From: Dr. Stephen Henson Date: Sun, 28 Mar 1999 17:46:10 +0000 (+0000) Subject: Further PKCS#12 integration, PBE, PKCS#8 additions. X-Git-Tag: OpenSSL_0_9_3beta1~397 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=cfcefcbe2aff81c1735c788ca6ae26b7c16cc453;p=oweals%2Fopenssl.git Further PKCS#12 integration, PBE, PKCS#8 additions. --- diff --git a/CHANGES b/CHANGES index 92021d38fb..f597acccbc 100644 --- a/CHANGES +++ b/CHANGES @@ -5,9 +5,14 @@ Changes between 0.9.2b and 0.9.3 + *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and + packing functions to asn1 and evp. Changed function names and error + codes along the way. + [Steve Henson] + *) PKCS12 integration: and so it begins... First of several patches to slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12 - objects to object.h + objects to objects.h [Steve Henson] *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1 diff --git a/crypto/asn1/Makefile.ssl b/crypto/asn1/Makefile.ssl index 1b3f69f42e..5f5750b1bc 100644 --- a/crypto/asn1/Makefile.ssl +++ b/crypto/asn1/Makefile.ssl @@ -36,7 +36,7 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \ f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \ asn1_par.c asn1_lib.c $(ERRC).c a_meth.c a_bytes.c \ - evp_asn1.c + evp_asn1.c asn_pack.c p5_pbe.c p8_pkey.c LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o \ a_enum.o a_sign.o a_digest.o a_verify.o \ @@ -51,7 +51,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \ f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \ asn1_par.o asn1_lib.o $(ERRC).o a_meth.o a_bytes.o \ - evp_asn1.o + evp_asn1.o asn_pack.o p5_pbe.o p8_pkey.o SRC= $(LIBSRC) diff --git a/crypto/asn1/asn1.err b/crypto/asn1/asn1.err index 3146d470bd..065448c24b 100644 --- a/crypto/asn1/asn1.err +++ b/crypto/asn1/asn1.err @@ -19,12 +19,16 @@ #define ASN1_F_ASN1_INTEGER_SET 111 #define ASN1_F_ASN1_INTEGER_TO_BN 112 #define ASN1_F_ASN1_OBJECT_NEW 113 +#define ASN1_F_ASN1_PACK_STRING 245 +#define ASN1_F_ASN1_SEQ_PACK 246 +#define ASN1_F_ASN1_SEQ_UNPACK 247 #define ASN1_F_ASN1_SIGN 114 #define ASN1_F_ASN1_STRING_NEW 115 #define ASN1_F_ASN1_STRING_TYPE_NEW 116 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 117 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 118 #define ASN1_F_ASN1_TYPE_NEW 119 +#define ASN1_F_ASN1_UNPACK_STRING 248 #define ASN1_F_ASN1_UTCTIME_NEW 120 #define ASN1_F_ASN1_VERIFY 121 #define ASN1_F_AUTHORITY_KEYID_NEW 237 @@ -60,6 +64,7 @@ #define ASN1_F_D2I_NETSCAPE_RSA_2 142 #define ASN1_F_D2I_NETSCAPE_SPKAC 143 #define ASN1_F_D2I_NETSCAPE_SPKI 144 +#define ASN1_F_D2I_PBEPARAM 249 #define ASN1_F_D2I_PKCS7 145 #define ASN1_F_D2I_PKCS7_DIGEST 146 #define ASN1_F_D2I_PKCS7_ENCRYPT 147 @@ -70,6 +75,7 @@ #define ASN1_F_D2I_PKCS7_SIGNED 152 #define ASN1_F_D2I_PKCS7_SIGNER_INFO 153 #define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE 154 +#define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO 250 #define ASN1_F_D2I_PKEY_USAGE_PERIOD 239 #define ASN1_F_D2I_PRIVATEKEY 155 #define ASN1_F_D2I_PUBLICKEY 156 @@ -113,6 +119,7 @@ #define ASN1_F_NETSCAPE_PKEY_NEW 189 #define ASN1_F_NETSCAPE_SPKAC_NEW 190 #define ASN1_F_NETSCAPE_SPKI_NEW 191 +#define ASN1_F_PBEPARAM_NEW 251 #define ASN1_F_PKCS7_DIGEST_NEW 192 #define ASN1_F_PKCS7_ENCRYPT_NEW 193 #define ASN1_F_PKCS7_ENC_CONTENT_NEW 194 @@ -123,6 +130,7 @@ #define ASN1_F_PKCS7_SIGNED_NEW 199 #define ASN1_F_PKCS7_SIGNER_INFO_NEW 200 #define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW 201 +#define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW 252 #define ASN1_F_PKEY_USAGE_PERIOD_NEW 240 #define ASN1_F_SXNETID_NEW 244 #define ASN1_F_SXNET_NEW 242 @@ -159,7 +167,10 @@ #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 108 #define ASN1_R_BUFFER_TOO_SMALL 109 #define ASN1_R_DATA_IS_WRONG 110 +#define ASN1_R_DECODE_ERROR 155 #define ASN1_R_DECODING_ERROR 111 +#define ASN1_R_DEOCDE_ERROR 157 +#define ASN1_R_ENCODE_ERROR 156 #define ASN1_R_ERROR_PARSING_SET_ELEMENT 112 #define ASN1_R_EXPECTING_AN_ENUMERATED 154 #define ASN1_R_EXPECTING_AN_INTEGER 113 diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 7e605c83d6..36ffa372a2 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -575,6 +575,13 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num, unsigned char *data, int max_len); +STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(), + void (*free_func)() ); +unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf, + int *len ); +char *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)()); +ASN1_STRING *ASN1_pack_string(char *obj, int (*i2d)(), ASN1_OCTET_STRING **oct); + #else ASN1_TYPE * ASN1_TYPE_new(); @@ -688,6 +695,11 @@ int ASN1_TYPE_get_int_octetstring(); int i2d_ASN1_BMPSTRING(); ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(); +STACK *ASN1_seq_unpack(); +unsigned char *ASN1_seq_pack(); +char *ASN1_unpack_string(); +ASN1_STRING *ASN1_pack_string(); + #endif /* BEGIN ERROR CODES */ @@ -712,12 +724,16 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(); #define ASN1_F_ASN1_INTEGER_SET 111 #define ASN1_F_ASN1_INTEGER_TO_BN 112 #define ASN1_F_ASN1_OBJECT_NEW 113 +#define ASN1_F_ASN1_PACK_STRING 245 +#define ASN1_F_ASN1_SEQ_PACK 246 +#define ASN1_F_ASN1_SEQ_UNPACK 247 #define ASN1_F_ASN1_SIGN 114 #define ASN1_F_ASN1_STRING_NEW 115 #define ASN1_F_ASN1_STRING_TYPE_NEW 116 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 117 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 118 #define ASN1_F_ASN1_TYPE_NEW 119 +#define ASN1_F_ASN1_UNPACK_STRING 248 #define ASN1_F_ASN1_UTCTIME_NEW 120 #define ASN1_F_ASN1_VERIFY 121 #define ASN1_F_AUTHORITY_KEYID_NEW 237 @@ -753,6 +769,7 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(); #define ASN1_F_D2I_NETSCAPE_RSA_2 142 #define ASN1_F_D2I_NETSCAPE_SPKAC 143 #define ASN1_F_D2I_NETSCAPE_SPKI 144 +#define ASN1_F_D2I_PBEPARAM 249 #define ASN1_F_D2I_PKCS7 145 #define ASN1_F_D2I_PKCS7_DIGEST 146 #define ASN1_F_D2I_PKCS7_ENCRYPT 147 @@ -763,6 +780,7 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(); #define ASN1_F_D2I_PKCS7_SIGNED 152 #define ASN1_F_D2I_PKCS7_SIGNER_INFO 153 #define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE 154 +#define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO 250 #define ASN1_F_D2I_PKEY_USAGE_PERIOD 239 #define ASN1_F_D2I_PRIVATEKEY 155 #define ASN1_F_D2I_PUBLICKEY 156 @@ -806,6 +824,7 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(); #define ASN1_F_NETSCAPE_PKEY_NEW 189 #define ASN1_F_NETSCAPE_SPKAC_NEW 190 #define ASN1_F_NETSCAPE_SPKI_NEW 191 +#define ASN1_F_PBEPARAM_NEW 251 #define ASN1_F_PKCS7_DIGEST_NEW 192 #define ASN1_F_PKCS7_ENCRYPT_NEW 193 #define ASN1_F_PKCS7_ENC_CONTENT_NEW 194 @@ -816,6 +835,7 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(); #define ASN1_F_PKCS7_SIGNED_NEW 199 #define ASN1_F_PKCS7_SIGNER_INFO_NEW 200 #define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW 201 +#define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW 252 #define ASN1_F_PKEY_USAGE_PERIOD_NEW 240 #define ASN1_F_SXNETID_NEW 244 #define ASN1_F_SXNET_NEW 242 @@ -852,7 +872,10 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(); #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 108 #define ASN1_R_BUFFER_TOO_SMALL 109 #define ASN1_R_DATA_IS_WRONG 110 +#define ASN1_R_DECODE_ERROR 155 #define ASN1_R_DECODING_ERROR 111 +#define ASN1_R_DEOCDE_ERROR 157 +#define ASN1_R_ENCODE_ERROR 156 #define ASN1_R_ERROR_PARSING_SET_ELEMENT 112 #define ASN1_R_EXPECTING_AN_ENUMERATED 154 #define ASN1_R_EXPECTING_AN_INTEGER 113 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 900358249a..a150e3fa53 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -81,12 +81,16 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0), "ASN1_INTEGER_set"}, {ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0), "ASN1_INTEGER_to_BN"}, {ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0), "ASN1_OBJECT_new"}, +{ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0), "ASN1_pack_string"}, +{ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0), "ASN1_seq_pack"}, +{ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0), "ASN1_seq_unpack"}, {ERR_PACK(0,ASN1_F_ASN1_SIGN,0), "ASN1_SIGN"}, {ERR_PACK(0,ASN1_F_ASN1_STRING_NEW,0), "ASN1_STRING_new"}, {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0), "ASN1_STRING_type_new"}, {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"}, {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"}, {ERR_PACK(0,ASN1_F_ASN1_TYPE_NEW,0), "ASN1_TYPE_new"}, +{ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"}, {ERR_PACK(0,ASN1_F_ASN1_UTCTIME_NEW,0), "ASN1_UTCTIME_NEW"}, {ERR_PACK(0,ASN1_F_ASN1_VERIFY,0), "ASN1_VERIFY"}, {ERR_PACK(0,ASN1_F_AUTHORITY_KEYID_NEW,0), "AUTHORITY_KEYID_NEW"}, @@ -122,6 +126,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0), "D2I_NETSCAPE_RSA_2"}, {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0), "D2I_NETSCAPE_SPKAC"}, {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0), "D2I_NETSCAPE_SPKI"}, +{ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0), "D2I_PBEPARAM"}, {ERR_PACK(0,ASN1_F_D2I_PKCS7,0), "D2I_PKCS7"}, {ERR_PACK(0,ASN1_F_D2I_PKCS7_DIGEST,0), "D2I_PKCS7_DIGEST"}, {ERR_PACK(0,ASN1_F_D2I_PKCS7_ENCRYPT,0), "D2I_PKCS7_ENCRYPT"}, @@ -132,6 +137,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNED,0), "D2I_PKCS7_SIGNED"}, {ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNER_INFO,0), "D2I_PKCS7_SIGNER_INFO"}, {ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,0), "D2I_PKCS7_SIGN_ENVELOPE"}, +{ERR_PACK(0,ASN1_F_D2I_PKCS8_PRIV_KEY_INFO,0), "D2I_PKCS8_PRIV_KEY_INFO"}, {ERR_PACK(0,ASN1_F_D2I_PKEY_USAGE_PERIOD,0), "D2I_PKEY_USAGE_PERIOD"}, {ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0), "D2I_PRIVATEKEY"}, {ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0), "D2I_PUBLICKEY"}, @@ -175,6 +181,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_NETSCAPE_PKEY_NEW,0), "NETSCAPE_PKEY_NEW"}, {ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0), "NETSCAPE_SPKAC_NEW"}, {ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0), "NETSCAPE_SPKI_NEW"}, +{ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0), "PBEPARAM_NEW"}, {ERR_PACK(0,ASN1_F_PKCS7_DIGEST_NEW,0), "PKCS7_DIGEST_NEW"}, {ERR_PACK(0,ASN1_F_PKCS7_ENCRYPT_NEW,0), "PKCS7_ENCRYPT_NEW"}, {ERR_PACK(0,ASN1_F_PKCS7_ENC_CONTENT_NEW,0), "PKCS7_ENC_CONTENT_NEW"}, @@ -185,6 +192,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_PKCS7_SIGNED_NEW,0), "PKCS7_SIGNED_NEW"}, {ERR_PACK(0,ASN1_F_PKCS7_SIGNER_INFO_NEW,0), "PKCS7_SIGNER_INFO_NEW"}, {ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0), "PKCS7_SIGN_ENVELOPE_NEW"}, +{ERR_PACK(0,ASN1_F_PKCS8_PRIV_KEY_INFO_NEW,0), "PKCS8_PRIV_KEY_INFO_NEW"}, {ERR_PACK(0,ASN1_F_PKEY_USAGE_PERIOD_NEW,0), "PKEY_USAGE_PERIOD_NEW"}, {ERR_PACK(0,ASN1_F_SXNETID_NEW,0), "SXNETID_NEW"}, {ERR_PACK(0,ASN1_F_SXNET_NEW,0), "SXNET_NEW"}, @@ -224,7 +232,10 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ASN1_R_BOOLEAN_IS_WRONG_LENGTH ,"boolean is wrong length"}, {ASN1_R_BUFFER_TOO_SMALL ,"buffer too small"}, {ASN1_R_DATA_IS_WRONG ,"data is wrong"}, +{ASN1_R_DECODE_ERROR ,"decode error"}, {ASN1_R_DECODING_ERROR ,"decoding error"}, +{ASN1_R_DEOCDE_ERROR ,"deocde error"}, +{ASN1_R_ENCODE_ERROR ,"encode error"}, {ASN1_R_ERROR_PARSING_SET_ELEMENT ,"error parsing set element"}, {ASN1_R_EXPECTING_AN_ENUMERATED ,"expecting an enumerated"}, {ASN1_R_EXPECTING_AN_INTEGER ,"expecting an integer"}, diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c new file mode 100644 index 0000000000..e04d327e41 --- /dev/null +++ b/crypto/asn1/asn_pack.c @@ -0,0 +1,154 @@ +/* asn_pack.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "cryptlib.h" +#include "asn1.h" + +/* ASN1 packing and unpacking functions */ + +/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */ + +STACK *ASN1_seq_unpack(buf, len, d2i, free_func) +unsigned char *buf; +int len; +char *(*d2i)(); +void (*free_func)(); +{ + STACK *sk; + unsigned char *pbuf; + pbuf = buf; + if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func, + V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL))) + ASN1err(ASN1_F_ASN1_SEQ_UNPACK,ASN1_R_DECODE_ERROR); + return sk; +} + +/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a + * Malloc'ed buffer + */ + +unsigned char *ASN1_seq_pack(safes, i2d, buf, len) +STACK *safes; +int (*i2d)(); +unsigned char **buf; +int *len; +{ + int safelen; + unsigned char *safe, *p; + if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE, + V_ASN1_UNIVERSAL, IS_SEQUENCE))) { + ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR); + return NULL; + } + if (!(safe = Malloc (safelen))) { + ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE); + return NULL; + } + p = safe; + i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, + IS_SEQUENCE); + if (len) *len = safelen; + if (buf) *buf = safe; + return safe; +} + +/* Extract an ASN1 object from an ASN1_STRING */ + +char *ASN1_unpack_string (oct, d2i) +ASN1_STRING *oct; +char *(*d2i)(); +{ + unsigned char *p, *ret; + p = oct->data; + if(!(ret = d2i(NULL, &p, oct->length))) + ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR); + return ret; +} + +/* Pack an ASN1 object into an ASN1_STRING */ + +ASN1_STRING *ASN1_pack_string (obj, i2d, oct) +char *obj; +int (*i2d)(); +ASN1_STRING **oct; +{ + unsigned char *p; + ASN1_STRING *octmp; + + if (!oct || !*oct) { + if (!(octmp = ASN1_STRING_new ())) { + ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); + return NULL; + } + if (oct) *oct = octmp; + } else octmp = *oct; + + if (!(octmp->length = i2d(obj, NULL))) { + ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); + return NULL; + } + if (!(p = Malloc (octmp->length))) { + ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); + return NULL; + } + octmp->data = p; + i2d (obj, &p); + return octmp; +} + diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c new file mode 100644 index 0000000000..a94d6c14d8 --- /dev/null +++ b/crypto/asn1/p5_pbe.c @@ -0,0 +1,116 @@ +/* p5_pbe.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "cryptlib.h" +#include "asn1_mac.h" + +/* PKCS#5 password based encryption structure */ + +/* + *ASN1err(ASN1_F_PBEPARAM_NEW,ASN1_R_DEOCDE_ERROR) + *ASN1err(ASN1_F_D2I_PBEPARAM,ASN1_R_DEOCDE_ERROR) + */ + +int i2d_PBEPARAM(a, pp) +PBEPARAM *a; +unsigned char **pp; +{ + M_ASN1_I2D_vars(a); + M_ASN1_I2D_len (a->salt, i2d_ASN1_OCTET_STRING); + M_ASN1_I2D_len (a->iter, i2d_ASN1_INTEGER); + + M_ASN1_I2D_seq_total (); + + M_ASN1_I2D_put (a->salt, i2d_ASN1_OCTET_STRING); + M_ASN1_I2D_put (a->iter, i2d_ASN1_INTEGER); + M_ASN1_I2D_finish(); +} + +PBEPARAM *PBEPARAM_new() +{ + PBEPARAM *ret=NULL; + ASN1_CTX c; + M_ASN1_New_Malloc(ret, PBEPARAM); + M_ASN1_New(ret->iter,ASN1_INTEGER_new); + M_ASN1_New(ret->salt,ASN1_OCTET_STRING_new); + return (ret); + M_ASN1_New_Error(ASN1_F_PBEPARAM_NEW); +} + +PBEPARAM *d2i_PBEPARAM(a,pp,length) +PBEPARAM **a; +unsigned char **pp; +long length; +{ + M_ASN1_D2I_vars(a,PBEPARAM *,PBEPARAM_new); + M_ASN1_D2I_Init(); + M_ASN1_D2I_start_sequence(); + M_ASN1_D2I_get (ret->salt, d2i_ASN1_OCTET_STRING); + M_ASN1_D2I_get (ret->iter, d2i_ASN1_INTEGER); + M_ASN1_D2I_Finish(a, PBEPARAM_free, ASN1_F_D2I_PBEPARAM); +} + +void PBEPARAM_free (a) +PBEPARAM *a; +{ + if(a==NULL) return; + ASN1_OCTET_STRING_free(a->salt); + ASN1_INTEGER_free (a->iter); + Free ((char *)a); +} diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c new file mode 100644 index 0000000000..360009422f --- /dev/null +++ b/crypto/asn1/p8_pkey.c @@ -0,0 +1,135 @@ +/* p8_pkey.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "cryptlib.h" +#include "asn1_mac.h" + +/* + *ASN1err(ASN1_F_PKCS8_PRIV_KEY_INFO_NEW,ASN1_R_DECODE_ERROR) + *ASN1err(ASN1_F_D2I_PKCS8_PRIV_KEY_INFO,ASN1_R_DECODE_ERROR) + */ + +int i2d_PKCS8_PRIV_KEY_INFO (a,pp) +PKCS8_PRIV_KEY_INFO *a; +unsigned char **pp; +{ + + M_ASN1_I2D_vars(a); + + M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER); + M_ASN1_I2D_len (a->pkeyalg, i2d_X509_ALGOR); + M_ASN1_I2D_len (a->pkey, i2d_ASN1_TYPE); + M_ASN1_I2D_len_IMP_SET_opt (a->attributes, i2d_X509_ATTRIBUTE, 0); + + M_ASN1_I2D_seq_total (); + + M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER); + M_ASN1_I2D_put (a->pkeyalg, i2d_X509_ALGOR); + M_ASN1_I2D_put (a->pkey, i2d_ASN1_TYPE); + M_ASN1_I2D_put_IMP_SET_opt (a->attributes, i2d_X509_ATTRIBUTE, 0); + + M_ASN1_I2D_finish(); +} + +PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new() +{ + PKCS8_PRIV_KEY_INFO *ret=NULL; + ASN1_CTX c; + M_ASN1_New_Malloc(ret, PKCS8_PRIV_KEY_INFO); + M_ASN1_New (ret->version, ASN1_INTEGER_new); + M_ASN1_New (ret->pkeyalg, X509_ALGOR_new); + M_ASN1_New (ret->pkey, ASN1_TYPE_new); + ret->attributes = NULL; + ret->broken = PKCS8_OK; + return (ret); + M_ASN1_New_Error(ASN1_F_PKCS8_PRIV_KEY_INFO_NEW); +} + +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(a,pp,length) +PKCS8_PRIV_KEY_INFO **a; +unsigned char **pp; +long length; +{ + M_ASN1_D2I_vars(a,PKCS8_PRIV_KEY_INFO *,PKCS8_PRIV_KEY_INFO_new); + M_ASN1_D2I_Init(); + M_ASN1_D2I_start_sequence(); + M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER); + M_ASN1_D2I_get (ret->pkeyalg, d2i_X509_ALGOR); + M_ASN1_D2I_get (ret->pkey, d2i_ASN1_TYPE); + M_ASN1_D2I_get_IMP_set_opt(ret->attributes, d2i_X509_ATTRIBUTE, + X509_ATTRIBUTE_free, 0); + if (ASN1_TYPE_get(ret->pkey) == V_ASN1_SEQUENCE) + ret->broken = PKCS8_NO_OCTET; + M_ASN1_D2I_Finish(a, PKCS8_PRIV_KEY_INFO_free, ASN1_F_D2I_PKCS8_PRIV_KEY_INFO); +} + +void PKCS8_PRIV_KEY_INFO_free (a) +PKCS8_PRIV_KEY_INFO *a; +{ + if (a == NULL) return; + ASN1_INTEGER_free (a->version); + X509_ALGOR_free(a->pkeyalg); + /* Clear sensitive data */ + if (a->pkey->value.octet_string) + memset (a->pkey->value.octet_string->data, + 0, a->pkey->value.octet_string->length); + ASN1_TYPE_free (a->pkey); + sk_pop_free (a->attributes, X509_ATTRIBUTE_free); + Free ((char *)a); +} diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl index 89b7df56d3..4ed427b7a9 100644 --- a/crypto/evp/Makefile.ssl +++ b/crypto/evp/Makefile.ssl @@ -35,7 +35,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c \ m_ripemd.c \ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ bio_md.c bio_b64.c bio_enc.c $(ERRC).c e_null.c \ - c_all.c evp_lib.c bio_ok.c + c_all.c evp_lib.c bio_ok.c evp_pkey.c evp_pbe.c LIBOBJ= encode.o digest.o evp_enc.o evp_key.o \ e_ecb_d.o e_cbc_d.o e_cfb_d.o e_ofb_d.o \ @@ -50,7 +50,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o \ m_ripemd.o \ p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \ bio_md.o bio_b64.o bio_enc.o $(ERRC).o e_null.o \ - c_all.o evp_lib.o bio_ok.o + c_all.o evp_lib.o bio_ok.o evp_pkey.o evp_pbe.o