summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authortb <>2024-01-27 17:14:33 +0000
committertb <>2024-01-27 17:14:33 +0000
commit680fb50105f63be549a32bfec49bd0a023a09d82 (patch)
tree9ee1fa5f2616af5e75755c62583db2a771d55e19 /src
parent5ea0f31282d99221a4ab0c82c39e02ff04acf612 (diff)
downloadopenbsd-680fb50105f63be549a32bfec49bd0a023a09d82.tar.gz
openbsd-680fb50105f63be549a32bfec49bd0a023a09d82.tar.bz2
openbsd-680fb50105f63be549a32bfec49bd0a023a09d82.zip
Fold keyivgen functions into evp_pbe.c
These are only used by the EVP_PBE routines and will become internal in the next major bump.
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/Makefile5
-rw-r--r--src/lib/libcrypto/evp/evp_pbe.c393
-rw-r--r--src/lib/libcrypto/evp/p5_crpt.c157
-rw-r--r--src/lib/libcrypto/evp/p5_crpt2.c308
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crpt.c123
5 files changed, 387 insertions, 599 deletions
diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile
index 0461363e3c..2ac252aabc 100644
--- a/src/lib/libcrypto/Makefile
+++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.166 2024/01/13 12:18:52 tb Exp $ 1# $OpenBSD: Makefile,v 1.167 2024/01/27 17:14:33 tb Exp $
2 2
3LIB= crypto 3LIB= crypto
4LIBREBUILD=y 4LIBREBUILD=y
@@ -387,8 +387,6 @@ SRCS+= m_sigver.c
387SRCS+= m_sm3.c 387SRCS+= m_sm3.c
388SRCS+= m_streebog.c 388SRCS+= m_streebog.c
389SRCS+= m_wp.c 389SRCS+= m_wp.c
390SRCS+= p5_crpt.c
391SRCS+= p5_crpt2.c
392SRCS+= p_legacy.c 390SRCS+= p_legacy.c
393SRCS+= p_lib.c 391SRCS+= p_lib.c
394SRCS+= p_sign.c 392SRCS+= p_sign.c
@@ -485,7 +483,6 @@ SRCS+= pvkfmt.c
485SRCS+= p12_add.c 483SRCS+= p12_add.c
486SRCS+= p12_asn.c 484SRCS+= p12_asn.c
487SRCS+= p12_attr.c 485SRCS+= p12_attr.c
488SRCS+= p12_crpt.c
489SRCS+= p12_crt.c 486SRCS+= p12_crt.c
490SRCS+= p12_decr.c 487SRCS+= p12_decr.c
491SRCS+= p12_init.c 488SRCS+= p12_init.c
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
index 7f7784847b..dd06a768b3 100644
--- a/src/lib/libcrypto/evp/evp_pbe.c
+++ b/src/lib/libcrypto/evp/evp_pbe.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: evp_pbe.c,v 1.38 2024/01/27 16:26:25 tb Exp $ */ 1/* $OpenBSD: evp_pbe.c,v 1.39 2024/01/27 17:14:33 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -59,14 +59,16 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <string.h> 60#include <string.h>
61 61
62#include <openssl/opensslconf.h> 62#include <openssl/asn1.h>
63
64#include <openssl/err.h> 63#include <openssl/err.h>
65#include <openssl/evp.h> 64#include <openssl/evp.h>
65#include <openssl/hmac.h>
66#include <openssl/objects.h>
66#include <openssl/pkcs12.h> 67#include <openssl/pkcs12.h>
67#include <openssl/x509.h> 68#include <openssl/x509.h>
68 69
69#include "evp_local.h" 70#include "evp_local.h"
71#include "hmac_local.h"
70 72
71/* Password based encryption (PBE) functions */ 73/* Password based encryption (PBE) functions */
72 74
@@ -96,14 +98,12 @@ static const struct pbe_config pbe_outer[] = {
96 .md_nid = NID_sha1, 98 .md_nid = NID_sha1,
97 .keygen = PKCS5_PBE_keyivgen, 99 .keygen = PKCS5_PBE_keyivgen,
98 }, 100 },
99#ifndef OPENSSL_NO_HMAC
100 { 101 {
101 .pbe_nid = NID_id_pbkdf2, 102 .pbe_nid = NID_id_pbkdf2,
102 .cipher_nid = -1, 103 .cipher_nid = -1,
103 .md_nid = -1, 104 .md_nid = -1,
104 .keygen = PKCS5_v2_PBKDF2_keyivgen, 105 .keygen = PKCS5_v2_PBKDF2_keyivgen,
105 }, 106 },
106#endif
107 { 107 {
108 .pbe_nid = NID_pbe_WithSHA1And128BitRC4, 108 .pbe_nid = NID_pbe_WithSHA1And128BitRC4,
109 .cipher_nid = NID_rc4, 109 .cipher_nid = NID_rc4,
@@ -140,14 +140,12 @@ static const struct pbe_config pbe_outer[] = {
140 .md_nid = NID_sha1, 140 .md_nid = NID_sha1,
141 .keygen = PKCS12_PBE_keyivgen, 141 .keygen = PKCS12_PBE_keyivgen,
142 }, 142 },
143#ifndef OPENSSL_NO_HMAC
144 { 143 {
145 .pbe_nid = NID_pbes2, 144 .pbe_nid = NID_pbes2,
146 .cipher_nid = -1, 145 .cipher_nid = -1,
147 .md_nid = -1, 146 .md_nid = -1,
148 .keygen = PKCS5_v2_PBE_keyivgen, 147 .keygen = PKCS5_v2_PBE_keyivgen,
149 }, 148 },
150#endif
151 { 149 {
152 .pbe_nid = NID_pbeWithMD2AndRC2_CBC, 150 .pbe_nid = NID_pbeWithMD2AndRC2_CBC,
153 .cipher_nid = NID_rc2_64_cbc, 151 .cipher_nid = NID_rc2_64_cbc,
@@ -341,6 +339,387 @@ EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
341 return 1; 339 return 1;
342} 340}
343 341
342int
343PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
344 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
345{
346 EVP_MD_CTX ctx;
347 unsigned char md_tmp[EVP_MAX_MD_SIZE];
348 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
349 int i;
350 PBEPARAM *pbe;
351 int saltlen, iter;
352 unsigned char *salt;
353 const unsigned char *pbuf;
354 int mdsize;
355 int rv = 0;
356
357 /* Extract useful info from parameter */
358 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
359 param->value.sequence == NULL) {
360 EVPerror(EVP_R_DECODE_ERROR);
361 return 0;
362 }
363
364 mdsize = EVP_MD_size(md);
365 if (mdsize < 0)
366 return 0;
367
368 pbuf = param->value.sequence->data;
369 if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
370 EVPerror(EVP_R_DECODE_ERROR);
371 return 0;
372 }
373
374 if (!pbe->iter)
375 iter = 1;
376 else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
377 EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
378 PBEPARAM_free(pbe);
379 return 0;
380 }
381 salt = pbe->salt->data;
382 saltlen = pbe->salt->length;
383
384 if (!pass)
385 passlen = 0;
386 else if (passlen == -1)
387 passlen = strlen(pass);
388
389 EVP_MD_CTX_init(&ctx);
390
391 if (!EVP_DigestInit_ex(&ctx, md, NULL))
392 goto err;
393 if (!EVP_DigestUpdate(&ctx, pass, passlen))
394 goto err;
395 if (!EVP_DigestUpdate(&ctx, salt, saltlen))
396 goto err;
397 if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL))
398 goto err;
399 for (i = 1; i < iter; i++) {
400 if (!EVP_DigestInit_ex(&ctx, md, NULL))
401 goto err;
402 if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize))
403 goto err;
404 if (!EVP_DigestFinal_ex (&ctx, md_tmp, NULL))
405 goto err;
406 }
407 if ((size_t)EVP_CIPHER_key_length(cipher) > sizeof(md_tmp)) {
408 EVPerror(EVP_R_BAD_KEY_LENGTH);
409 goto err;
410 }
411 memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
412 if ((size_t)EVP_CIPHER_iv_length(cipher) > 16) {
413 EVPerror(EVP_R_IV_TOO_LARGE);
414 goto err;
415 }
416 memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
417 EVP_CIPHER_iv_length(cipher));
418 if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
419 goto err;
420 explicit_bzero(md_tmp, EVP_MAX_MD_SIZE);
421 explicit_bzero(key, EVP_MAX_KEY_LENGTH);
422 explicit_bzero(iv, EVP_MAX_IV_LENGTH);
423
424 rv = 1;
425 err:
426 EVP_MD_CTX_cleanup(&ctx);
427 PBEPARAM_free(pbe);
428
429 return rv;
430}
431
432/*
433 * PKCS#5 v2.0 password based encryption key derivation function PBKDF2.
