1 files changed, 49 insertions, 94 deletions

diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c
index 4ea683036b..cb49b6651d 100644
--- a/src/lib/libcrypto/asn1/p5_pbev2.c
+++ b/src/lib/libcrypto/asn1/p5_pbev2.c
@@ -91,10 +91,12 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
                                  unsigned char *aiv, int prf_nid)
 {
         X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
-        int alg_nid, keylen;
+        int alg_nid;
         EVP_CIPHER_CTX ctx;
         unsigned char iv[EVP_MAX_IV_LENGTH];
+        PBKDF2PARAM *kdf = NULL;
         PBE2PARAM *pbe2 = NULL;
+        ASN1_OCTET_STRING *osalt = NULL;
         ASN1_OBJECT *obj;
 
         alg_nid = EVP_CIPHER_type(cipher);
@@ -125,8 +127,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
         EVP_CIPHER_CTX_init(&ctx);
 
         /* Dummy cipherinit to just setup the IV, and PRF */
-        if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
-                goto err;
+        EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
         if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
                 ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
                                         ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
@@ -144,21 +145,55 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
                 }
         EVP_CIPHER_CTX_cleanup(&ctx);
 
+        if(!(kdf = PBKDF2PARAM_new())) goto merr;
+        if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr;
+
+        if (!saltlen) saltlen = PKCS5_SALT_LEN;
+        if (!(osalt->data = OPENSSL_malloc (saltlen))) goto merr;
+        osalt->length = saltlen;
+        if (salt) memcpy (osalt->data, salt, saltlen);
+        else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr;
+
+        if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
+        if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
+
+        /* Now include salt in kdf structure */
+        kdf->salt->value.octet_string = osalt;
+        kdf->salt->type = V_ASN1_OCTET_STRING;
+        osalt = NULL;
+
         /* If its RC2 then we'd better setup the key length */
 
-        if(alg_nid == NID_rc2_cbc)
-                keylen = EVP_CIPHER_key_length(cipher);
-        else
-                keylen = -1;
+        if(alg_nid == NID_rc2_cbc) {
+                if(!(kdf->keylength = M_ASN1_INTEGER_new())) goto merr;
+                if(!ASN1_INTEGER_set (kdf->keylength,
+                                 EVP_CIPHER_key_length(cipher))) goto merr;
+        }
+
+        /* prf can stay NULL if we are using hmacWithSHA1 */
+        if (prf_nid != NID_hmacWithSHA1)
+                {
+                kdf->prf = X509_ALGOR_new();
+                if (!kdf->prf)
+                        goto merr;
+                X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
+                                        V_ASN1_NULL, NULL);
+                }
+
+        /* Now setup the PBE2PARAM keyfunc structure */
 
-        /* Setup keyfunc */
+        pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
 
-        X509_ALGOR_free(pbe2->keyfunc);
+        /* Encode PBKDF2PARAM into parameter of pbe2 */
 
-        pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);
+        if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;
 
-        if (!pbe2->keyfunc)
-                goto merr;
+        if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
+                         &pbe2->keyfunc->parameter->value.sequence)) goto merr;
+        pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
+
+        PBKDF2PARAM_free(kdf);
+        kdf = NULL;
 
         /* Now set up top level AlgorithmIdentifier */
 
@@ -184,6 +219,8 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
         err:
         PBE2PARAM_free(pbe2);
         /* Note 'scheme' is freed as part of pbe2 */
+        M_ASN1_OCTET_STRING_free(osalt);
+        PBKDF2PARAM_free(kdf);
         X509_ALGOR_free(kalg);
         X509_ALGOR_free(ret);
 
@@ -196,85 +233,3 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
         {
         return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
         }
-
-X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
-                                int prf_nid, int keylen)
-        {
-        X509_ALGOR *keyfunc = NULL;
-        PBKDF2PARAM *kdf = NULL;
-        ASN1_OCTET_STRING *osalt = NULL;
-
-        if(!(kdf = PBKDF2PARAM_new()))
-                goto merr;
-        if(!(osalt = M_ASN1_OCTET_STRING_new()))
-                goto merr;
-
-        kdf->salt->value.octet_string = osalt;
-        kdf->salt->type = V_ASN1_OCTET_STRING;
-
-        if (!saltlen)
-                saltlen = PKCS5_SALT_LEN;
-        if (!(osalt->data = OPENSSL_malloc (saltlen)))
-                goto merr;
-
-        osalt->length = saltlen;
-
-        if (salt)
-                memcpy (osalt->data, salt, saltlen);
-        else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0)
-                goto merr;
-
-        if(iter <= 0)
-                iter = PKCS5_DEFAULT_ITER;
-
-        if(!ASN1_INTEGER_set(kdf->iter, iter))
-                goto merr;
-
-        /* If have a key len set it up */
-
-        if(keylen > 0) 
-                {
-                if(!(kdf->keylength = M_ASN1_INTEGER_new()))
-                        goto merr;
-                if(!ASN1_INTEGER_set (kdf->keylength, keylen))
-                        goto merr;
-                }
-
-        /* prf can stay NULL if we are using hmacWithSHA1 */
-        if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1)
-                {
-                kdf->prf = X509_ALGOR_new();
-                if (!kdf->prf)
-                        goto merr;
-                X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
-                                        V_ASN1_NULL, NULL);
-                }
-
-        /* Finally setup the keyfunc structure */
-
-        keyfunc = X509_ALGOR_new();
-        if (!keyfunc)
-                goto merr;
-
-        keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
-
-        /* Encode PBKDF2PARAM into parameter of pbe2 */
-
-        if(!(keyfunc->parameter = ASN1_TYPE_new()))
-                goto merr;
-
-        if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
-                         &keyfunc->parameter->value.sequence))
-                goto merr;
-        keyfunc->parameter->type = V_ASN1_SEQUENCE;
-
-        PBKDF2PARAM_free(kdf);
-        return keyfunc;
-
-        merr:
-        ASN1err(ASN1_F_PKCS5_PBKDF2_SET,ERR_R_MALLOC_FAILURE);
-        PBKDF2PARAM_free(kdf);
-        X509_ALGOR_free(keyfunc);
-        return NULL;
-        }
-