Changes between 0.9.2b and 0.9.3
+ *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support,
+ yet...
+ [Steve Henson]
+
*) New variables $(RANLIB) and $(PERL) in the Makefiles.
[Ulf Möller]
f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
asn1_par.c asn1_lib.c $(ERRC).c a_meth.c a_bytes.c \
- evp_asn1.c asn_pack.c p5_pbe.c p8_pkey.c
+ evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c
LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o \
a_enum.o a_sign.o a_digest.o a_verify.o \
f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
asn1_par.o asn1_lib.o $(ERRC).o a_meth.o a_bytes.o \
- evp_asn1.o asn_pack.o p5_pbe.o p8_pkey.o
+ evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o
SRC= $(LIBSRC)
#define ASN1_F_D2I_NETSCAPE_RSA_2 142
#define ASN1_F_D2I_NETSCAPE_SPKAC 143
#define ASN1_F_D2I_NETSCAPE_SPKI 144
+#define ASN1_F_D2I_PBE2PARAM 262
#define ASN1_F_D2I_PBEPARAM 249
+#define ASN1_F_D2I_PBKDF2PARAM 263
#define ASN1_F_D2I_PKCS12 254
#define ASN1_F_D2I_PKCS12_BAGS 255
#define ASN1_F_D2I_PKCS12_MAC_DATA 256
#define ASN1_F_NETSCAPE_PKEY_NEW 189
#define ASN1_F_NETSCAPE_SPKAC_NEW 190
#define ASN1_F_NETSCAPE_SPKI_NEW 191
+#define ASN1_F_PBE2PARAM_NEW 264
#define ASN1_F_PBEPARAM_NEW 251
+#define ASN1_F_PBKDF2PARAM_NEW 265
#define ASN1_F_PKCS12_BAGS_NEW 258
#define ASN1_F_PKCS12_MAC_DATA_NEW 259
#define ASN1_F_PKCS12_NEW 260
#define ASN1_F_D2I_NETSCAPE_RSA_2 142
#define ASN1_F_D2I_NETSCAPE_SPKAC 143
#define ASN1_F_D2I_NETSCAPE_SPKI 144
+#define ASN1_F_D2I_PBE2PARAM 262
#define ASN1_F_D2I_PBEPARAM 249
+#define ASN1_F_D2I_PBKDF2PARAM 263
#define ASN1_F_D2I_PKCS12 254
#define ASN1_F_D2I_PKCS12_BAGS 255
#define ASN1_F_D2I_PKCS12_MAC_DATA 256
#define ASN1_F_NETSCAPE_PKEY_NEW 189
#define ASN1_F_NETSCAPE_SPKAC_NEW 190
#define ASN1_F_NETSCAPE_SPKI_NEW 191
+#define ASN1_F_PBE2PARAM_NEW 264
#define ASN1_F_PBEPARAM_NEW 251
+#define ASN1_F_PBKDF2PARAM_NEW 265
#define ASN1_F_PKCS12_BAGS_NEW 258
#define ASN1_F_PKCS12_MAC_DATA_NEW 259
#define ASN1_F_PKCS12_NEW 260
{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0), "D2I_NETSCAPE_RSA_2"},
{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0), "D2I_NETSCAPE_SPKAC"},
{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0), "D2I_NETSCAPE_SPKI"},
+{ERR_PACK(0,ASN1_F_D2I_PBE2PARAM,0), "D2I_PBE2PARAM"},
{ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0), "D2I_PBEPARAM"},
+{ERR_PACK(0,ASN1_F_D2I_PBKDF2PARAM,0), "D2I_PBKDF2PARAM"},
{ERR_PACK(0,ASN1_F_D2I_PKCS12,0), "D2I_PKCS12"},
{ERR_PACK(0,ASN1_F_D2I_PKCS12_BAGS,0), "D2I_PKCS12_BAGS"},
{ERR_PACK(0,ASN1_F_D2I_PKCS12_MAC_DATA,0), "D2I_PKCS12_MAC_DATA"},
{ERR_PACK(0,ASN1_F_NETSCAPE_PKEY_NEW,0), "NETSCAPE_PKEY_NEW"},
{ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0), "NETSCAPE_SPKAC_NEW"},
{ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0), "NETSCAPE_SPKI_NEW"},
+{ERR_PACK(0,ASN1_F_PBE2PARAM_NEW,0), "PBE2PARAM_NEW"},
{ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0), "PBEPARAM_NEW"},
+{ERR_PACK(0,ASN1_F_PBKDF2PARAM_NEW,0), "PBKDF2PARAM_NEW"},
{ERR_PACK(0,ASN1_F_PKCS12_BAGS_NEW,0), "PKCS12_BAGS_NEW"},
{ERR_PACK(0,ASN1_F_PKCS12_MAC_DATA_NEW,0), "PKCS12_MAC_DATA_NEW"},
{ERR_PACK(0,ASN1_F_PKCS12_NEW,0), "PKCS12_NEW"},
--- /dev/null
+/* p5_pbev2.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1_mac.h"
+#include "rand.h"
+
+/* PKCS#5 v2.0 password based encryption structures */
+
+/*
+ *ASN1err(ASN1_F_PBE2PARAM_NEW,ASN1_R_DECODE_ERROR)
+ *ASN1err(ASN1_F_D2I_PBE2PARAM,ASN1_R_DECODE_ERROR)
+ *ASN1err(ASN1_F_PBKDF2PARAM_NEW,ASN1_R_DECODE_ERROR)
+ *ASN1err(ASN1_F_D2I_PBKDF2PARAM,ASN1_R_DECODE_ERROR)
+ */
+
+int i2d_PBE2PARAM(a, pp)
+PBE2PARAM *a;
+unsigned char **pp;
+{
+ M_ASN1_I2D_vars(a);
+ M_ASN1_I2D_len (a->keyfunc, i2d_X509_ALGOR);
+ M_ASN1_I2D_len (a->encryption, i2d_X509_ALGOR);
+
+ M_ASN1_I2D_seq_total ();
+
+ M_ASN1_I2D_put (a->keyfunc, i2d_X509_ALGOR);
+ M_ASN1_I2D_put (a->encryption, i2d_X509_ALGOR);
+
+ M_ASN1_I2D_finish();
+}
+
+PBE2PARAM *PBE2PARAM_new()
+{
+ PBE2PARAM *ret=NULL;
+ ASN1_CTX c;
+ M_ASN1_New_Malloc(ret, PBE2PARAM);
+ M_ASN1_New(ret->keyfunc,X509_ALGOR_new);
+ M_ASN1_New(ret->encryption,X509_ALGOR_new);
+ return (ret);
+ M_ASN1_New_Error(ASN1_F_PBE2PARAM_NEW);
+}
+
+PBE2PARAM *d2i_PBE2PARAM(a,pp,length)
+PBE2PARAM **a;
+unsigned char **pp;
+long length;
+{
+ M_ASN1_D2I_vars(a,PBE2PARAM *,PBE2PARAM_new);
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get (ret->keyfunc, d2i_X509_ALGOR);
+ M_ASN1_D2I_get (ret->encryption, d2i_X509_ALGOR);
+ M_ASN1_D2I_Finish(a, PBE2PARAM_free, ASN1_F_D2I_PBE2PARAM);
+}
+
+void PBE2PARAM_free (a)
+PBE2PARAM *a;
+{
+ if(a==NULL) return;
+ X509_ALGOR_free(a->keyfunc);
+ X509_ALGOR_free(a->encryption);
+ Free ((char *)a);
+}
+
+int i2d_PBKDF2PARAM(a, pp)
+PBKDF2PARAM *a;
+unsigned char **pp;
+{
+ M_ASN1_I2D_vars(a);
+ M_ASN1_I2D_len (a->salt, i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_len (a->iter, i2d_ASN1_INTEGER);
+ M_ASN1_I2D_len (a->keylength, i2d_ASN1_INTEGER);
+ M_ASN1_I2D_len (a->prf, i2d_X509_ALGOR);
+
+ M_ASN1_I2D_seq_total ();
+
+ M_ASN1_I2D_put (a->salt, i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_put (a->iter, i2d_ASN1_INTEGER);
+ M_ASN1_I2D_put (a->keylength, i2d_ASN1_INTEGER);
+ M_ASN1_I2D_put (a->prf, i2d_X509_ALGOR);
+
+ M_ASN1_I2D_finish();
+}
+
+PBKDF2PARAM *PBKDF2PARAM_new()
+{
+ PBKDF2PARAM *ret=NULL;
+ ASN1_CTX c;
+ M_ASN1_New_Malloc(ret, PBKDF2PARAM);
+ M_ASN1_New(ret->salt, ASN1_OCTET_STRING_new);