SRC= $(LIBSRC) diff --git a/crypto/evp/evp.err b/crypto/evp/evp.err index c2470f678c..367584e8a7 100644 --- a/crypto/evp/evp.err +++ b/crypto/evp/evp.err @@ -3,7 +3,14 @@ /* Function codes. */ #define EVP_F_D2I_PKEY 100 #define EVP_F_EVP_DECRYPTFINAL 101 +#define EVP_F_EVP_MD_CTX_COPY 110 #define EVP_F_EVP_OPENINIT 102 +#define EVP_F_EVP_PBE_ALGOR_CIPHERINIT 114 +#define EVP_F_EVP_PBE_ALG_ADD 115 +#define EVP_F_EVP_PBE_CIPHERINIT 116 +#define EVP_F_EVP_PKCS82PKEY 111 +#define EVP_F_EVP_PKCS8_SET_BROKEN 112 +#define EVP_F_EVP_PKEY2PKCS8 113 #define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 #define EVP_F_EVP_PKEY_DECRYPT 104 #define EVP_F_EVP_PKEY_ENCRYPT 105 @@ -11,18 +18,27 @@ #define EVP_F_EVP_SIGNFINAL 107 #define EVP_F_EVP_VERIFYFINAL 108 #define EVP_F_RC2_MAGIC_TO_METH 109 -#define EVP_F_EVP_MD_CTX_COPY 110 /* Reason codes. */ #define EVP_R_BAD_DECRYPT 100 +#define EVP_R_BN_DECODE_ERROR 112 +#define EVP_R_BN_PUBKEY_ERROR 113 +#define EVP_R_DECODE_ERROR 114 #define EVP_R_DIFFERENT_KEY_TYPES 101 +#define EVP_R_ENCODE_ERROR 115 +#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 +#define EVP_R_INPUT_NOT_INITALISED 111 #define EVP_R_IV_TOO_LARGE 102 +#define EVP_R_KEYGEN_FAILURE 120 #define EVP_R_MISSING_PARMATERS 103 +#define EVP_R_NO_DSA_PARAMETERS 116 #define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 +#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 #define EVP_R_PUBLIC_KEY_NOT_RSA 106 +#define EVP_R_UNKNOWN_PBE_ALGORITHM 121 #define EVP_R_UNSUPPORTED_CIPHER 107 #define EVP_R_UNSUPPORTED_KEY_SIZE 108 +#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 #define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 #define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 -#define EVP_R_INPUT_NOT_INITALISED 111 diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 3aad7d1d5f..31ed4791a9 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -261,6 +261,8 @@ typedef struct env_md_st int ctx_size; /* how big does the ctx need to be */ } EVP_MD; + + #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} #ifndef NO_DSA @@ -396,6 +398,11 @@ typedef struct evp_Encode_Ctx_st int expect_nl; } EVP_ENCODE_CTX; +/* Password based encryption function */ +typedef int (EVP_PBE_KEYGEN)(unsigned char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, EVP_CIPHER *cipher, + EVP_MD *md, unsigned char *key, unsigned char *iv); + #define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ (char *)(rsa)) #define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ @@ -779,7 +786,14 @@ int EVP_CIPHER_get_asn1_iv(); /* Function codes. */ #define EVP_F_D2I_PKEY 100 #define EVP_F_EVP_DECRYPTFINAL 101 +#define EVP_F_EVP_MD_CTX_COPY 110 #define EVP_F_EVP_OPENINIT 102 +#define EVP_F_EVP_PBE_ALGOR_CIPHERINIT 114 +#define EVP_F_EVP_PBE_ALG_ADD 115 +#define EVP_F_EVP_PBE_CIPHERINIT 116 +#define EVP_F_EVP_PKCS82PKEY 111 +#define EVP_F_EVP_PKCS8_SET_BROKEN 112 +#define EVP_F_EVP_PKEY2PKCS8 113 #define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 #define EVP_F_EVP_PKEY_DECRYPT 104 #define EVP_F_EVP_PKEY_ENCRYPT 105 @@ -787,21 +801,30 @@ int EVP_CIPHER_get_asn1_iv(); #define EVP_F_EVP_SIGNFINAL 107 #define EVP_F_EVP_VERIFYFINAL 108 #define EVP_F_RC2_MAGIC_TO_METH 109 -#define EVP_F_EVP_MD_CTX_COPY 110 /* Reason codes. */ #define EVP_R_BAD_DECRYPT 100 +#define EVP_R_BN_DECODE_ERROR 112 +#define EVP_R_BN_PUBKEY_ERROR 113 +#define EVP_R_DECODE_ERROR 114 #define EVP_R_DIFFERENT_KEY_TYPES 101 +#define EVP_R_ENCODE_ERROR 115 +#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 +#define EVP_R_INPUT_NOT_INITALISED 111 #define EVP_R_IV_TOO_LARGE 102 +#define EVP_R_KEYGEN_FAILURE 120 #define EVP_R_MISSING_PARMATERS 103 +#define EVP_R_NO_DSA_PARAMETERS 116 #define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 +#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 #define EVP_R_PUBLIC_KEY_NOT_RSA 106 +#define EVP_R_UNKNOWN_PBE_ALGORITHM 121 #define EVP_R_UNSUPPORTED_CIPHER 107 #define EVP_R_UNSUPPORTED_KEY_SIZE 108 +#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 #define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 #define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 -#define EVP_R_INPUT_NOT_INITALISED 111 #ifdef __cplusplus } diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 19b3a1896e..7f8fe8d5fa 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -65,7 +65,14 @@ static ERR_STRING_DATA