434 */
435
436int
437PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt,
438 int saltlen, int iter, const EVP_MD *digest, int keylen, unsigned char *out)
439{
440 unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
441 int cplen, j, k, tkeylen, mdlen;
442 unsigned long i = 1;
443 HMAC_CTX hctx_tpl, hctx;
444
445 mdlen = EVP_MD_size(digest);
446 if (mdlen < 0)
447 return 0;
448
449 HMAC_CTX_init(&hctx_tpl);
450 p = out;
451 tkeylen = keylen;
452 if (!pass)
453 passlen = 0;
454 else if (passlen == -1)
455 passlen = strlen(pass);
456 if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) {
457 HMAC_CTX_cleanup(&hctx_tpl);
458 return 0;
459 }
460 while (tkeylen) {
461 if (tkeylen > mdlen)
462 cplen = mdlen;
463 else
464 cplen = tkeylen;
465 /*
466 * We are unlikely to ever use more than 256 blocks (5120 bits!)
467 * but just in case...
468 */
469 itmp[0] = (unsigned char)((i >> 24) & 0xff);
470 itmp[1] = (unsigned char)((i >> 16) & 0xff);
471 itmp[2] = (unsigned char)((i >> 8) & 0xff);
472 itmp[3] = (unsigned char)(i & 0xff);
473 if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {
474 HMAC_CTX_cleanup(&hctx_tpl);
475 return 0;
476 }
477 if (!HMAC_Update(&hctx, salt, saltlen) ||
478 !HMAC_Update(&hctx, itmp, 4) ||
479 !HMAC_Final(&hctx, digtmp, NULL)) {
480 HMAC_CTX_cleanup(&hctx_tpl);
481 HMAC_CTX_cleanup(&hctx);
482 return 0;
483 }
484 HMAC_CTX_cleanup(&hctx);
485 memcpy(p, digtmp, cplen);
486 for (j = 1; j < iter; j++) {
487 if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {
488 HMAC_CTX_cleanup(&hctx_tpl);
489 return 0;
490 }
491 if (!HMAC_Update(&hctx, digtmp, mdlen) ||
492 !HMAC_Final(&hctx, digtmp, NULL)) {
493 HMAC_CTX_cleanup(&hctx_tpl);
494 HMAC_CTX_cleanup(&hctx);
495 return 0;
496 }
497 HMAC_CTX_cleanup(&hctx);
498 for (k = 0; k < cplen; k++)
499 p[k] ^= digtmp[k];
500 }
501 tkeylen -= cplen;
502 i++;
503 p += cplen;
504 }
505 HMAC_CTX_cleanup(&hctx_tpl);
506 return 1;
507}
508
509int
510PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, const unsigned char *salt,
511 int saltlen, int iter, int keylen, unsigned char *out)
512{
513 return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter,
514 EVP_sha1(), keylen, out);
515}
516
517/*
518 * Now the key derivation function itself. This is a bit evil because
519 * it has to check the ASN1 parameters are valid: and there are quite a
520 * few of them...
