf Möller]
 
index 7158cb3fab27da86200a42722486a9b17f185c4f..5bf33158e0f5940845ebeadbe6fc70a485d5e2ff 100644 (file)
@@ -36,7 +36,7 @@ LIBSRC=       a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
        f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
        f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
        asn1_par.c asn1_lib.c $(ERRC).c a_meth.c a_bytes.c \
-       evp_asn1.c asn_pack.c p5_pbe.c p8_pkey.c
+       evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c
 LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
        a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o \
        a_enum.o a_sign.o a_digest.o a_verify.o \
@@ -51,7 +51,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
        f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
        f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
        asn1_par.o asn1_lib.o $(ERRC).o a_meth.o a_bytes.o \
-       evp_asn1.o asn_pack.o p5_pbe.o p8_pkey.o
+       evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o
 
 SRC= $(LIBSRC)
 
index c4401ca873b979aad3115c89ea4cd678fc5ccd32..5f466abf61c4f3cc826de5f906930d707126fd3f 100644 (file)
@@ -65,7 +65,9 @@
 #define ASN1_F_D2I_NETSCAPE_RSA_2                       142
 #define ASN1_F_D2I_NETSCAPE_SPKAC                       143
 #define ASN1_F_D2I_NETSCAPE_SPKI                        144
+#define ASN1_F_D2I_PBE2PARAM                            262
 #define ASN1_F_D2I_PBEPARAM                             249
+#define ASN1_F_D2I_PBKDF2PARAM                          263
 #define ASN1_F_D2I_PKCS12                               254
 #define ASN1_F_D2I_PKCS12_BAGS                          255
 #define ASN1_F_D2I_PKCS12_MAC_DATA                      256
 #define ASN1_F_NETSCAPE_PKEY_NEW                        189
 #define ASN1_F_NETSCAPE_SPKAC_NEW                       190
 #define ASN1_F_NETSCAPE_SPKI_NEW                        191
+#define ASN1_F_PBE2PARAM_NEW                            264
 #define ASN1_F_PBEPARAM_NEW                             251
+#define ASN1_F_PBKDF2PARAM_NEW                          265
 #define ASN1_F_PKCS12_BAGS_NEW                          258
 #define ASN1_F_PKCS12_MAC_DATA_NEW                      259
 #define ASN1_F_PKCS12_NEW                               260
index 8309eb00a8b8ef0187dc5fbc404320971381f2d0..e2280c2c115455b8596ab2bd16cec1c3af2f05ec 100644 (file)
@@ -770,7 +770,9 @@ ASN1_STRING *ASN1_pack_string();
 #define ASN1_F_D2I_NETSCAPE_RSA_2                       142
 #define ASN1_F_D2I_NETSCAPE_SPKAC                       143
 #define ASN1_F_D2I_NETSCAPE_SPKI                        144
+#define ASN1_F_D2I_PBE2PARAM                            262
 #define ASN1_F_D2I_PBEPARAM                             249
+#define ASN1_F_D2I_PBKDF2PARAM                          263
 #define ASN1_F_D2I_PKCS12                               254
 #define ASN1_F_D2I_PKCS12_BAGS                          255
