generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Extended PBES2 function supporting application supplied IV and PRF NID.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2006-05-17 12:47:17 +00:00
parent 8de916bcee
commit ae519a247f
2 changed files with 26 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
crypto/asn1/p5_pbev2.c
View File

@ -82,10 +82,13 @@ IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: /* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
* yes I know this is horrible! * yes I know this is horrible!
*
* Extended version to allow application supplied PRF NID and IV.
*/ */
X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
unsigned char *salt, int saltlen) unsigned char *salt, int saltlen,
unsigned char *aiv, int prf_nid)
{ {
X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
int alg_nid; int alg_nid;
@ -95,7 +98,6 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
PBE2PARAM *pbe2 = NULL; PBE2PARAM *pbe2 = NULL;
ASN1_OCTET_STRING *osalt = NULL; ASN1_OCTET_STRING *osalt = NULL;
ASN1_OBJECT *obj; ASN1_OBJECT *obj;
int prf_nid;
alg_nid = EVP_CIPHER_type(cipher); alg_nid = EVP_CIPHER_type(cipher);
if(alg_nid == NID_undef) { if(alg_nid == NID_undef) {
@ -114,9 +116,13 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
if(!(scheme->parameter = ASN1_TYPE_new())) goto merr; if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
/* Create random IV */ /* Create random IV */
if (EVP_CIPHER_iv_length(cipher) && if (EVP_CIPHER_iv_length(cipher))
RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) {
goto err; if (aiv)
memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
goto err;
}
EVP_CIPHER_CTX_init(&ctx); EVP_CIPHER_CTX_init(&ctx);
@ -128,8 +134,11 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_cleanup(&ctx);
goto err; goto err;
} }
/* An error is OK here: just means use default PRF */ /* If prf NID unspecified see if cipher has a preference.
if (EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) * An error is OK here: just means use default PRF.
*/
if ((prf_nid == -1) &&
EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0)
{ {
ERR_clear_error(); ERR_clear_error();
prf_nid = NID_hmacWithSHA1; prf_nid = NID_hmacWithSHA1;
@ -218,3 +227,9 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
return NULL; return NULL;
} }
X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
unsigned char *salt, int saltlen)
{
return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
}

3
crypto/x509/x509.h
View File

@ -1238,6 +1238,9 @@ DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen); X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
unsigned char *salt, int saltlen); unsigned char *salt, int saltlen);
X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
unsigned char *salt, int saltlen,
unsigned char *aiv, int prf_nid);
/* PKCS#8 utilities */ /* PKCS#8 utilities */