1 files changed, 0 insertions, 647 deletions
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
deleted file mode 100644
index 88ceb14033..0000000000
--- a/src/lib/libcrypto/evp/evp_pbe.c
+++ /dev/null
@@ -1,647 +0,0 @@
-/* $OpenBSD: evp_pbe.c,v 1.50 2024/04/09 13:52:41 beck Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <string.h>
-#include <openssl/asn1.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/objects.h>
-#include <openssl/pkcs12.h>
-#include <openssl/x509.h>
-#include "evp_local.h"
-#include "hmac_local.h"
-#include "pkcs12_local.h"
-#include "x509_local.h"
-/* Password based encryption (PBE) functions */
-int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-    ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de);
-int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-    ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de);
-int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-    ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,
-    int en_de);
-int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-    ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de);
-static const struct pbe_config {
-        int pbe_nid;
-        int cipher_nid;
-        int md_nid;
-        EVP_PBE_KEYGEN *keygen;
-} pbe_outer[] = {
-        {
-                .pbe_nid = NID_pbeWithMD2AndDES_CBC,
-                .cipher_nid = NID_des_cbc,
-                .md_nid = NID_md2,
-                .keygen = PKCS5_PBE_keyivgen,
-        },
-        {
-                .pbe_nid = NID_pbeWithMD5AndDES_CBC,
-                .cipher_nid = NID_des_cbc,
-                .md_nid = NID_md5,
-                .keygen = PKCS5_PBE_keyivgen,
-        },
-        {
-                .pbe_nid = NID_pbeWithSHA1AndRC2_CBC,
-                .cipher_nid = NID_rc2_64_cbc,
-                .md_nid = NID_sha1,
-                .keygen = PKCS5_PBE_keyivgen,
-        },
-        {
-                .pbe_nid = NID_id_pbkdf2,
-                .cipher_nid = -1,
-                .md_nid = -1,
-                .keygen = PKCS5_v2_PBKDF2_keyivgen,
-        },
-        {
-                .pbe_nid = NID_pbe_WithSHA1And128BitRC4,
-                .cipher_nid = NID_rc4,
-                .md_nid = NID_sha1,
-                .keygen = PKCS12_PBE_keyivgen,
-        },
-        {
-                .pbe_nid = NID_pbe_WithSHA1And40BitRC4,
-                .cipher_nid = NID_rc4_40,
-                .md_nid = NID_sha1,
-                .keygen = PKCS12_PBE_keyivgen,
-        },
-        {
-                .pbe_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
-                .cipher_nid = NID_des_ede3_cbc,
-                .md_nid = NID_sha1,
-                .keygen = PKCS12_PBE_keyivgen,
-        },
-        {
-                .pbe_nid = NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
-                .cipher_nid = NID_des_ede_cbc,
-                .md_nid = NID_sha1,
-                .keygen = PKCS12_PBE_keyivgen,
-        },
-        {
-                .pbe_nid = NID_pbe_WithSHA1And128BitRC2_CBC,
-                .cipher_nid = NID_rc2_cbc,
-                .md_nid = NID_sha1,
-                .keygen = PKCS12_PBE_keyivgen,
-        },
-        {
-                .pbe_nid = NID_pbe_WithSHA1And40BitRC2_CBC,
-                .cipher_nid = NID_rc2_40_cbc,
-                .md_nid = NID_sha1,
-                .keygen = PKCS12_PBE_keyivgen,
-        },
-        {
-                .pbe_nid = NID_pbes2,
-                .cipher_nid = -1,
-                .md_nid = -1,
-                .keygen = PKCS5_v2_PBE_keyivgen,
-        },
-        {
-                .pbe_nid = NID_pbeWithMD2AndRC2_CBC,
-                .cipher_nid = NID_rc2_64_cbc,
-                .md_nid = NID_md2,
-                .keygen = PKCS5_PBE_keyivgen,
-        },
-        {
-                .pbe_nid = NID_pbeWithMD5AndRC2_CBC,
-                .cipher_nid = NID_rc2_64_cbc,
-                .md_nid = NID_md5,
-                .keygen = PKCS5_PBE_keyivgen,
-        },
-        {
-                .pbe_nid = NID_pbeWithSHA1AndDES_CBC,
-                .cipher_nid = NID_des_cbc,
-                .md_nid = NID_sha1,
-                .keygen = PKCS5_PBE_keyivgen,
-        },
-};
-#define N_PBE_OUTER (sizeof(pbe_outer) / sizeof(pbe_outer[0]))
-int
-EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
-    ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
-{
-        const struct pbe_config *cfg = NULL;
-        const EVP_CIPHER *cipher = NULL;
-        const EVP_MD *md = NULL;
-        int pbe_nid;
-        size_t i;
-        if ((pbe_nid = OBJ_obj2nid(pbe_obj)) == NID_undef) {
-                EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM);
-                return 0;
-        }
-        for (i = 0; i < N_PBE_OUTER; i++) {
-                if (pbe_nid == pbe_outer[i].pbe_nid) {
-                        cfg = &pbe_outer[i];
-                        break;
-                }
-        }
-        if (cfg == NULL) {
-                EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM);