+ M_ASN1_New(ret->iter, ASN1_INTEGER_new);
+ ret->keylength = NULL;
+ ret->prf = NULL;
+ return (ret);
+ M_ASN1_New_Error(ASN1_F_PBKDF2PARAM_NEW);
+}
+
+PBKDF2PARAM *d2i_PBKDF2PARAM(a,pp,length)
+PBKDF2PARAM **a;
+unsigned char **pp;
+long length;
+{
+ M_ASN1_D2I_vars(a,PBKDF2PARAM *,PBKDF2PARAM_new);
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get (ret->salt, d2i_ASN1_OCTET_STRING);
+ M_ASN1_D2I_get (ret->iter, d2i_ASN1_INTEGER);
+ M_ASN1_D2I_get_opt (ret->keylength, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
+ M_ASN1_D2I_get_opt (ret->prf, d2i_X509_ALGOR, V_ASN1_SEQUENCE);
+ M_ASN1_D2I_Finish(a, PBKDF2PARAM_free, ASN1_F_D2I_PBKDF2PARAM);
+}
+
+void PBKDF2PARAM_free (a)
+PBKDF2PARAM *a;
+{
+ if(a==NULL) return;
+ ASN1_OCTET_STRING_free(a->salt);
+ ASN1_INTEGER_free(a->iter);
+ ASN1_INTEGER_free(a->keylength);
+ X509_ALGOR_free(a->prf);
+ Free ((char *)a);
+}
+
* perl obj_dat.pl < objects.h > obj_dat.h
*/
-#define NUM_NID 161
+#define NUM_NID 164
#define NUM_SN 115
-#define NUM_LN 157
-#define NUM_OBJ 133
+#define NUM_LN 160
+#define NUM_OBJ 136
-static unsigned char lvalues[914]={
+static unsigned char lvalues[940]={
0x00, /* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [883] OBJ_x509Certificate */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [893] OBJ_sdsiCertificate */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [903] OBJ_x509Crl */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [913] OBJ_pbes2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [922] OBJ_pbmac1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [931] OBJ_hmacWithSHA1 */
};
static ASN1_OBJECT nid_objs[NUM_NID]={
{"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10,
&(lvalues[893]),0},
{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[903]),0},
+{"PBES2","PBES2",NID_pbes2,9,&(lvalues[913]),0},
+{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[922]),0},
+{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[931]),0},
};
static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[73]),/* "Netscape Revocation Url" */
&(nid_objs[77]),/* "Netscape SSL Server Name" */
&(nid_objs[139]),/* "Netscape Server Gated Crypto" */
+&(nid_objs[161]),/* "PBES2" */
+&(nid_objs[162]),/* "PBMAC1" */
&(nid_objs[143]),/* "Strong Extranet ID" */
&(nid_objs[130]),/* "TLS Web Client Authentication" */
&(nid_objs[129]),/* "TLS Web Server Authentication" */
&(nid_objs[56]),/* "extendedCertificateAttributes" */
&(nid_objs[156]),/* "friendlyName" */
&(nid_objs[99]),/* "givenName" */
+&(nid_objs[163]),/* "hmacWithSHA1" */
&(nid_objs[34]),/* "idea-cbc" */
&(nid_objs[35]),/* "idea-cfb" */
&(nid_objs[36]),/* "idea-ecb" */
&(nid_objs[47]),/* OBJ_pkcs9 1 2 840 113549 1 9 */