521 */
522
523int
524PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
525 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de)
526{
527 const unsigned char *pbuf;
528 int plen;
529 PBE2PARAM *pbe2 = NULL;
530 const EVP_CIPHER *cipher;
531
532 int rv = 0;
533
534 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
535 param->value.sequence == NULL) {
536 EVPerror(EVP_R_DECODE_ERROR);
537 goto err;
538 }
539
540 pbuf = param->value.sequence->data;
541 plen = param->value.sequence->length;
542 if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
543 EVPerror(EVP_R_DECODE_ERROR);
544 goto err;
545 }
546
547 /* See if we recognise the key derivation function */
548
549 if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
550 EVPerror(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
551 goto err;
552 }
553
554 /* Let's see if we recognise the encryption algorithm. */
555 cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm);
556 if (!cipher) {
557 EVPerror(EVP_R_UNSUPPORTED_CIPHER);
558 goto err;
559 }
560
561 /* Fixup cipher based on AlgorithmIdentifier */
562 if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
563 goto err;
564 if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
565 EVPerror(EVP_R_CIPHER_PARAMETER_ERROR);
566 goto err;
567 }
568
569 rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen,
570 pbe2->keyfunc->parameter, c, md, en_de);
571
572 err:
573 PBE2PARAM_free(pbe2);
574
575 return rv;
576}
577
578int
579PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
580 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de)
581{
582 unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
583 const unsigned char *pbuf;
584 int saltlen, iter, plen;
585 int rv = 0;
586 unsigned int keylen = 0;
587 int prf_nid, hmac_md_nid;
588 PBKDF2PARAM *kdf = NULL;
589 const EVP_MD *prfmd;
590
591 if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
592 EVPerror(EVP_R_NO_CIPHER_SET);
593 return 0;
594 }
595 keylen = EVP_CIPHER_CTX_key_length(ctx);
596 if (keylen > sizeof key) {
597 EVPerror(EVP_R_BAD_KEY_LENGTH);
598 return 0;
599 }
600
601 /* Decode parameter */
602
603 if (!param || (param->type != V_ASN1_SEQUENCE)) {
604 EVPerror(EVP_R_DECODE_ERROR);
605 return 0;
606 }
607
608 pbuf = param->value.sequence->data;
609 plen = param->value.sequence->length;
610
611 if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
612 EVPerror(EVP_R_DECODE_ERROR);
613 return 0;
614 }
615
616 /* Now check the parameters of the kdf */
617
618 if (kdf->keylength &&
619 (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){
620 EVPerror(EVP_R_UNSUPPORTED_KEYLENGTH);
621 goto err;
622 }
623
624 if (kdf->prf)
625 prf_nid = OBJ_obj2nid(kdf->prf->algorithm);
626 else
627 prf_nid = NID_hmacWithSHA1;
628
629 if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, NULL)) {
630 EVPerror(EVP_R_UNSUPPORTED_PRF);
631 goto err;
632 }
633
634 prfmd = EVP_get_digestbynid(hmac_md_nid);
635 if (prfmd == NULL) {
636 EVPerror(EVP_R_UNSUPPORTED_PRF);
637 goto err;
638 }
639
640 if (kdf->salt->type != V_ASN1_OCTET_STRING) {
641 EVPerror(EVP_R_UNSUPPORTED_SALT_TYPE);
642 goto err;
643 }
644
645 /* it seems that its all OK */
646 salt = kdf->salt->value.octet_string->data;
647 saltlen = kdf->salt->value.octet_string->length;
648 if ((iter = ASN1_INTEGER_get(kdf->iter)) <= 0) {
649 EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
650 goto err;
651 }
652 if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
653 keylen, key))
654 goto err;
655
656 rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
657
658 err:
659 explicit_bzero(key, keylen);
660 PBKDF2PARAM_free(kdf);
661
662 return rv;
663}
664
665void
666PKCS12_PBE_add(void)
667{
668}
669LCRYPTO_ALIAS(PKCS12_PBE_add);
670
671int
672PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
673 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
674{
675 PBEPARAM *pbe;
676 int saltlen, iter, ret;
677 unsigned char *salt;
678 const unsigned char *pbuf;
679 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
680
681 /* Extract useful info from parameter */
682 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
683 param->value.sequence == NULL) {
684 PKCS12error(PKCS12_R_DECODE_ERROR);
685 return 0;
686 }
687
688 pbuf = param->value.sequence->data;
689 if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
690 PKCS12error(PKCS12_R_DECODE_ERROR);
691 return 0;
692 }
693
694 if (!pbe->iter)
695 iter = 1;
696 else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
697 PKCS12error(PKCS12_R_DECODE_ERROR);
698 PBEPARAM_free(pbe);
699 return 0;
700 }
701 salt = pbe->salt->data;
702 saltlen = pbe->salt->length;
703 if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
704 iter, EVP_CIPHER_key_length(cipher), key, md)) {
705 PKCS12error(PKCS12_R_KEY_GEN_ERROR);
706 PBEPARAM_free(pbe);
707 return 0;
708 }
709 if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID,
710 iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
711 PKCS12error(PKCS12_R_IV_GEN_ERROR);
712 PBEPARAM_free(pbe);
713 return 0;
714 }
715 PBEPARAM_free(pbe);
716 ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
717 explicit_bzero(key, EVP_MAX_KEY_LENGTH);
718 explicit_bzero(iv, EVP_MAX_IV_LENGTH);
719 return ret;
720}
721LCRYPTO_ALIAS(PKCS12_PBE_keyivgen);
722
344/* 723/*
345 * XXX - remove the functions below in the next major bump 724 * XXX - remove the functions below in the next major bump
346 */ 725 */
diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c
deleted file mode 100644
index 7a56a3d4ad..0000000000
--- a/src/lib/libcrypto/evp/p5_crpt.c
+++ /dev/null
@@ -1,157 +0,0 @@
1/* $OpenBSD: p5_crpt.c,v 1.25 2024/01/27 16:36:17 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62
63#include <openssl/err.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66
67#include "evp_local.h"
68
69int
70PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
71 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
72{
73 EVP_MD_CTX ctx;
74 unsigned char md_tmp[EVP_MAX_MD_SIZE];
75 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
76 int i;
77 PBEPARAM *pbe;
78 int saltlen, iter;
79 unsigned char *salt;
80 const unsigned char *pbuf;
81 int mdsize;
82 int rv = 0;
83
84 /* Extract useful info from parameter */
85 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
86 param->value.sequence == NULL) {
87 EVPerror(EVP_R_DECODE_ERROR);
88 return 0;
89 }
90
91 mdsize = EVP_MD_size(md);
92 if (mdsize < 0)
93 return 0;
94
95 pbuf = param->value.sequence->data;
96 if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
97 EVPerror(EVP_R_DECODE_ERROR);
98 return 0;
99 }
100
101 if (!pbe->iter)
102 iter = 1;
103 else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
104 EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
105 PBEPARAM_free(pbe);
106 return 0;
107 }
108 salt = pbe->salt->data;
109 saltlen = pbe->salt->length;
110
111 if (!pass)
112 passlen = 0;
113 else if (passlen == -1)
114 passlen = strlen(pass);
115
116 EVP_MD_CTX_init(&ctx);
117
118 if (!EVP_DigestInit_ex(&ctx, md, NULL))
119 goto err;
120 if (!EVP_DigestUpdate(&ctx, pass, passlen))
121 goto err;
122 if (!EVP_DigestUpdate(&ctx, salt, saltlen))
123 goto err;
124 if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL))
125 goto err;
126 for (i = 1; i < iter; i++) {
127 if (!EVP_DigestInit_ex(&ctx, md, NULL))
128 goto err;
129 if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize))
130 goto err;
131 if (!EVP_DigestFinal_ex (&ctx, md_tmp, NULL))
132 goto err;
133 }
134 if ((size_t)EVP_CIPHER_key_length(cipher) > sizeof(md_tmp)) {
135 EVPerror(EVP_R_BAD_KEY_LENGTH);
136 goto err;
137 }
138 memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
139 if ((size_t)EVP_CIPHER_iv_length(cipher) > 16) {
140 EVPerror(EVP_R_IV_TOO_LARGE);
141 goto err;
142 }
143 memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
144 EVP_CIPHER_iv_length(cipher));
145 if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
146 goto err;
147 explicit_bzero(md_tmp, EVP_MAX_MD_SIZE);
148 explicit_bzero(key, EVP_MAX_KEY_LENGTH);
149 explicit_bzero(iv, EVP_MAX_IV_LENGTH);
150
151 rv = 1;
152 err:
153 EVP_MD_CTX_cleanup(&ctx);
154 PBEPARAM_free(pbe);
155
156 return rv;
157}
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
deleted file mode 100644
index 9917b3cc5e..0000000000
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ /dev/null
@@ -1,308 +0,0 @@
1/* $OpenBSD: p5_crpt2.c,v 1.29 2024/01/27 16:50:39 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62
63#include <openssl/opensslconf.h>
64
65#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
66
67#include <openssl/err.h>
68#include <openssl/evp.h>
69#include <openssl/hmac.h>
70#include <openssl/x509.h>
71
72#include "evp_local.h"
73#include "hmac_local.h"
74
75/*
76 * PKCS#5 v2.0 password based encryption key derivation function PBKDF2.
77 */
78
79int
80PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt,
81 int saltlen, int iter, const EVP_MD *digest, int keylen, unsigned char *out)
82{
83 unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
84 int cplen, j, k, tkeylen, mdlen;
85 unsigned long i = 1;
86 HMAC_CTX hctx_tpl, hctx;
87
88 mdlen = EVP_MD_size(digest);
89 if (mdlen < 0)
90 return 0;
91
92 HMAC_CTX_init(&hctx_tpl);
93 p = out;
94 tkeylen = keylen;
95 if (!pass)
96 passlen = 0;
97 else if (passlen == -1)
98 passlen = strlen(pass);
99 if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) {
100 HMAC_CTX_cleanup(&hctx_tpl);
101 return 0;
102 }
103 while (tkeylen) {
104 if (tkeylen > mdlen)
105 cplen = mdlen;
106 else
107 cplen = tkeylen;
108 /*
109 * We are unlikely to ever use more than 256 blocks (5120 bits!)
110 * but just in case...
111 */
112 itmp[0] = (unsigned char)((i >> 24) & 0xff);
113 itmp[1] = (unsigned char)((i >> 16) & 0xff);
114 itmp[2] = (unsigned char)((i >> 8) & 0xff);
115 itmp[3] = (unsigned char)(i & 0xff);
116 if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {
117 HMAC_CTX_cleanup(&hctx_tpl);
118 return 0;
119 }
120 if (!HMAC_Update(&hctx, salt, saltlen) ||
121 !HMAC_Update(&hctx, itmp, 4) ||
122 !HMAC_Final(&hctx, digtmp, NULL)) {
123 HMAC_CTX_cleanup(&hctx_tpl);
124 HMAC_CTX_cleanup(&hctx);
125 return 0;
126 }
127 HMAC_CTX_cleanup(&hctx);
128 memcpy(p, digtmp, cplen);
129 for (j = 1; j < iter; j++) {
130 if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {
131 HMAC_CTX_cleanup(&hctx_tpl);
132 return 0;
133 }
134 if (!HMAC_Update(&hctx, digtmp, mdlen) ||
135 !HMAC_Final(&hctx, digtmp, NULL)) {
136 HMAC_CTX_cleanup(&hctx_tpl);
137 HMAC_CTX_cleanup(&hctx);
138 return 0;
139 }
140 HMAC_CTX_cleanup(&hctx);
141 for (k = 0; k < cplen; k++)
142 p[k] ^= digtmp[k];
143 }
144 tkeylen -= cplen;
145 i++;
146 p += cplen;
147 }
148 HMAC_CTX_cleanup(&hctx_tpl);
149 return 1;
150}
151
152int
153PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, const unsigned char *salt,
154 int saltlen, int iter, int keylen, unsigned char *out)
155{
156 return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter,
157 EVP_sha1(), keylen, out);
158}
159
160/*
161 * Now the key derivation function itself. This is a bit evil because
162 * it has to check the ASN1 parameters are valid: and there are quite a
163 * few of them...
164 */
165
166int
167PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
168 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de)
169{
170 const unsigned char *pbuf;
171 int plen;
172 PBE2PARAM *pbe2 = NULL;
173 const EVP_CIPHER *cipher;
174
175 int rv = 0;
176
177 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
178 param->value.sequence == NULL) {
179 EVPerror(EVP_R_DECODE_ERROR);
180 goto err;
181 }
182
183 pbuf = param->value.sequence->data;
184 plen = param->value.sequence->length;
185 if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
186 EVPerror(EVP_R_DECODE_ERROR);
187 goto err;
188 }
189
190 /* See if we recognise the key derivation function */
191
192 if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
193 EVPerror(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
194 goto err;
195 }
196
197 /* Let's see if we recognise the encryption algorithm. */
198 cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm);
199 if (!cipher) {
200 EVPerror(EVP_R_UNSUPPORTED_CIPHER);
201 goto err;
202 }
203
204 /* Fixup cipher based on AlgorithmIdentifier */
205 if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
206 goto err;
207 if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
208 EVPerror(EVP_R_CIPHER_PARAMETER_ERROR);
209 goto err;
210 }
211
212 rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen,
213 pbe2->keyfunc->parameter, c, md, en_de);
214
215 err:
216 PBE2PARAM_free(pbe2);
217
218 return rv;
219}
220
221int
222PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
223 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de)
224{
225 unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
226 const unsigned char *pbuf;
227 int saltlen, iter, plen;
228 int rv = 0;
229 unsigned int keylen = 0;
230 int prf_nid, hmac_md_nid;
231 PBKDF2PARAM *kdf = NULL;
232 const EVP_MD *prfmd;
233
234 if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
235 EVPerror(EVP_R_NO_CIPHER_SET);
236 return 0;
237 }
238 keylen = EVP_CIPHER_CTX_key_length(ctx);
239 if (keylen > sizeof key) {
240 EVPerror(EVP_R_BAD_KEY_LENGTH);
241 return 0;
242 }
243
244 /* Decode parameter */
245
246 if (!param || (param->type != V_ASN1_SEQUENCE)) {
247 EVPerror(EVP_R_DECODE_ERROR);
248 return 0;
249 }
250
251 pbuf = param->value.sequence->data;
252 plen = param->value.sequence->length;
253
254 if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
255 EVPerror(EVP_R_DECODE_ERROR);
256 return 0;
257 }
258
259 /* Now check the parameters of the kdf */
260
261 if (kdf->keylength &&
262 (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){
263 EVPerror(EVP_R_UNSUPPORTED_KEYLENGTH);
264 goto err;
265 }
266
267 if (kdf->prf)
268 prf_nid = OBJ_obj2nid(kdf->prf->algorithm);
269 else
270 prf_nid = NID_hmacWithSHA1;
271
272 if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, NULL)) {
273 EVPerror(EVP_R_UNSUPPORTED_PRF);
274 goto err;
275 }
276
277 prfmd = EVP_get_digestbynid(hmac_md_nid);
278 if (prfmd == NULL) {
279 EVPerror(EVP_R_UNSUPPORTED_PRF);
280 goto err;
281 }
282
283 if (kdf->salt->type != V_ASN1_OCTET_STRING) {
284 EVPerror(EVP_R_UNSUPPORTED_SALT_TYPE);
285 goto err;
286 }
287
288 /* it seems that its all OK */
289 salt = kdf->salt->value.octet_string->data;
290 saltlen = kdf->salt->value.octet_string->length;
291 if ((iter = ASN1_INTEGER_get(kdf->iter)) <= 0) {
292 EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
293 goto err;
294 }
295 if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
296 keylen, key))
297 goto err;
298
299 rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
300
301 err:
302 explicit_bzero(key, keylen);
303 PBKDF2PARAM_free(kdf);
304
305 return rv;
306}
307
308#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c
deleted file mode 100644
index e7d30101c3..0000000000
--- a/src/lib/libcrypto/pkcs12/p12_crpt.c
+++ /dev/null
@@ -1,123 +0,0 @@
1/* $OpenBSD: p12_crpt.c,v 1.17 2023/02/16 08:38:17 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <string.h>
61
62#include <openssl/err.h>
63#include <openssl/pkcs12.h>
64
65/* PKCS#12 PBE algorithms now in static table */
66
67void
68PKCS12_PBE_add(void)
69{
70}
71LCRYPTO_ALIAS(PKCS12_PBE_add);
72
73int
74PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
75 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
76{
77 PBEPARAM *pbe;
78 int saltlen, iter, ret;
79 unsigned char *salt;
80 const unsigned char *pbuf;
81 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
82
83 /* Extract useful info from parameter */
84 if (param == NULL || param->type != V_ASN1_SEQUENCE ||
85 param->value.sequence == NULL) {
86 PKCS12error(PKCS12_R_DECODE_ERROR);
87 return 0;
88 }
89
90 pbuf = param->value.sequence->data;
91 if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
92 PKCS12error(PKCS12_R_DECODE_ERROR);
93 return 0;
94 }
95
96 if (!pbe->iter)
97 iter = 1;
98 else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
99 PKCS12error(PKCS12_R_DECODE_ERROR);
100 PBEPARAM_free(pbe);
101 return 0;
102 }
103 salt = pbe->salt->data;
104 saltlen = pbe->salt->length;
105 if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
106 iter, EVP_CIPHER_key_length(cipher), key, md)) {
107 PKCS12error(PKCS12_R_KEY_GEN_ERROR);
108 PBEPARAM_free(pbe);
109 return 0;
110 }
111 if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID,
112 iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
113 PKCS12error(PKCS12_R_IV_GEN_ERROR);
114 PBEPARAM_free(pbe);
115 return 0;
116 }
117 PBEPARAM_free(pbe);
118 ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
119 explicit_bzero(key, EVP_MAX_KEY_LENGTH);
120 explicit_bzero(iv, EVP_MAX_IV_LENGTH);
121 return ret;
122}
123LCRYPTO_ALIAS(PKCS12_PBE_keyivgen);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-23 14:49:51 +0000