 #define ASN1_F_D2I_PKCS12_MAC_DATA                      256
@@ -829,7 +831,9 @@ ASN1_STRING *ASN1_pack_string();
 #define ASN1_F_NETSCAPE_PKEY_NEW                        189
 #define ASN1_F_NETSCAPE_SPKAC_NEW                       190
 #define ASN1_F_NETSCAPE_SPKI_NEW                        191
+#define ASN1_F_PBE2PARAM_NEW                            264
 #define ASN1_F_PBEPARAM_NEW                             251
+#define ASN1_F_PBKDF2PARAM_NEW                          265
 #define ASN1_F_PKCS12_BAGS_NEW                          258
 #define ASN1_F_PKCS12_MAC_DATA_NEW                      259
 #define ASN1_F_PKCS12_NEW                               260
index 7def93fb86fb88f53d73cc80d3f0a177bd9498f6..20cb9edee8a384b124b399c9bf158a11027d6303 100644 (file)
@@ -127,7 +127,9 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),      "D2I_NETSCAPE_RSA_2"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0),      "D2I_NETSCAPE_SPKAC"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0),       "D2I_NETSCAPE_SPKI"},
+{ERR_PACK(0,ASN1_F_D2I_PBE2PARAM,0),   "D2I_PBE2PARAM"},
 {ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0),    "D2I_PBEPARAM"},
+{ERR_PACK(0,ASN1_F_D2I_PBKDF2PARAM,0), "D2I_PBKDF2PARAM"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS12,0),      "D2I_PKCS12"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS12_BAGS,0), "D2I_PKCS12_BAGS"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS12_MAC_DATA,0),     "D2I_PKCS12_MAC_DATA"},
@@ -186,7 +188,9 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_NETSCAPE_PKEY_NEW,0),       "NETSCAPE_PKEY_NEW"},
 {ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0),      "NETSCAPE_SPKAC_NEW"},
 {ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0),       "NETSCAPE_SPKI_NEW"},
+{ERR_PACK(0,ASN1_F_PBE2PARAM_NEW,0),   "PBE2PARAM_NEW"},
 {ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0),    "PBEPARAM_NEW"},
+{ERR_PACK(0,ASN1_F_PBKDF2PARAM_NEW,0), "PBKDF2PARAM_NEW"},
 {ERR_PACK(0,ASN1_F_PKCS12_BAGS_NEW,0), "PKCS12_BAGS_NEW"},
 {ERR_PACK(0,ASN1_F_PKCS12_MAC_DATA_NEW,0),     "PKCS12_MAC_DATA_NEW"},
 {ERR_PACK(0,ASN1_F_PKCS12_NEW,0),      "PKCS12_NEW"},
diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
new file mode 100644 (file)
index 0000000..b81703e
--- /dev/null
@@ -0,0 +1,180 @@
+/* p5_pbev2.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#include "rand.h"
+
+/* PKCS#5 v2.0 password based encryption structures */
+
+/*
+ *ASN1err(ASN1_F_PBE2PARAM_NEW,ASN1_R_DECODE_ERROR)
+ *ASN1err(ASN1_F_D2I_PBE2PARAM,ASN1_R_DECODE_ERROR)
+ *ASN1err(ASN1_F_PBKDF2PARAM_NEW,ASN1_R_DECODE_ERROR)
+ *ASN1err(ASN1_F_D2I_PBKDF2PARAM,ASN1_R_DECODE_ERROR)
+ */
+
+int i2d_PBE2PARAM(a, pp)
+PBE2PARAM *a;
+unsigned char **pp;
+{
+       M_ASN1_I2D_vars(a);
+       M_ASN1_I2D_len (a->keyfunc, i2d_X509_ALGOR);
+       M_ASN1_I2D_len (a->encryption, i2d_X509_ALGOR);
+
+       M_ASN1_I2D_seq_total ();
+