EVP_str_functs[]= { {ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"}, {ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"}, +{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"}, {ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"}, +{ERR_PACK(0,EVP_F_EVP_PBE_ALGOR_CIPHERINIT,0), "EVP_PBE_ALGOR_CIPHERINIT"}, +{ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_ALG_ADD"}, +{ERR_PACK(0,EVP_F_EVP_PBE_CIPHERINIT,0), "EVP_PBE_CIPHERINIT"}, +{ERR_PACK(0,EVP_F_EVP_PKCS82PKEY,0), "EVP_PKCS82PKEY"}, +{ERR_PACK(0,EVP_F_EVP_PKCS8_SET_BROKEN,0), "EVP_PKCS8_SET_BROKEN"}, +{ERR_PACK(0,EVP_F_EVP_PKEY2PKCS8,0), "EVP_PKEY2PKCS8"}, {ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0), "EVP_PKEY_copy_parameters"}, {ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0), "EVP_PKEY_decrypt"}, {ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0), "EVP_PKEY_encrypt"}, @@ -73,24 +80,33 @@ static ERR_STRING_DATA EVP_str_functs[]= {ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0), "EVP_SignFinal"}, {ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0), "EVP_VerifyFinal"}, {ERR_PACK(0,EVP_F_RC2_MAGIC_TO_METH,0), "RC2_MAGIC_TO_METH"}, -{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"}, {0,NULL}, }; static ERR_STRING_DATA EVP_str_reasons[]= { {EVP_R_BAD_DECRYPT ,"bad decrypt"}, +{EVP_R_BN_DECODE_ERROR ,"bn decode error"}, +{EVP_R_BN_PUBKEY_ERROR ,"bn pubkey error"}, +{EVP_R_DECODE_ERROR ,"decode error"}, {EVP_R_DIFFERENT_KEY_TYPES ,"different key types"}, +{EVP_R_ENCODE_ERROR ,"encode error"}, +{EVP_R_EVP_PBE_CIPHERINIT_ERROR ,"evp pbe cipherinit error"}, +{EVP_R_INPUT_NOT_INITALISED ,"input not initalised"}, {EVP_R_IV_TOO_LARGE ,"iv too large"}, +{EVP_R_KEYGEN_FAILURE ,"keygen failure"}, {EVP_R_MISSING_PARMATERS ,"missing parmaters"}, +{EVP_R_NO_DSA_PARAMETERS ,"no dsa parameters"}, {EVP_R_NO_SIGN_FUNCTION_CONFIGURED ,"no sign function configured"}, {EVP_R_NO_VERIFY_FUNCTION_CONFIGURED ,"no verify function configured"}, +{EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE ,"pkcs8 unknown broken type"}, {EVP_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"}, +{EVP_R_UNKNOWN_PBE_ALGORITHM ,"unknown pbe algorithm"}, {EVP_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, {EVP_R_UNSUPPORTED_KEY_SIZE ,"unsupported key size"}, +{EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ,"unsupported private key algorithm"}, {EVP_R_WRONG_FINAL_BLOCK_LENGTH ,"wrong final block length"}, {EVP_R_WRONG_PUBLIC_KEY_TYPE ,"wrong public key type"}, -{EVP_R_INPUT_NOT_INITALISED ,"input not initalised"}, {0,NULL}, }; diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c new file mode 100644 index 0000000000..e1ebb66357 --- /dev/null +++ b/crypto/evp/evp_pbe.c @@ -0,0 +1,176 @@ +/* p12_pbop.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "evp.h" +#include "x509.h" +#include "cryptlib.h" + +/* Password based encryption (PBE) functions */ + +static STACK *pbe_algs; + +/* Setup a cipher context from a PBE algorithm */ + +typedef struct { +int pbe_nid; +EVP_CIPHER *cipher; +EVP_MD *md; +EVP_PBE_KEYGEN *keygen; +} EVP_PBE_CTL; + +int EVP_PBE_CipherInit (pbe_obj, pass, passlen, salt, saltlen, iter, ctx, en_de) +ASN1_OBJECT *pbe_obj; +int passlen, saltlen, iter; +unsigned char *pass, *salt; +EVP_CIPHER_CTX *ctx; +int en_de; +{ + + EVP_PBE_CTL *pbetmp, pbelu; + unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; + int i; + pbelu.pbe_nid = OBJ_obj2nid(pbe_obj); + if ((pbelu.pbe_nid != NID_undef) && pbe_algs) + i = sk_find (pbe_algs, (char *)&pbelu); + else i = -1; + + if (i == -1) { + char obj_tmp[80]; + EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM); + if (!pbe_obj) strcpy (obj_tmp, "NULL"); + else i2t_ASN1_OBJECT(obj_tmp, 80, pbe_obj); + ERR_add_error_data(2, "TYPE=", obj_tmp); + return 0; + } + if (passlen == -1) passlen = strlen(pass); + pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i); + i = (*pbetmp->keygen)(pass, passlen, salt, saltlen, iter, + pbetmp->cipher, pbetmp->md, key, iv); + if (!i) { + EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE); + return 0; + } + EVP_CipherInit (ctx, pbetmp->cipher, key, iv, en_de); + return 1; +} + +/* Setup a PBE algorithm but take most parameters from AlgorithmIdentifier */ + +int EVP_PBE_ALGOR_CipherInit (algor, pass, passlen, ctx, en_de) +X509_ALGOR *algor; +unsigned char *pass; +int passlen; +EVP_CIPHER_CTX *ctx; +int en_de; +{ + PBEPARAM *pbe; + int saltlen, iter; + unsigned char *salt, *pbuf; + + /* Extract useful info from algor */ + pbuf = (char *) algor->parameter->value.sequence->data; + if (!(pbe = d2i_PBEPARAM (NULL, &pbuf, + algor->parameter->value.sequence->length))) { + EVPerr(EVP_F_EVP_PBE_ALGOR_CIPHERINIT,EVP_R_DECODE_ERROR); + return 0; + } + + if (!pbe->iter) iter = 1; + else iter = ASN1_INTEGER_get (pbe->iter); + salt = pbe->salt->data; + saltlen = pbe->salt->length; + + if (!(EVP_PBE_CipherInit (algor->algorithm, pass, passlen, salt, + saltlen, iter, ctx, en_de))) { + EVPerr(EVP_F_EVP_PBE_ALGOR_CIPHERINIT,EVP_R_EVP_PBE_CIPHERINIT_ERROR); + PBEPARAM_free(pbe); + return 0; + } + PBEPARAM_free(pbe); + return 1; +} + + +static int pbe_cmp (pbe1, pbe2) +EVP_PBE_CTL **pbe1, **pbe2; +{ + return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); +} + +/* Add a PBE algorithm */ + +int EVP_PBE_alg_add (nid, cipher, md, keygen) +int nid; +EVP_CIPHER *cipher; +EVP_MD *md; +EVP_PBE_KEYGEN *keygen; +{ + EVP_PBE_CTL *pbe_tmp; + if (!pbe_algs) pbe_algs = sk_new (pbe_cmp); + if (!(pbe_tmp = (EVP_PBE_CTL*) Malloc (sizeof(EVP_PBE_CTL)))) { + EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + pbe_tmp->pbe_nid = nid; + pbe_tmp->cipher = cipher; + pbe_tmp->md = md; + pbe_tmp->keygen = keygen; + sk_push (pbe_algs, (char *)pbe_tmp); + return 1; +} diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c new file mode 100644 index 0000000000..0046d8e84b --- /dev/null +++ b/crypto/evp/evp_pkey.c @@ -0,0 +1,291 @@ +/* evp_pkey.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "cryptlib.h" +#include "x509.h" +#include "rand.h" + +/* Extract a private key from a PKCS8 structure */ + +EVP_PKEY *EVP_PKCS82PKEY (p8) +PKCS8_PRIV_KEY_INFO *p8; +{ + EVP_PKEY *pkey; + RSA *rsa; + DSA *dsa; + ASN1_INTEGER *dsapriv; + X509_ALGOR *a; + STACK *ndsa; + BN_CTX *ctx; + unsigned char *p; + int plen, pkeylen; + char obj_tmp[80]; + + switch (p8->broken) { + case PKCS8_OK: + p = p8->pkey->value.octet_string->data; + pkeylen = p8->pkey->value.octet_string->length; + break; + + case PKCS8_NO_OCTET: + p = p8->pkey->value.sequence->data; + pkeylen = p8->pkey->value.sequence->length; + break; + + default: + EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); + return NULL; + break; + } + if (!(pkey = EVP_PKEY_new())) { + EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); + return NULL; + } + a = p8->pkeyalg; + switch (OBJ_obj2nid(a->algorithm)) + { + case NID_rsaEncryption: + if (!(rsa = d2i_RSAPrivateKey (NULL, &p, pkeylen))) { + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); + return NULL; + } + EVP_PKEY_assign_RSA (pkey, rsa); + break; + + case NID_dsa: + /* PKCS#8 DSA is weird: you just get a private key integer + * and parameters in the AlgorithmIdentifier the pubkey must + * be recalculated. + */ + + /* Check for broken Netscape Database DSA PKCS#8, UGH! */ + if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) { + if(!(ndsa = ASN1_seq_unpack(p, pkeylen, + (char *(*)())d2i_ASN1_INTEGER, + ASN1_STRING_free))) { + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); + return NULL; + } + if(sk_num(ndsa) != 2 ) { + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); + sk_pop_free(ndsa, ASN1_STRING_free); + return NULL; + } + dsapriv = (ASN1_INTEGER *) sk_pop(ndsa); + sk_pop_free(ndsa, ASN1_STRING_free); + } else if (!(dsapriv=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) { + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); + return NULL; + } + /* Retrieve parameters */ + if (a->parameter->type != V_ASN1_SEQUENCE) { + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_NO_DSA_PARAMETERS); + return NULL; + } + p = a->parameter->value.sequence->data; + plen = a->parameter->value.sequence->length; + if (!(dsa = d2i_DSAparams (NULL, &p, plen))) { + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); + return NULL; + } + /* We have parameters now set private key */ + if (!(dsa->priv_key = ASN1_INTEGER_to_BN(dsapriv, NULL))) { + EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR); + DSA_free (dsa); + return NULL; + } + /* Calculate public key (ouch!) */ + if (!(dsa->pub_key = BN_new())) { + EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); + DSA_free (dsa); + return NULL; + } + if (!(ctx = BN_CTX_new())) { + EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); + DSA_free (dsa); + return NULL; + } + + if (!BN_mod_exp(dsa->pub_key, dsa->g, + dsa->priv_key, dsa->p, ctx)) { + + EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR); + BN_CTX_free (ctx); + DSA_free (dsa); + return NULL; + } + + EVP_PKEY_assign_DSA (pkey, dsa); + BN_CTX_free (ctx); + break; + + default: + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); + if (!a->algorithm) strcpy (obj_tmp, "NULL"); + else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); + ERR_add_error_data(2, "TYPE=", obj_tmp); + EVP_PKEY_free (pkey); + return NULL; + } + return pkey; +} + +/* Turn a private key into a PKCS8 structure */ + +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(pkey) +EVP_PKEY *pkey; +{ + PKCS8_PRIV_KEY_INFO *p8; + ASN1_INTEGER *dpkey; + unsigned char *p, *q; + int