-                ERR_asprintf_error_data("NID=%d", pbe_nid);
-                return 0;
-        }
-        if (pass == NULL)
-                passlen = 0;
-        if (passlen == -1)
-                passlen = strlen(pass);
-        if (cfg->cipher_nid != -1) {
-                if ((cipher = EVP_get_cipherbynid(cfg->cipher_nid)) == NULL) {
-                        EVPerror(EVP_R_UNKNOWN_CIPHER);
-                        return 0;
-                }
-        }
-        if (cfg->md_nid != -1) {
-                if ((md = EVP_get_digestbynid(cfg->md_nid)) == NULL) {
-                        EVPerror(EVP_R_UNKNOWN_DIGEST);
-                        return 0;
-                }
-        }
-        if (!cfg->keygen(ctx, pass, passlen, param, cipher, md, en_de)) {
-                EVPerror(EVP_R_KEYGEN_FAILURE);
-                return 0;
-        }
-        return 1;
-}
-int
-PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
-    ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
-{
-        EVP_MD_CTX *md_ctx;
-        unsigned char md_tmp[EVP_MAX_MD_SIZE];
-        unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
-        int i;
-        PBEPARAM *pbe;
-        int saltlen, iter;
-        unsigned char *salt;
-        const unsigned char *pbuf;
-        int mdsize;
-        int ret = 0;
-        /* Extract useful info from parameter */
-        if (param == NULL || param->type != V_ASN1_SEQUENCE ||
-            param->value.sequence == NULL) {
-                EVPerror(EVP_R_DECODE_ERROR);
-                return 0;
-        }
-        mdsize = EVP_MD_size(md);
-        if (mdsize < 0)
-                return 0;
-        pbuf = param->value.sequence->data;
-        if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
-                EVPerror(EVP_R_DECODE_ERROR);
-                return 0;
-        }
-        if (!pbe->iter)
-                iter = 1;
-        else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
-                EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
-                PBEPARAM_free(pbe);
-                return 0;
-        }
-        salt = pbe->salt->data;
-        saltlen = pbe->salt->length;
-        if (!pass)
-                passlen = 0;
-        else if (passlen == -1)
-                passlen = strlen(pass);
-        if ((md_ctx = EVP_MD_CTX_new()) == NULL)
-                goto err;
-        if (!EVP_DigestInit_ex(md_ctx, md, NULL))
-                goto err;
-        if (!EVP_DigestUpdate(md_ctx, pass, passlen))
-                goto err;
-        if (!EVP_DigestUpdate(md_ctx, salt, saltlen))
-                goto err;
-        if (!EVP_DigestFinal_ex(md_ctx, md_tmp, NULL))
-                goto err;
-        for (i = 1; i < iter; i++) {
-                if (!EVP_DigestInit_ex(md_ctx, md, NULL))
-                        goto err;
-                if (!EVP_DigestUpdate(md_ctx, md_tmp, mdsize))
-                        goto err;
-                if (!EVP_DigestFinal_ex(md_ctx, md_tmp, NULL))
-                        goto err;
-        }
-        if ((size_t)EVP_CIPHER_key_length(cipher) > sizeof(md_tmp)) {
-                EVPerror(EVP_R_BAD_KEY_LENGTH);
-                goto err;
-        }
-        memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
-        if ((size_t)EVP_CIPHER_iv_length(cipher) > 16) {
-                EVPerror(EVP_R_IV_TOO_LARGE);
-                goto err;
-        }
-        memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
-            EVP_CIPHER_iv_length(cipher));
-        if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
-                goto err;
-        explicit_bzero(md_tmp, EVP_MAX_MD_SIZE);
-        explicit_bzero(key, EVP_MAX_KEY_LENGTH);
-        explicit_bzero(iv, EVP_MAX_IV_LENGTH);
-        ret = 1;
- err:
-        EVP_MD_CTX_free(md_ctx);
-        PBEPARAM_free(pbe);
-        return ret;
-}
-/*
- * PKCS#5 v2.0 password based encryption key derivation function PBKDF2.
- */
-int
-PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt,
-    int saltlen, int iter, const EVP_MD *digest, int keylen, unsigned char *out)
-{
-        unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
-        int cplen, j, k, tkeylen, mdlen;
-        unsigned long i = 1;
-        HMAC_CTX hctx_tpl, hctx;
-        mdlen = EVP_MD_size(digest);
-        if (mdlen < 0)
-                return 0;
-        HMAC_CTX_init(&hctx_tpl);
-        p = out;
-        tkeylen = keylen;
-        if (!pass)
-                passlen = 0;
-        else if (passlen == -1)
-                passlen = strlen(pass);
-        if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) {
-                HMAC_CTX_cleanup(&hctx_tpl);
-                return 0;
-        }
-        while (tkeylen) {
-                if (tkeylen > mdlen)
-                        cplen = mdlen;
-                else
-                        cplen = tkeylen;
-                /*
-                 * We are unlikely to ever use more than 256 blocks (5120 bits!)