&(nid_objs[ 3]),/* OBJ_md2 1 2 840 113549 2 2 */
&(nid_objs[ 4]),/* OBJ_md5 1 2 840 113549 2 5 */
+&(nid_objs[163]),/* OBJ_hmacWithSHA1 1 2 840 113549 2 7 */
&(nid_objs[37]),/* OBJ_rc2_cbc 1 2 840 113549 3 2 */
&(nid_objs[ 5]),/* OBJ_rc4 1 2 840 113549 3 4 */
&(nid_objs[44]),/* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */
&(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */
&(nid_objs[68]),/* OBJ_pbeWithSHA1AndRC2_CBC 1 2 840 113549 1 5 11 */
&(nid_objs[69]),/* OBJ_pbeWithSHA1AndRC4 1 2 840 113549 1 5 12 */
+&(nid_objs[161]),/* OBJ_pbes2 1 2 840 113549 1 5 13 */
+&(nid_objs[162]),/* OBJ_pbmac1 1 2 840 113549 1 5 14 */
&(nid_objs[21]),/* OBJ_pkcs7_data 1 2 840 113549 1 7 1 */
&(nid_objs[22]),/* OBJ_pkcs7_signed 1 2 840 113549 1 7 2 */
&(nid_objs[23]),/* OBJ_pkcs7_enveloped 1 2 840 113549 1 7 3 */
#define NID_x509Crl 160
#define OBJ_x509Crl OBJ_crlTypes, 1L
+/* PKCS#5 v2 OIDs */
+#define LN_pbes2 "PBES2"
+#define NID_pbes2 161
+#define OBJ_pbes2 OBJ_pkcs,5L,13L
+
+#define LN_pbmac1 "PBMAC1"
+#define NID_pbmac1 162
+#define OBJ_pbmac1 OBJ_pkcs,5L,14L
+
+#define LN_hmacWithSHA1 "hmacWithSHA1"
+#define NID_hmacWithSHA1 163
+#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L
#include "bio.h"
#include "asn1.h"
ASN1_INTEGER *iter;
} PBEPARAM;
+/* Password based encryption V2 structures */
+
+typedef struct PBE2PARAM_st {
+X509_ALGOR *keyfunc;
+X509_ALGOR *encryption;
+} PBE2PARAM;
+
+typedef struct PBKDF2PARAM_st {
+ASN1_OCTET_STRING *salt;
+ASN1_INTEGER *iter;
+ASN1_INTEGER *keylength;
+X509_ALGOR *prf;
+} PBKDF2PARAM;
+
+
/* PKCS#8 private key info structure */
typedef struct pkcs8_priv_key_info_st
void PBEPARAM_free(PBEPARAM *a);
X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
+int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **pp);
+PBKDF2PARAM *PBKDF2PARAM_new(void);
+PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, unsigned char **pp, long length);
+void PBKDF2PARAM_free(PBKDF2PARAM *a);
+
+int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **pp);
+PBE2PARAM *PBE2PARAM_new(void);
+PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, unsigned char **pp, long length);
+void PBE2PARAM_free(PBE2PARAM *a);
+
/* PKCS#8 utilities */
int i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **pp);
PBEPARAM *d2i_PBEPARAM();
void PBEPARAM_free();
+int i2d_PBKDF2PARAM();
+PBKDF2PARAM *PBKDF2PARAM_new();
+PBKDF2PARAM *d2i_PBKDF2PARAM();
+void PBKDF2PARAM_free();
+
+int i2d_PBE2PARAM();
+PBE2PARAM *PBE2PARAM_new();
+PBE2PARAM *d2i_PBE2PARAM();
+void PBE2PARAM_free();
+
int i2d_PKCS8_PRIV_KEY_INFO();
PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new();
PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO();