summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/asn1/p5_pbev2.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/asn1/p5_pbev2.c')
-rw-r--r--src/lib/libcrypto/asn1/p5_pbev2.c54
1 files changed, 42 insertions, 12 deletions
diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c
index 2b0516afee..cb49b6651d 100644
--- a/src/lib/libcrypto/asn1/p5_pbev2.c
+++ b/src/lib/libcrypto/asn1/p5_pbev2.c
@@ -82,10 +82,13 @@ IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
82 82
83/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: 83/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
84 * yes I know this is horrible! 84 * yes I know this is horrible!
85 *
86 * Extended version to allow application supplied PRF NID and IV.
85 */ 87 */
86 88
87X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, 89X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
88 unsigned char *salt, int saltlen) 90 unsigned char *salt, int saltlen,
91 unsigned char *aiv, int prf_nid)
89{ 92{
90 X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; 93 X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
91 int alg_nid; 94 int alg_nid;
@@ -98,7 +101,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
98 101
99 alg_nid = EVP_CIPHER_type(cipher); 102 alg_nid = EVP_CIPHER_type(cipher);
100 if(alg_nid == NID_undef) { 103 if(alg_nid == NID_undef) {
101 ASN1err(ASN1_F_PKCS5_PBE2_SET, 104 ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
102 ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); 105 ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
103 goto err; 106 goto err;
104 } 107 }
@@ -113,20 +116,33 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
113 if(!(scheme->parameter = ASN1_TYPE_new())) goto merr; 116 if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
114 117
115 /* Create random IV */ 118 /* Create random IV */
116 if (EVP_CIPHER_iv_length(cipher) && 119 if (EVP_CIPHER_iv_length(cipher))
117 RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) 120 {
118 goto err; 121 if (aiv)
122 memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
123 else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
124 goto err;
125 }
119 126
120 EVP_CIPHER_CTX_init(&ctx); 127 EVP_CIPHER_CTX_init(&ctx);
121 128
122 /* Dummy cipherinit to just setup the IV */ 129 /* Dummy cipherinit to just setup the IV, and PRF */
123 EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0); 130 EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
124 if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { 131 if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
125 ASN1err(ASN1_F_PKCS5_PBE2_SET, 132 ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
126 ASN1_R_ERROR_SETTING_CIPHER_PARAMS); 133 ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
127 EVP_CIPHER_CTX_cleanup(&ctx); 134 EVP_CIPHER_CTX_cleanup(&ctx);
128 goto err; 135 goto err;
129 } 136 }
137 /* If prf NID unspecified see if cipher has a preference.
138 * An error is OK here: just means use default PRF.
139 */
140 if ((prf_nid == -1) &&
141 EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0)
142 {
143 ERR_clear_error();
144 prf_nid = NID_hmacWithSHA1;
145 }
130 EVP_CIPHER_CTX_cleanup(&ctx); 146 EVP_CIPHER_CTX_cleanup(&ctx);
131 147
132 if(!(kdf = PBKDF2PARAM_new())) goto merr; 148 if(!(kdf = PBKDF2PARAM_new())) goto merr;
@@ -154,7 +170,15 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
154 EVP_CIPHER_key_length(cipher))) goto merr; 170 EVP_CIPHER_key_length(cipher))) goto merr;
155 } 171 }
156 172
157 /* prf can stay NULL because we are using hmacWithSHA1 */ 173 /* prf can stay NULL if we are using hmacWithSHA1 */
174 if (prf_nid != NID_hmacWithSHA1)
175 {
176 kdf->prf = X509_ALGOR_new();
177 if (!kdf->prf)
178 goto merr;
179 X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
180 V_ASN1_NULL, NULL);
181 }
158 182
159 /* Now setup the PBE2PARAM keyfunc structure */ 183 /* Now setup the PBE2PARAM keyfunc structure */
160 184
@@ -164,7 +188,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
164 188
165 if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr; 189 if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;
166 190
167 if(!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM, 191 if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
168 &pbe2->keyfunc->parameter->value.sequence)) goto merr; 192 &pbe2->keyfunc->parameter->value.sequence)) goto merr;
169 pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE; 193 pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
170 194
@@ -180,7 +204,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
180 204
181 /* Encode PBE2PARAM into parameter */ 205 /* Encode PBE2PARAM into parameter */
182 206
183 if(!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM, 207 if(!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),
184 &ret->parameter->value.sequence)) goto merr; 208 &ret->parameter->value.sequence)) goto merr;
185 ret->parameter->type = V_ASN1_SEQUENCE; 209 ret->parameter->type = V_ASN1_SEQUENCE;
186 210
@@ -190,7 +214,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
190 return ret; 214 return ret;
191 215
192 merr: 216 merr:
193 ASN1err(ASN1_F_PKCS5_PBE2_SET,ERR_R_MALLOC_FAILURE); 217 ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,ERR_R_MALLOC_FAILURE);
194 218
195 err: 219 err:
196 PBE2PARAM_free(pbe2); 220 PBE2PARAM_free(pbe2);
@@ -203,3 +227,9 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
203 return NULL; 227 return NULL;
204 228
205} 229}
230
231X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
232 unsigned char *salt, int saltlen)
233 {
234 return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
235 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 10:51:46 +0000