+       M_ASN1_I2D_put (a->keyfunc, i2d_X509_ALGOR);
+       M_ASN1_I2D_put (a->encryption, i2d_X509_ALGOR);
+
+       M_ASN1_I2D_finish();
+}
+
+PBE2PARAM *PBE2PARAM_new()
+{
+       PBE2PARAM *ret=NULL;
+       ASN1_CTX c;
+       M_ASN1_New_Malloc(ret, PBE2PARAM);
+       M_ASN1_New(ret->keyfunc,X509_ALGOR_new);
+       M_ASN1_New(ret->encryption,X509_ALGOR_new);
+       return (ret);
+       M_ASN1_New_Error(ASN1_F_PBE2PARAM_NEW);
+}
+
+PBE2PARAM *d2i_PBE2PARAM(a,pp,length)
+PBE2PARAM **a;
+unsigned char **pp;
+long length;
+{
+       M_ASN1_D2I_vars(a,PBE2PARAM *,PBE2PARAM_new);
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       M_ASN1_D2I_get (ret->keyfunc, d2i_X509_ALGOR);
+       M_ASN1_D2I_get (ret->encryption, d2i_X509_ALGOR);
+       M_ASN1_D2I_Finish(a, PBE2PARAM_free, ASN1_F_D2I_PBE2PARAM);
+}
+
+void PBE2PARAM_free (a)
+PBE2PARAM *a;
+{
+       if(a==NULL) return;
+       X509_ALGOR_free(a->keyfunc);
+       X509_ALGOR_free(a->encryption);
+       Free ((char *)a);
+}
+
+int i2d_PBKDF2PARAM(a, pp)
+PBKDF2PARAM *a;
+unsigned char **pp;
+{
+       M_ASN1_I2D_vars(a);
+       M_ASN1_I2D_len (a->salt, i2d_ASN1_OCTET_STRING);
+       M_ASN1_I2D_len (a->iter, i2d_ASN1_INTEGER);
+       M_ASN1_I2D_len (a->keylength, i2d_ASN1_INTEGER);
+       M_ASN1_I2D_len (a->prf, i2d_X509_ALGOR);
+
+       M_ASN1_I2D_seq_total ();
+
+       M_ASN1_I2D_put (a->salt, i2d_ASN1_OCTET_STRING);
+       M_ASN1_I2D_put (a->iter, i2d_ASN1_INTEGER);
+       M_ASN1_I2D_put (a->keylength, i2d_ASN1_INTEGER);
+       M_ASN1_I2D_put (a->prf, i2d_X509_ALGOR);
+
+       M_ASN1_I2D_finish();
+}
+
+PBKDF2PARAM *PBKDF2PARAM_new()
+{
+       PBKDF2PARAM *ret=NULL;
+       ASN1_CTX c;
+       M_ASN1_New_Malloc(ret, PBKDF2PARAM);
+       M_ASN1_New(ret->salt, ASN1_OCTET_STRING_new);
+       M_ASN1_New(ret->iter, ASN1_INTEGER_new);
+       ret->keylength = NULL;
+       ret->prf = NULL;
+       return (ret);
+       M_ASN1_New_Error(ASN1_F_PBKDF2PARAM_NEW);
+}
+
+PBKDF2PARAM *d2i_PBKDF2PARAM(a,pp,length)
+PBKDF2PARAM **a;
+unsigned char **pp;
+long length;
+{
+       M_ASN1_D2I_vars(a,PBKDF2PARAM *,PBKDF2PARAM_new);
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       M_ASN1_D2I_get (ret->salt, d2i_ASN1_OCTET_STRING);
+       M_ASN1_D2I_get (ret->iter, d2i_ASN1_INTEGER);
+       M_ASN1_D2I_get_opt (ret->keylength, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
+       M_ASN1_D2I_get_opt (ret->prf, d2i_X509_ALGOR, V_ASN1_SEQUENCE);
+       M_ASN1_D2I_Finish(a, PBKDF2PARAM_free, ASN1_F_D2I_PBKDF2PARAM);
+}
+
+void PBKDF2PARAM_free (a)
+PBKDF2PARAM *a;
+{
+       if(a==NULL) return;
+       ASN1_OCTET_STRING_free(a->salt);
+       ASN1_INTEGER_free(a->iter);
+       ASN1_INTEGER_free(a->keylength);
+       X509_ALGOR_free(a->prf);
+       Free ((char *)a);
+}
+
index 7964a9fd3169813708381deadc1aa587b1a8d61f..12774fad250fae9130e907e7f50655b8d30959d7 100644 (file)
  * perl obj_dat.pl < objects.h > obj_dat.h
  */
 
