]>
git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/evp/p5_crpt.c
f3ac675ff2e3581ce64b336896b10b2c8d1e4730
2 * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include "internal/cryptlib.h"
13 #include <openssl/x509.h>
14 #include <openssl/evp.h>
15 #include <openssl/core_names.h>
16 #include <openssl/kdf.h>
19 * Doesn't do anything now: Builtin PBE algorithms in static table.
22 void PKCS5_PBE_add(void)
26 int PKCS5_PBE_keyivgen_ex(EVP_CIPHER_CTX
*cctx
, const char *pass
, int passlen
,
27 ASN1_TYPE
*param
, const EVP_CIPHER
*cipher
,
28 const EVP_MD
*md
, int en_de
, OSSL_LIB_CTX
*libctx
,
31 unsigned char md_tmp
[EVP_MAX_MD_SIZE
];
32 unsigned char key
[EVP_MAX_KEY_LENGTH
], iv
[EVP_MAX_IV_LENGTH
];
40 EVP_KDF_CTX
*kctx
= NULL
;
41 OSSL_PARAM params
[5], *p
= params
;
42 const char *mdname
= EVP_MD_name(md
);
44 /* Extract useful info from parameter */
45 if (param
== NULL
|| param
->type
!= V_ASN1_SEQUENCE
||
46 param
->value
.sequence
== NULL
) {
47 ERR_raise(ERR_LIB_EVP
, EVP_R_DECODE_ERROR
);
51 pbe
= ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM
), param
);
53 ERR_raise(ERR_LIB_EVP
, EVP_R_DECODE_ERROR
);
57 ivl
= EVP_CIPHER_get_iv_length(cipher
);
58 if (ivl
< 0 || ivl
> 16) {
59 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_IV_LENGTH
);
62 kl
= EVP_CIPHER_get_key_length(cipher
);
63 if (kl
< 0 || kl
> (int)sizeof(md_tmp
)) {
64 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_KEY_LENGTH
);
68 if (pbe
->iter
== NULL
)
71 iter
= ASN1_INTEGER_get(pbe
->iter
);
72 salt
= pbe
->salt
->data
;
73 saltlen
= pbe
->salt
->length
;
77 else if (passlen
== -1)
78 passlen
= strlen(pass
);
80 mdsize
= EVP_MD_get_size(md
);
84 kdf
= EVP_KDF_fetch(libctx
, OSSL_KDF_NAME_PBKDF1
, propq
);
85 kctx
= EVP_KDF_CTX_new(kdf
);
89 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD
,
90 (char *)pass
, (size_t)passlen
);
91 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT
,
93 *p
++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_ITER
, &iter
);
94 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST
,
96 *p
= OSSL_PARAM_construct_end();
97 if (EVP_KDF_derive(kctx
, md_tmp
, mdsize
, params
) != 1)
99 memcpy(key
, md_tmp
, kl
);
100 memcpy(iv
, md_tmp
+ (16 - ivl
), ivl
);
101 if (!EVP_CipherInit_ex(cctx
, cipher
, NULL
, key
, iv
, en_de
))
103 OPENSSL_cleanse(md_tmp
, EVP_MAX_MD_SIZE
);
104 OPENSSL_cleanse(key
, EVP_MAX_KEY_LENGTH
);
105 OPENSSL_cleanse(iv
, EVP_MAX_IV_LENGTH
);
108 EVP_KDF_CTX_free(kctx
);
113 int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX
*cctx
, const char *pass
, int passlen
,
114 ASN1_TYPE
*param
, const EVP_CIPHER
*cipher
,
115 const EVP_MD
*md
, int en_de
)
117 return PKCS5_PBE_keyivgen_ex(cctx
, pass
, passlen
, param
, cipher
, md
, en_de
,