len; + if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + return NULL; + } + ASN1_INTEGER_set (p8->version, 0); + if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + PKCS8_PRIV_KEY_INFO_free (p8); + return NULL; + } + switch (EVP_PKEY_type(pkey->type)) { + case EVP_PKEY_RSA: + + p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); + p8->pkeyalg->parameter->type = V_ASN1_NULL; + if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey, + &p8->pkey->value.octet_string)) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + PKCS8_PRIV_KEY_INFO_free (p8); + return NULL; + } + break; + + case EVP_PKEY_DSA: + p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); + + /* get paramaters and place in AlgorithmIdentifier */ + len = i2d_DSAparams (pkey->pkey.dsa, NULL); + if (!(p = Malloc(len))) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + PKCS8_PRIV_KEY_INFO_free (p8); + return NULL; + } + q = p; + i2d_DSAparams (pkey->pkey.dsa, &q); + p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; + p8->pkeyalg->parameter->value.sequence = ASN1_STRING_new(); + ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, len); + Free(p); + /* Get private key into an integer and pack */ + if (!(dpkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); + PKCS8_PRIV_KEY_INFO_free (p8); + return NULL; + } + + if (!ASN1_pack_string((char *)dpkey, i2d_ASN1_INTEGER, + &p8->pkey->value.octet_string)) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + ASN1_INTEGER_free (dpkey); + PKCS8_PRIV_KEY_INFO_free (p8); + return NULL; + } + ASN1_INTEGER_free (dpkey); + break; + + default: + EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); + PKCS8_PRIV_KEY_INFO_free (p8); + return NULL; + } + p8->pkey->type = V_ASN1_OCTET_STRING; + RAND_seed (p8->pkey->value.octet_string->data, + p8->pkey->value.octet_string->length); + return p8; +} + +PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(p8, broken) +PKCS8_PRIV_KEY_INFO *p8; +int broken; +{ + switch (broken) { + + case PKCS8_OK: + p8->broken = PKCS8_OK; + return p8; + break; + + case PKCS8_NO_OCTET: + p8->broken = PKCS8_NO_OCTET; + p8->pkey->type = V_ASN1_SEQUENCE; + return p8; + break; + + default: + EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); + return NULL; + break; + + } +} + + diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 8c084db103..c4677be1ee 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -337,6 +337,26 @@ typedef struct CBCParameter_st unsigned char iv[8]; } CBC_PARAM; +/* Password based encryption structure */ + +typedef struct PBEPARAM_st { +ASN1_OCTET_STRING *salt; +ASN1_INTEGER *iter; +} PBEPARAM; + +/* PKCS#8 private key info structure */ + +typedef struct pkcs8_priv_key_info_st + { + int broken; /* Flag for various broken formats */ +#define PKCS8_OK 0 +#define PKCS8_NO_OCTET 1 + ASN1_INTEGER *version; + X509_ALGOR *pkeyalg; + ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ + STACK *attributes; + } PKCS8_PRIV_KEY_INFO; + #include "x509_vfy.h" #include "pkcs7.h" @@ -839,6 +859,30 @@ X509 *X509_find_by_issuer_and_serial(STACK *sk,X509_NAME *name, ASN1_INTEGER *serial); X509 *X509_find_by_subject(STACK *sk,X509_NAME *name); +int i2d_PBEPARAM(PBEPARAM *a, unsigned char **pp); +PBEPARAM *PBEPARAM_new(void); +PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, unsigned char **pp, long length); +void PBEPARAM_free(PBEPARAM *a); + +/* PKCS#8 utilities */ + +int i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **pp); +PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a, + unsigned char **pp, long length); +void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a); + +EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8); +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); +PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken); + +/* Password based encryption routines */ + +int EVP_PBE_ALGOR_CipherInit(X509_ALGOR *algor, unsigned char *pass, + int passlen, EVP_CIPHER_CTX *ctx, int en_de); +int EVP_PBE_alg_add(int nid, EVP_CIPHER *cipher, EVP_MD *md, + EVP_PBE_KEYGEN *keygen); + #else #ifndef SSLEAY_MACROS @@ -1138,6 +1182,23 @@ char * X509_verify_cert_error_string(); X509 *X509_find_by_issuer_and_serial(); X509 *X509_find_by_subject(); +int i2d_PBEPARAM(); +PBEPARAM *PBEPARAM_new(); +PBEPARAM *d2i_PBEPARAM(); +void PBEPARAM_free(); + +int i2d_PKCS8_PRIV_KEY_INFO(); +PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(); +void PKCS8_PRIV_KEY_INFO_free(); + +EVP_PKEY *EVP_PKCS82PKEY(); +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(); +PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(); + +int EVP_PBE_ALGOR_CipherInit(); +int EVP_PBE_alg_add(); + #endif /* BEGIN ERROR CODES */