OLD | NEW |
1 /* p5_crpt.c */ | 1 /* p5_crpt.c */ |
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 * project 1999. | 3 * project 1999. |
4 */ | 4 */ |
5 /* ==================================================================== | 5 /* ==================================================================== |
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
7 * | 7 * |
8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
10 * are met: | 10 * are met: |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
55 * Hudson (tjh@cryptsoft.com). | 55 * Hudson (tjh@cryptsoft.com). |
56 * | 56 * |
57 */ | 57 */ |
58 | 58 |
59 #include <stdio.h> | 59 #include <stdio.h> |
60 #include <stdlib.h> | 60 #include <stdlib.h> |
61 #include "cryptlib.h" | 61 #include "cryptlib.h" |
62 #include <openssl/x509.h> | 62 #include <openssl/x509.h> |
63 #include <openssl/evp.h> | 63 #include <openssl/evp.h> |
64 | 64 |
65 /* PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info. | 65 /* Doesn't do anything now: Builtin PBE algorithms in static table. |
66 */ | 66 */ |
67 | 67 |
68 void PKCS5_PBE_add(void) | 68 void PKCS5_PBE_add(void) |
69 { | 69 { |
70 #ifndef OPENSSL_NO_DES | |
71 # ifndef OPENSSL_NO_MD5 | |
72 EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(), | |
73 PKCS5_PBE_keyivgen); | |
74 # endif | |
75 # ifndef OPENSSL_NO_MD2 | |
76 EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(), | |
77 PKCS5_PBE_keyivgen); | |
78 # endif | |
79 # ifndef OPENSSL_NO_SHA | |
80 EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(), | |
81 PKCS5_PBE_keyivgen); | |
82 # endif | |
83 #endif | |
84 #ifndef OPENSSL_NO_RC2 | |
85 # ifndef OPENSSL_NO_MD5 | |
86 EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(), | |
87 PKCS5_PBE_keyivgen); | |
88 # endif | |
89 # ifndef OPENSSL_NO_MD2 | |
90 EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(), | |
91 PKCS5_PBE_keyivgen); | |
92 # endif | |
93 # ifndef OPENSSL_NO_SHA | |
94 EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(), | |
95 PKCS5_PBE_keyivgen); | |
96 # endif | |
97 #endif | |
98 #ifndef OPENSSL_NO_HMAC | |
99 EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen); | |
100 #endif | |
101 } | 70 } |
102 | 71 |
103 int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, | 72 int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, |
104 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_M
D *md, | 73 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_M
D *md, |
105 int en_de) | 74 int en_de) |
106 { | 75 { |
107 EVP_MD_CTX ctx; | 76 EVP_MD_CTX ctx; |
108 unsigned char md_tmp[EVP_MAX_MD_SIZE]; | 77 unsigned char md_tmp[EVP_MAX_MD_SIZE]; |
109 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; | 78 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; |
110 int i; | 79 int i; |
111 PBEPARAM *pbe; | 80 PBEPARAM *pbe; |
112 int saltlen, iter; | 81 int saltlen, iter; |
113 unsigned char *salt; | 82 unsigned char *salt; |
114 const unsigned char *pbuf; | 83 const unsigned char *pbuf; |
| 84 int mdsize; |
115 | 85 |
116 /* Extract useful info from parameter */ | 86 /* Extract useful info from parameter */ |
117 if (param == NULL || param->type != V_ASN1_SEQUENCE || | 87 if (param == NULL || param->type != V_ASN1_SEQUENCE || |
118 param->value.sequence == NULL) { | 88 param->value.sequence == NULL) { |
119 EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); | 89 EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); |
120 return 0; | 90 return 0; |
121 } | 91 } |
122 | 92 |
123 pbuf = param->value.sequence->data; | 93 pbuf = param->value.sequence->data; |
124 if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { | 94 if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { |
125 EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); | 95 EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); |
126 return 0; | 96 return 0; |
127 } | 97 } |
128 | 98 |
129 if (!pbe->iter) iter = 1; | 99 if (!pbe->iter) iter = 1; |
130 else iter = ASN1_INTEGER_get (pbe->iter); | 100 else iter = ASN1_INTEGER_get (pbe->iter); |
131 salt = pbe->salt->data; | 101 salt = pbe->salt->data; |
132 saltlen = pbe->salt->length; | 102 saltlen = pbe->salt->length; |
133 | 103 |
134 if(!pass) passlen = 0; | 104 if(!pass) passlen = 0; |
135 else if(passlen == -1) passlen = strlen(pass); | 105 else if(passlen == -1) passlen = strlen(pass); |
136 | 106 |
137 EVP_MD_CTX_init(&ctx); | 107 EVP_MD_CTX_init(&ctx); |
138 EVP_DigestInit_ex(&ctx, md, NULL); | 108 EVP_DigestInit_ex(&ctx, md, NULL); |
139 EVP_DigestUpdate(&ctx, pass, passlen); | 109 EVP_DigestUpdate(&ctx, pass, passlen); |
140 EVP_DigestUpdate(&ctx, salt, saltlen); | 110 EVP_DigestUpdate(&ctx, salt, saltlen); |
141 PBEPARAM_free(pbe); | 111 PBEPARAM_free(pbe); |
142 EVP_DigestFinal_ex(&ctx, md_tmp, NULL); | 112 EVP_DigestFinal_ex(&ctx, md_tmp, NULL); |
| 113 mdsize = EVP_MD_size(md); |
| 114 if (mdsize < 0) |
| 115 return 0; |
143 for (i = 1; i < iter; i++) { | 116 for (i = 1; i < iter; i++) { |
144 EVP_DigestInit_ex(&ctx, md, NULL); | 117 EVP_DigestInit_ex(&ctx, md, NULL); |
145 » » EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md)); | 118 » » EVP_DigestUpdate(&ctx, md_tmp, mdsize); |
146 EVP_DigestFinal_ex (&ctx, md_tmp, NULL); | 119 EVP_DigestFinal_ex (&ctx, md_tmp, NULL); |
147 } | 120 } |
148 EVP_MD_CTX_cleanup(&ctx); | 121 EVP_MD_CTX_cleanup(&ctx); |
149 OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); | 122 OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); |
150 memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); | 123 memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); |
151 OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); | 124 OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); |
152 memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), | 125 memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), |
153 EVP_CIPHER_iv_length(cipher)); | 126 EVP_CIPHER_iv_length(cipher)); |
154 EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de); | 127 EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de); |
155 OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); | 128 OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); |
156 OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); | 129 OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); |
157 OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); | 130 OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); |
158 return 1; | 131 return 1; |
159 } | 132 } |
OLD | NEW |