Change PBE handling a bit more: now the key and iv generator does calls
EVP_CipherInit() this because the IV wont be easily available when doing PKCS#5 v2.0
This commit is contained in:
Dr. Stephen Henson
parent
69cbf46811
commit
2bd83ca1c9
@ -395,9 +395,9 @@ typedef struct evp_Encode_Ctx_st
|
||||
} EVP_ENCODE_CTX;
|
||||
|
||||
/* Password based encryption function */
|
||||
typedef int (EVP_PBE_KEYGEN)(const char *pass, int passlen,
|
||||
typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
|
||||
ASN1_TYPE *param, EVP_CIPHER *cipher,
|
||||
EVP_MD *md, unsigned char *key, unsigned char *iv);
|
||||
EVP_MD *md, int en_de);
|
||||
|
||||
#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
|
||||
(char *)(rsa))
|
||||
@ -635,9 +635,9 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
|
||||
int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
|
||||
|
||||
/* PKCS5 password based encryption */
|
||||
int PKCS5_PBE_keyivgen(const char *pass, int passlen, ASN1_TYPE *param,
|
||||
EVP_CIPHER *cipher, EVP_MD *md,
|
||||
unsigned char *key, unsigned char *iv);
|
||||
int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
|
||||
ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md,
|
||||
int en_de);
|
||||
|
||||
void PKCS5_PBE_add(void);
|
||||
|
||||
|
||||
@ -79,7 +79,6 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
|
||||
{
|
||||
|
||||
EVP_PBE_CTL *pbetmp, pbelu;
|
||||
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
|
||||
int i;
|
||||
pbelu.pbe_nid = OBJ_obj2nid(pbe_obj);
|
||||
if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu);
|
||||
@ -95,13 +94,12 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
|
||||
}
|
||||
if (passlen == -1) passlen = strlen(pass);
|
||||
pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i);
|
||||
i = (*pbetmp->keygen)(pass, passlen, param, pbetmp->cipher,
|
||||
pbetmp->md, key, iv);
|
||||
i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher,
|
||||
pbetmp->md, en_de);
|
||||
if (!i) {
|
||||
EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
EVP_CipherInit (ctx, pbetmp->cipher, key, iv, en_de);
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
@ -85,12 +85,13 @@ EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(),
|
||||
#endif
|
||||
}
|
||||
|
||||
int PKCS5_PBE_keyivgen(const char *pass, int passlen, ASN1_TYPE *param,
|
||||
EVP_CIPHER *cipher, EVP_MD *md,
|
||||
unsigned char *key, unsigned char *iv)
|
||||
int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
|
||||
ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md,
|
||||
int en_de)
|
||||
{
|
||||
EVP_MD_CTX ctx;
|
||||
unsigned char md_tmp[EVP_MAX_MD_SIZE];
|
||||
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
|
||||
int i;
|
||||
PBEPARAM *pbe;
|
||||
int saltlen, iter;
|
||||
@ -122,5 +123,9 @@ int PKCS5_PBE_keyivgen(const char *pass, int passlen, ASN1_TYPE *param,
|
||||
memcpy (key, md_tmp, EVP_CIPHER_key_length(cipher));
|
||||
memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
|
||||
EVP_CIPHER_iv_length(cipher));
|
||||
EVP_CipherInit(cctx, cipher, key, iv, en_de);
|
||||
memset(md_tmp, 0, EVP_MAX_MD_SIZE);
|
||||
memset(key, 0, EVP_MAX_KEY_LENGTH);
|
||||
memset(iv, 0, EVP_MAX_IV_LENGTH);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -82,13 +82,13 @@ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
|
||||
#endif
|
||||
}
|
||||
|
||||
int PKCS12_PBE_keyivgen (const char *pass, int passlen, ASN1_TYPE *param,
|
||||
EVP_CIPHER *cipher, EVP_MD *md,
|
||||
unsigned char *key, unsigned char *iv)
|
||||
int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
|
||||
ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, int en_de)
|
||||
{
|
||||
PBEPARAM *pbe;
|
||||
int saltlen, iter;
|
||||
unsigned char *salt, *pbuf;
|
||||
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
|
||||
|
||||
/* Extract useful info from parameter */
|
||||
pbuf = param->value.sequence->data;
|
||||
@ -115,5 +115,8 @@ int PKCS12_PBE_keyivgen (const char *pass, int passlen, ASN1_TYPE *param,
|
||||
return 0;
|
||||
}
|
||||
PBEPARAM_free(pbe);
|
||||
EVP_CipherInit(ctx, cipher, key, iv, en_de);
|
||||
memset(key, 0, EVP_MAX_KEY_LENGTH);
|
||||
memset(iv, 0, EVP_MAX_IV_LENGTH);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -230,9 +230,9 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
|
||||
int saltlen, int id, int iter, int n,
|
||||
unsigned char *out, const EVP_MD *md_type);
|
||||
int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type);
|
||||
int PKCS12_PBE_keyivgen(const char *pass, int passlen, ASN1_TYPE *param,
|
||||
EVP_CIPHER *cipher, EVP_MD *md_type,
|
||||
unsigned char *key, unsigned char *iv);
|
||||
int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
|
||||
ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md_type,
|
||||
int en_de);
|
||||
int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
|
||||
unsigned char *mac, unsigned int *maclen);
|
||||
int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user