-                 * but just in case...
-                 */
-                itmp[0] = (unsigned char)((i >> 24) & 0xff);
-                itmp[1] = (unsigned char)((i >> 16) & 0xff);
-                itmp[2] = (unsigned char)((i >> 8) & 0xff);
-                itmp[3] = (unsigned char)(i & 0xff);
-                if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {
-                        HMAC_CTX_cleanup(&hctx_tpl);
-                        return 0;
-                }
-                if (!HMAC_Update(&hctx, salt, saltlen) ||
-                    !HMAC_Update(&hctx, itmp, 4) ||
-                    !HMAC_Final(&hctx, digtmp, NULL)) {
-                        HMAC_CTX_cleanup(&hctx_tpl);
-                        HMAC_CTX_cleanup(&hctx);
-                        return 0;
-                }
-                HMAC_CTX_cleanup(&hctx);
-                memcpy(p, digtmp, cplen);
-                for (j = 1; j < iter; j++) {
-                        if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {
-                                HMAC_CTX_cleanup(&hctx_tpl);
-                                return 0;
-                        }
-                        if (!HMAC_Update(&hctx, digtmp, mdlen) ||
-                            !HMAC_Final(&hctx, digtmp, NULL)) {
-                                HMAC_CTX_cleanup(&hctx_tpl);
-                                HMAC_CTX_cleanup(&hctx);
-                                return 0;
-                        }
-                        HMAC_CTX_cleanup(&hctx);
-                        for (k = 0; k < cplen; k++)
-                                p[k] ^= digtmp[k];
-                }
-                tkeylen -= cplen;
-                i++;
-                p += cplen;
-        }
-        HMAC_CTX_cleanup(&hctx_tpl);
-        return 1;
-}
-LCRYPTO_ALIAS(PKCS5_PBKDF2_HMAC);
-int
-PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, const unsigned char *salt,
-    int saltlen, int iter, int keylen, unsigned char *out)
-{
-        return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter,
-            EVP_sha1(), keylen, out);
-}
-LCRYPTO_ALIAS(PKCS5_PBKDF2_HMAC_SHA1);
-/*
- * Now the key derivation function itself. This is a bit evil because
- * it has to check the ASN1 parameters are valid: and there are quite a
- * few of them...
- */
-int
-PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-    ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de)
-{
-        const unsigned char *pbuf;
-        int plen;
-        PBE2PARAM *pbe2 = NULL;
-        const EVP_CIPHER *cipher;
-        int ret = 0;
-        if (param == NULL || param->type != V_ASN1_SEQUENCE ||
-            param->value.sequence == NULL) {
-                EVPerror(EVP_R_DECODE_ERROR);
-                goto err;
-        }
-        pbuf = param->value.sequence->data;
-        plen = param->value.sequence->length;
-        if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
-                EVPerror(EVP_R_DECODE_ERROR);
-                goto err;
-        }
-        /* See if we recognise the key derivation function */
-        if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
-                EVPerror(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
-                goto err;
-        }
-        /* Let's see if we recognise the encryption algorithm.  */
-        cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm);
-        if (!cipher) {
-                EVPerror(EVP_R_UNSUPPORTED_CIPHER);
-                goto err;
-        }
-        /* Fixup cipher based on AlgorithmIdentifier */
-        if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
-                goto err;
-        if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
-                EVPerror(EVP_R_CIPHER_PARAMETER_ERROR);
-                goto err;
-        }
-        ret = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen,
-            pbe2->keyfunc->parameter, c, md, en_de);
- err:
-        PBE2PARAM_free(pbe2);
-        return ret;
-}
-static int
-md_nid_from_prf_nid(int nid)
-{
-        switch (nid) {
-        case NID_hmacWithMD5:
-                return NID_md5;
-        case NID_hmacWithSHA1:
-                return NID_sha1;
-        case NID_hmacWithSHA224:
-                return NID_sha224;
-        case NID_hmacWithSHA256:
-                return NID_sha256;
-        case NID_hmacWithSHA384:
-                return NID_sha384;
-        case NID_hmacWithSHA512:
-                return NID_sha512;
-        case NID_hmacWithSHA512_224:
-                return NID_sha512_224;
-        case NID_hmacWithSHA512_256:
-                return NID_sha512_256;
-        case NID_hmac_sha3_224:
-                return NID_sha3_224;
-        case NID_hmac_sha3_256:
-                return NID_sha3_256;
-        case NID_hmac_sha3_384:
-                return NID_sha3_384;
-        case NID_hmac_sha3_512:
-                return NID_sha3_512;
-        default:
-                return NID_undef;
-        }
-}
-int
-PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-    ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de)
-{
-        unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
-        const unsigned char *pbuf;
-        int saltlen, iter, plen;
-        unsigned int keylen = 0;
-        int prf_nid, hmac_md_nid;
-        PBKDF2PARAM *kdf = NULL;
-        const EVP_MD *prfmd;
-        int ret = 0;
-        if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
-                EVPerror(EVP_R_NO_CIPHER_SET);
-                return 0;
-        }
-        keylen = EVP_CIPHER_CTX_key_length(ctx);
-        if (keylen > sizeof key) {
-                EVPerror(EVP_R_BAD_KEY_LENGTH);
-                return 0;
-        }
-        /* Decode parameter */
-        if (!param || (param->type != V_ASN1_SEQUENCE)) {
-                EVPerror(EVP_R_DECODE_ERROR);
-                return 0;
-        }
-        pbuf = param->value.sequence->data;
-        plen = param->value.sequence->length;
-        if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
-                EVPerror(EVP_R_DECODE_ERROR);
-                return 0;
-        }
-        /* Now check the parameters of the kdf */
-        if (kdf->keylength &&
-            (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){
-                EVPerror(EVP_R_UNSUPPORTED_KEYLENGTH);
-                goto err;
-        }
-        if (kdf->prf)
-                prf_nid = OBJ_obj2nid(kdf->prf->algorithm);
-        else
-                prf_nid = NID_hmacWithSHA1;
-        if ((hmac_md_nid = md_nid_from_prf_nid(prf_nid)) == NID_undef) {
-                EVPerror(EVP_R_UNSUPPORTED_PRF);
-                goto err;
-        }
-        prfmd = EVP_get_digestbynid(hmac_md_nid);
-        if (prfmd == NULL) {
-                EVPerror(EVP_R_UNSUPPORTED_PRF);
-                goto err;
-        }
-        if (kdf->salt->type != V_ASN1_OCTET_STRING) {
-                EVPerror(EVP_R_UNSUPPORTED_SALT_TYPE);
-                goto err;
-        }
-        /* it seems that its all OK */
-        salt = kdf->salt->value.octet_string->data;
-        saltlen = kdf->salt->value.octet_string->length;
-        if ((iter = ASN1_INTEGER_get(kdf->iter)) <= 0) {
-                EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
-                goto err;
-        }
-        if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
-            keylen, key))
-                goto err;
-        ret = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
- err:
-        explicit_bzero(key, keylen);
-        PBKDF2PARAM_free(kdf);
-        return ret;
-}
-void
-PKCS12_PBE_add(void)
-{
-}
-LCRYPTO_ALIAS(PKCS12_PBE_add);
-int
-PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-    ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
-{
-        PBEPARAM *pbe;
-        int saltlen, iter, ret;
-        unsigned char *salt;
-        const unsigned char *pbuf;
-        unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
-        /* Extract useful info from parameter */
-        if (param == NULL || param->type != V_ASN1_SEQUENCE ||
-            param->value.sequence == NULL) {
-                PKCS12error(PKCS12_R_DECODE_ERROR);
-                return 0;
-        }
-        pbuf = param->value.sequence->data;
-        if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
-                PKCS12error(PKCS12_R_DECODE_ERROR);
-                return 0;
-        }
-        if (!pbe->iter)
-                iter = 1;
-        else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
-                PKCS12error(PKCS12_R_DECODE_ERROR);
-                PBEPARAM_free(pbe);
-                return 0;
-        }
-        salt = pbe->salt->data;
-        saltlen = pbe->salt->length;
-        if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
-            iter, EVP_CIPHER_key_length(cipher), key, md)) {
-                PKCS12error(PKCS12_R_KEY_GEN_ERROR);
-                PBEPARAM_free(pbe);
-                return 0;
-        }
-        if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID,
-            iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
-                PKCS12error(PKCS12_R_IV_GEN_ERROR);
-                PBEPARAM_free(pbe);
-                return 0;
-        }
-        PBEPARAM_free(pbe);
-        ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
-        explicit_bzero(key, EVP_MAX_KEY_LENGTH);
-        explicit_bzero(iv, EVP_MAX_IV_LENGTH);
-        return ret;
-}

diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c deleted file mode 100644 index 88ceb14033..0000000000 --- a/src/lib/libcrypto/evp/evp_pbe.c +++ /dev/null
@@ -1,647 +0,0 @@
1	/* $OpenBSD: evp_pbe.c,v 1.50 2024/04/09 13:52:41 beck Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.
4	*/
5	/* ====================================================================
6	* Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58
59	#include <stdio.h>
60	#include <string.h>
61
62	#include <openssl/asn1.h>
63	#include <openssl/err.h>
64	#include <openssl/evp.h>
65	#include <openssl/hmac.h>
66	#include <openssl/objects.h>
67	#include <openssl/pkcs12.h>
68	#include <openssl/x509.h>
69
70	#include "evp_local.h"
71	#include "hmac_local.h"
72	#include "pkcs12_local.h"
73	#include "x509_local.h"
74
75	/* Password based encryption (PBE) functions */
76	int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX ctx, const char pass, int passlen,
77	ASN1_TYPE param, const EVP_CIPHER cipher, const EVP_MD *md, int en_de);
78	int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX ctx, const char pass, int passlen,
79	ASN1_TYPE param, const EVP_CIPHER c, const EVP_MD *md, int en_de);
80	int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX ctx, const char pass, int passlen,
81	ASN1_TYPE param, const EVP_CIPHER cipher, const EVP_MD *md_type,
82	int en_de);
83	int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX ctx, const char pass, int passlen,
84	ASN1_TYPE param, const EVP_CIPHER c, const EVP_MD *md, int en_de);
85
86	static const struct pbe_config {
87	int pbe_nid;
88	int cipher_nid;
89	int md_nid;
90	EVP_PBE_KEYGEN *keygen;
91	} pbe_outer[] = {
92	{
93	.pbe_nid = NID_pbeWithMD2AndDES_CBC,
94	.cipher_nid = NID_des_cbc,
95	.md_nid = NID_md2,
96	.keygen = PKCS5_PBE_keyivgen,
97	},
98	{
99	.pbe_nid = NID_pbeWithMD5AndDES_CBC,
100	.cipher_nid = NID_des_cbc,
101	.md_nid = NID_md5,
102	.keygen = PKCS5_PBE_keyivgen,
103	},
104	{
105	.pbe_nid = NID_pbeWithSHA1AndRC2_CBC,
106	.cipher_nid = NID_rc2_64_cbc,
107	.md_nid = NID_sha1,
108	.keygen = PKCS5_PBE_keyivgen,
109	},
110	{
111	.pbe_nid = NID_id_pbkdf2,
112	.cipher_nid = -1,
113	.md_nid = -1,
114	.keygen = PKCS5_v2_PBKDF2_keyivgen,
115	},
116	{
117	.pbe_nid = NID_pbe_WithSHA1And128BitRC4,
118	.cipher_nid = NID_rc4,
119	.md_nid = NID_sha1,
120	.keygen = PKCS12_PBE_keyivgen,
121	},
122	{
123	.pbe_nid = NID_pbe_WithSHA1And40BitRC4,
124	.cipher_nid = NID_rc4_40,
125	.md_nid = NID_sha1,
126	.keygen = PKCS12_PBE_keyivgen,
127	},
128	{
129	.pbe_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
130	.cipher_nid = NID_des_ede3_cbc,
131	.md_nid = NID_sha1,
132	.keygen = PKCS12_PBE_keyivgen,
133	},
134	{
135	.pbe_nid = NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
136	.cipher_nid = NID_des_ede_cbc,
137	.md_nid = NID_sha1,
138	.keygen = PKCS12_PBE_keyivgen,
139	},
140	{
141	.pbe_nid = NID_pbe_WithSHA1And128BitRC2_CBC,
142	.cipher_nid = NID_rc2_cbc,
143	.md_nid = NID_sha1,
144	.keygen = PKCS12_PBE_keyivgen,
145	},
146	{
147	.pbe_nid = NID_pbe_WithSHA1And40BitRC2_CBC,
148	.cipher_nid = NID_rc2_40_cbc,
149	.md_nid = NID_sha1,
150	.keygen = PKCS12_PBE_keyivgen,
151	},
152	{
153	.pbe_nid = NID_pbes2,
154	.cipher_nid = -1,
155	.md_nid = -1,
156	.keygen = PKCS5_v2_PBE_keyivgen,
157	},
158	{
159	.pbe_nid = NID_pbeWithMD2AndRC2_CBC,
160	.cipher_nid = NID_rc2_64_cbc,
161	.md_nid = NID_md2,
162	.keygen = PKCS5_PBE_keyivgen,
163	},
164	{
165	.pbe_nid = NID_pbeWithMD5AndRC2_CBC,
166	.cipher_nid = NID_rc2_64_cbc,
167	.md_nid = NID_md5,
168	.keygen = PKCS5_PBE_keyivgen,
169	},
170	{
171	.pbe_nid = NID_pbeWithSHA1AndDES_CBC,
172	.cipher_nid = NID_des_cbc,
173	.md_nid = NID_sha1,
174	.keygen = PKCS5_PBE_keyivgen,
175	},
176	};
177
178	#define N_PBE_OUTER (sizeof(pbe_outer) / sizeof(pbe_outer[0]))
179
180	int
181	EVP_PBE_CipherInit(ASN1_OBJECT pbe_obj, const char pass, int passlen,
182	ASN1_TYPE param, EVP_CIPHER_CTX ctx, int en_de)
183	{
184	const struct pbe_config *cfg = NULL;
185	const EVP_CIPHER *cipher = NULL;
186	const EVP_MD *md = NULL;
187	int pbe_nid;
188	size_t i;
189
190	if ((pbe_nid = OBJ_obj2nid(pbe_obj)) == NID_undef) {
191	EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM);
192	return 0;
193	}
194
195	for (i = 0; i < N_PBE_OUTER; i++) {
196	if (pbe_nid == pbe_outer[i].pbe_nid) {
197	cfg = &pbe_outer[i];
198	break;
199	}
200	}
201	if (cfg == NULL) {
202	EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM);
203	ERR_asprintf_error_data("NID=%d", pbe_nid);
204	return 0;
205	}
206
207	if (pass == NULL)
208	passlen = 0;
209	if (passlen == -1)
210	passlen = strlen(pass);
211
212	if (cfg->cipher_nid != -1) {
213	if ((cipher = EVP_get_cipherbynid(cfg->cipher_nid)) == NULL) {
214	EVPerror(EVP_R_UNKNOWN_CIPHER);
215	return 0;
216	}
217	}
218	if (cfg->md_nid != -1) {
219	if ((md = EVP_get_digestbynid(cfg->md_nid)) == NULL) {
220	EVPerror(EVP_R_UNKNOWN_DIGEST);
221	return 0;
222	}
223	}
224
225	if (!cfg->keygen(ctx, pass, passlen, param, cipher, md, en_de)) {
226	EVPerror(EVP_R_KEYGEN_FAILURE);
227	return 0;
228	}
229
230	return 1;
231	}
232
233	int
234	PKCS5_PBE_keyivgen(EVP_CIPHER_CTX cctx, const char pass, int passlen,
235	ASN1_TYPE param, const EVP_CIPHER cipher, const EVP_MD *md, int en_de)
236	{
237	EVP_MD_CTX *md_ctx;
238	unsigned char md_tmp[EVP_MAX_MD_SIZE];
239	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
240	int i;
241	PBEPARAM *pbe;
242	int saltlen, iter;
243	unsigned char *salt;
244	const unsigned char *pbuf;
245	int mdsize;
246	int ret = 0;
247
248	/* Extract useful info from parameter */
249	if (param == NULL \|\| param->type != V_ASN1_SEQUENCE \|\|
250	param->value.sequence == NULL) {
251	EVPerror(EVP_R_DECODE_ERROR);
252	return 0;
253	}
254
255	mdsize = EVP_MD_size(md);
256	if (mdsize < 0)
257	return 0;
258
259	pbuf = param->value.sequence->data;
260	if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
261	EVPerror(EVP_R_DECODE_ERROR);
262	return 0;
263	}
264
265	if (!pbe->iter)
266	iter = 1;
267	else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
268	EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
269	PBEPARAM_free(pbe);
270	return 0;
271	}
272	salt = pbe->salt->data;
273	saltlen = pbe->salt->length;
274
275	if (!pass)
276	passlen = 0;
277	else if (passlen == -1)
278	passlen = strlen(pass);
279
280	if ((md_ctx = EVP_MD_CTX_new()) == NULL)
281	goto err;
282
283	if (!EVP_DigestInit_ex(md_ctx, md, NULL))
284	goto err;
285	if (!EVP_DigestUpdate(md_ctx, pass, passlen))
286	goto err;
287	if (!EVP_DigestUpdate(md_ctx, salt, saltlen))
288	goto err;
289	if (!EVP_DigestFinal_ex(md_ctx, md_tmp, NULL))
290	goto err;
291	for (i = 1; i < iter; i++) {
292	if (!EVP_DigestInit_ex(md_ctx, md, NULL))
293	goto err;
294	if (!EVP_DigestUpdate(md_ctx, md_tmp, mdsize))
295	goto err;
296	if (!EVP_DigestFinal_ex(md_ctx, md_tmp, NULL))
297	goto err;
298	}
299	if ((size_t)EVP_CIPHER_key_length(cipher) > sizeof(md_tmp)) {
300	EVPerror(EVP_R_BAD_KEY_LENGTH);
301	goto err;
302	}
303	memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
304	if ((size_t)EVP_CIPHER_iv_length(cipher) > 16) {
305	EVPerror(EVP_R_IV_TOO_LARGE);
306	goto err;
307	}
308	memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
309	EVP_CIPHER_iv_length(cipher));
310	if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
311	goto err;
312	explicit_bzero(md_tmp, EVP_MAX_MD_SIZE);
313	explicit_bzero(key, EVP_MAX_KEY_LENGTH);
314	explicit_bzero(iv, EVP_MAX_IV_LENGTH);
315
316	ret = 1;
317
318	err:
319	EVP_MD_CTX_free(md_ctx);
320	PBEPARAM_free(pbe);
321
322	return ret;
323	}
324
325	/*
326	* PKCS#5 v2.0 password based encryption key derivation function PBKDF2.
327	*/
328
329	int
330	PKCS5_PBKDF2_HMAC(const char pass, int passlen, const unsigned char salt,
331	int saltlen, int iter, const EVP_MD digest, int keylen, unsigned char out)
332	{
333	unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
334	int cplen, j, k, tkeylen, mdlen;
335	unsigned long i = 1;
336	HMAC_CTX hctx_tpl, hctx;
337
338	mdlen = EVP_MD_size(digest);
339	if (mdlen < 0)
340	return 0;
341
342	HMAC_CTX_init(&hctx_tpl);
343	p = out;
344	tkeylen = keylen;
345	if (!pass)
346	passlen = 0;
347	else if (passlen == -1)
348	passlen = strlen(pass);
349	if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) {
350	HMAC_CTX_cleanup(&hctx_tpl);
351	return 0;
352	}
353	while (tkeylen) {
354	if (tkeylen > mdlen)
355	cplen = mdlen;
356	else
357	cplen = tkeylen;
358	/*
359	* We are unlikely to ever use more than 256 blocks (5120 bits!)
360	* but just in case...
361	*/
362	itmp[0] = (unsigned char)((i >> 24) & 0xff);
363	itmp[1] = (unsigned char)((i >> 16) & 0xff);
364	itmp[2] = (unsigned char)((i >> 8) & 0xff);
365	itmp[3] = (unsigned char)(i & 0xff);
366	if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {
367	HMAC_CTX_cleanup(&hctx_tpl);
368	return 0;
369	}
370	if (!HMAC_Update(&hctx, salt, saltlen) \|\|
371	!HMAC_Update(&hctx, itmp, 4) \|\|
372	!HMAC_Final(&hctx, digtmp, NULL)) {
373	HMAC_CTX_cleanup(&hctx_tpl);
374	HMAC_CTX_cleanup(&hctx);
375	return 0;
376	}
377	HMAC_CTX_cleanup(&hctx);
378	memcpy(p, digtmp, cplen);
379	for (j = 1; j < iter; j++) {
380	if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {
381	HMAC_CTX_cleanup(&hctx_tpl);
382	return 0;
383	}
384	if (!HMAC_Update(&hctx, digtmp, mdlen) \|\|
385	!HMAC_Final(&hctx, digtmp, NULL)) {
386	HMAC_CTX_cleanup(&hctx_tpl);
387	HMAC_CTX_cleanup(&hctx);
388	return 0;
389	}
390	HMAC_CTX_cleanup(&hctx);
391	for (k = 0; k < cplen; k++)
392	p[k] ^= digtmp[k];
393	}
394	tkeylen -= cplen;
395	i++;
396	p += cplen;
397	}
398	HMAC_CTX_cleanup(&hctx_tpl);
399	return 1;
400	}
401	LCRYPTO_ALIAS(PKCS5_PBKDF2_HMAC);
402
403	int
404	PKCS5_PBKDF2_HMAC_SHA1(const char pass, int passlen, const unsigned char salt,
405	int saltlen, int iter, int keylen, unsigned char *out)
406	{
407	return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter,
408	EVP_sha1(), keylen, out);
409	}
410	LCRYPTO_ALIAS(PKCS5_PBKDF2_HMAC_SHA1);
411
412	/*
413	* Now the key derivation function itself. This is a bit evil because
414	* it has to check the ASN1 parameters are valid: and there are quite a
415	* few of them...
416	*/
417
418	int
419	PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX ctx, const char pass, int passlen,
420	ASN1_TYPE param, const EVP_CIPHER c, const EVP_MD *md, int en_de)
421	{
422	const unsigned char *pbuf;
423	int plen;
424	PBE2PARAM *pbe2 = NULL;
425	const EVP_CIPHER *cipher;
426	int ret = 0;
427
428	if (param == NULL \|\| param->type != V_ASN1_SEQUENCE \|\|
429	param->value.sequence == NULL) {
430	EVPerror(EVP_R_DECODE_ERROR);
431	goto err;
432	}
433
434	pbuf = param->value.sequence->data;
435	plen = param->value.sequence->length;
436	if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
437	EVPerror(EVP_R_DECODE_ERROR);
438	goto err;
439	}
440
441	/* See if we recognise the key derivation function */
442
443	if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
444	EVPerror(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
445	goto err;
446	}
447
448	/* Let's see if we recognise the encryption algorithm. */
449	cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm);
450	if (!cipher) {
451	EVPerror(EVP_R_UNSUPPORTED_CIPHER);
452	goto err;
453	}
454
455	/* Fixup cipher based on AlgorithmIdentifier */
456	if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
457	goto err;
458	if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
459	EVPerror(EVP_R_CIPHER_PARAMETER_ERROR);
460	goto err;
461	}
462
463	ret = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen,
464	pbe2->keyfunc->parameter, c, md, en_de);
465
466	err:
467	PBE2PARAM_free(pbe2);
468
469	return ret;
470	}
471
472	static int
473	md_nid_from_prf_nid(int nid)
474	{
475	switch (nid) {
476	case NID_hmacWithMD5:
477	return NID_md5;
478	case NID_hmacWithSHA1:
479	return NID_sha1;
480	case NID_hmacWithSHA224:
481	return NID_sha224;
482	case NID_hmacWithSHA256:
483	return NID_sha256;
484	case NID_hmacWithSHA384:
485	return NID_sha384;
486	case NID_hmacWithSHA512:
487	return NID_sha512;
488	case NID_hmacWithSHA512_224:
489	return NID_sha512_224;
490	case NID_hmacWithSHA512_256:
491	return NID_sha512_256;
492	case NID_hmac_sha3_224:
493	return NID_sha3_224;
494	case NID_hmac_sha3_256:
495	return NID_sha3_256;
496	case NID_hmac_sha3_384:
497	return NID_sha3_384;
498	case NID_hmac_sha3_512:
499	return NID_sha3_512;
500	default:
501	return NID_undef;
502	}
503	}
504
505	int
506	PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX ctx, const char pass, int passlen,
507	ASN1_TYPE param, const EVP_CIPHER c, const EVP_MD *md, int en_de)
508	{
509	unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
510	const unsigned char *pbuf;
511	int saltlen, iter, plen;
512	unsigned int keylen = 0;
513	int prf_nid, hmac_md_nid;
514	PBKDF2PARAM *kdf = NULL;
515	const EVP_MD *prfmd;
516	int ret = 0;
517
518	if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
519	EVPerror(EVP_R_NO_CIPHER_SET);
520	return 0;
521	}
522	keylen = EVP_CIPHER_CTX_key_length(ctx);
523	if (keylen > sizeof key) {
524	EVPerror(EVP_R_BAD_KEY_LENGTH);
525	return 0;
526	}
527
528	/* Decode parameter */
529
530	if (!param \|\| (param->type != V_ASN1_SEQUENCE)) {
531	EVPerror(EVP_R_DECODE_ERROR);
532	return 0;
533	}
534
535	pbuf = param->value.sequence->data;
536	plen = param->value.sequence->length;
537
538	if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
539	EVPerror(EVP_R_DECODE_ERROR);
540	return 0;
541	}
542
543	/* Now check the parameters of the kdf */
544
545	if (kdf->keylength &&
546	(ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){
547	EVPerror(EVP_R_UNSUPPORTED_KEYLENGTH);
548	goto err;
549	}
550
551	if (kdf->prf)
552	prf_nid = OBJ_obj2nid(kdf->prf->algorithm);
553	else
554	prf_nid = NID_hmacWithSHA1;
555
556	if ((hmac_md_nid = md_nid_from_prf_nid(prf_nid)) == NID_undef) {
557	EVPerror(EVP_R_UNSUPPORTED_PRF);
558	goto err;
559	}
560
561	prfmd = EVP_get_digestbynid(hmac_md_nid);
562	if (prfmd == NULL) {
563	EVPerror(EVP_R_UNSUPPORTED_PRF);
564	goto err;
565	}
566
567	if (kdf->salt->type != V_ASN1_OCTET_STRING) {
568	EVPerror(EVP_R_UNSUPPORTED_SALT_TYPE);
569	goto err;
570	}
571
572	/* it seems that its all OK */
573	salt = kdf->salt->value.octet_string->data;
574	saltlen = kdf->salt->value.octet_string->length;
575	if ((iter = ASN1_INTEGER_get(kdf->iter)) <= 0) {
576	EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
577	goto err;
578	}
579	if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
580	keylen, key))
581	goto err;
582
583	ret = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
584
585	err:
586	explicit_bzero(key, keylen);
587	PBKDF2PARAM_free(kdf);
588
589	return ret;
590	}
591
592	void
593	PKCS12_PBE_add(void)
594	{
595	}
596	LCRYPTO_ALIAS(PKCS12_PBE_add);
597
598	int
599	PKCS12_PBE_keyivgen(EVP_CIPHER_CTX ctx, const char pass, int passlen,
600	ASN1_TYPE param, const EVP_CIPHER cipher, const EVP_MD *md, int en_de)
601	{
602	PBEPARAM *pbe;
603	int saltlen, iter, ret;
604	unsigned char *salt;
605	const unsigned char *pbuf;
606	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
607
608	/* Extract useful info from parameter */
609	if (param == NULL \|\| param->type != V_ASN1_SEQUENCE \|\|
610	param->value.sequence == NULL) {
611	PKCS12error(PKCS12_R_DECODE_ERROR);
612	return 0;
613	}
614
615	pbuf = param->value.sequence->data;
616	if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
617	PKCS12error(PKCS12_R_DECODE_ERROR);
618	return 0;
619	}
620
621	if (!pbe->iter)
622	iter = 1;
623	else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
624	PKCS12error(PKCS12_R_DECODE_ERROR);
625	PBEPARAM_free(pbe);
626	return 0;
627	}
628	salt = pbe->salt->data;
629	saltlen = pbe->salt->length;
630	if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
631	iter, EVP_CIPHER_key_length(cipher), key, md)) {
632	PKCS12error(PKCS12_R_KEY_GEN_ERROR);
633	PBEPARAM_free(pbe);
634	return 0;
635	}
636	if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID,
637	iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
638	PKCS12error(PKCS12_R_IV_GEN_ERROR);
639	PBEPARAM_free(pbe);
640	return 0;
641	}
642	PBEPARAM_free(pbe);
643	ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
644	explicit_bzero(key, EVP_MAX_KEY_LENGTH);
645	explicit_bzero(iv, EVP_MAX_IV_LENGTH);
646	return ret;
647	}