-#define NUM_NID 161
+#define NUM_NID 164
 #define NUM_SN 115
-#define NUM_LN 157
-#define NUM_OBJ 133
+#define NUM_LN 160
+#define NUM_OBJ 136
 
-static unsigned char lvalues[914]={
+static unsigned char lvalues[940]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -200,6 +200,9 @@ static unsigned char lvalues[914]={
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [883] OBJ_x509Certificate */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [893] OBJ_sdsiCertificate */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [903] OBJ_x509Crl */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [913] OBJ_pbes2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [922] OBJ_pbmac1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07,     /* [931] OBJ_hmacWithSHA1 */
 };
 
 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -428,6 +431,9 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10,
        &(lvalues[893]),0},
 {"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[903]),0},
+{"PBES2","PBES2",NID_pbes2,9,&(lvalues[913]),0},
+{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[922]),0},
+{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[931]),0},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -571,6 +577,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[73]),/* "Netscape Revocation Url" */
 &(nid_objs[77]),/* "Netscape SSL Server Name" */
 &(nid_objs[139]),/* "Netscape Server Gated Crypto" */
+&(nid_objs[161]),/* "PBES2" */
+&(nid_objs[162]),/* "PBMAC1" */
 &(nid_objs[143]),/* "Strong Extranet ID" */
 &(nid_objs[130]),/* "TLS Web Client Authentication" */
 &(nid_objs[129]),/* "TLS Web Server Authentication" */
@@ -628,6 +636,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[56]),/* "extendedCertificateAttributes" */
 &(nid_objs[156]),/* "friendlyName" */
 &(nid_objs[99]),/* "givenName" */
+&(nid_objs[163]),/* "hmacWithSHA1" */
 &(nid_objs[34]),/* "idea-cbc" */
 &(nid_objs[35]),/* "idea-cfb" */
 &(nid_objs[36]),/* "idea-ecb" */
@@ -773,6 +782,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[47]),/* OBJ_pkcs9                        1 2 840 113549 1 9 */
 &(nid_objs[ 3]),/* OBJ_md2                          1 2 840 113549 2 2 */
 &(nid_objs[ 4]),/* OBJ_md5                          1 2 840 113549 2 5 */
+&(nid_objs[163]),/* OBJ_hmacWithSHA1                 1 2 840 113549 2 7 */
 &(nid_objs[37]),/* OBJ_rc2_cbc                      1 2 840 113549 3 2 */
 &(nid_objs[ 5]),/* OBJ_rc4                          1 2 840 113549 3 4 */
 &(nid_objs[44]),/* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
@@ -795,6 +805,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
 &(nid_objs[68]),/* OBJ_pbeWithSHA1AndRC2_CBC        1 2 840 113549 1 5 11  */
 &(nid_objs[69]),/* OBJ_pbeWithSHA1AndRC4            1 2 840 113549 1 5 12  */
+&(nid_objs[161]),/* OBJ_pbes2                        1 2 840 113549 1 5 13 */
+&(nid_objs[162]),/* OBJ_pbmac1                       1 2 840 113549 1 5 14 */
 &(nid_objs[21]),/* OBJ_pkcs7_data                   1 2 840 113549 1 7 1 */
 &(nid_objs[22]),/* OBJ_pkcs7_signed                 1 2 840 113549 1 7 2 */
 &(nid_objs[23]),/* OBJ_pkcs7_enveloped              1 2 840 113549 1 7 3 */
index 431d86e97911537da0172d45ac9acdb0cffbeb0a..e9a8f47a83f8e0cf5213230c2153b7a963753096 100644 (file)
@@ -840,7 +840,19 @@ extern "C" {
 #define        NID_x509Crl             160
 #define OBJ_x509Crl            OBJ_crlTypes, 1L
 
+/* PKCS#5 v2 OIDs */
 
+#define LN_pbes2               "PBES2"
+#define NID_pbes2              161
+#define OBJ_pbes2              OBJ_pkcs,5L,13L
+
+#define LN_pbmac1              "PBMAC1"
+#define NID_pbmac1             162
+#define OBJ_pbmac1             OBJ_pkcs,5L,14L
+
+#define LN_hmacWithSHA1                "hmacWithSHA1"
+#define NID_hmacWithSHA1       163
+#define OBJ_hmacWithSHA1       OBJ_rsadsi,2L,7L
 
 #include "bio.h"
 #include "asn1.h"
index ee54557a0f3cb706776892dfa461fb32b3971738..2f1ca6229b87159b0491d62a4be66b4a256ffa35 100644 (file)
@@ -344,6 +344,21 @@ ASN1_OCTET_STRING *salt;
 ASN1_INTEGER *iter;
 } PBEPARAM;
 
+/* Password based encryption V2 structures */
+
+typedef struct PBE2PARAM_st {
+X509_ALGOR *keyfunc;
+X509_ALGOR *encryption;
+} PBE2PARAM;
+
+typedef struct PBKDF2PARAM_st {
+ASN1_OCTET_STRING *salt;
+ASN1_INTEGER *iter;
+ASN1_INTEGER *keylength;
+X509_ALGOR *prf;
+} PBKDF2PARAM;
+
+
 /* PKCS#8 private key info structure */
 
 typedef struct pkcs8_priv_key_info_st
@@ -865,6 +880,16 @@ PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, unsigned char **pp, long length);
 void PBEPARAM_free(PBEPARAM *a);
 X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
 
+int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **pp);
+PBKDF2PARAM *PBKDF2PARAM_new(void);
+PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, unsigned char **pp, long length);
+void PBKDF2PARAM_free(PBKDF2PARAM *a);
+
+int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **pp);
+PBE2PARAM *PBE2PARAM_new(void);
+PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, unsigned char **pp, long length);
+void PBE2PARAM_free(PBE2PARAM *a);
+
 /* PKCS#8 utilities */
 
 int i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **pp);
@@ -1189,6 +1214,16 @@ PBEPARAM *PBEPARAM_new();
 PBEPARAM *d2i_PBEPARAM();
 void PBEPARAM_free();
 
+int i2d_PBKDF2PARAM();
+PBKDF2PARAM *PBKDF2PARAM_new();
+PBKDF2PARAM *d2i_PBKDF2PARAM();
+void PBKDF2PARAM_free();
+
+int i2d_PBE2PARAM();
+PBE2PARAM *PBE2PARAM_new();
+PBE2PARAM *d2i_PBE2PARAM();
+void PBE2PARAM_free();
+
 int i2d_PKCS8_PRIV_KEY_INFO();
 PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new();
 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO();