/*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
#ifndef OPENSSL_NO_SCRYPT
/* PKCS#5 scrypt password based encryption structures */
-typedef struct {
- ASN1_OCTET_STRING *salt;
- ASN1_INTEGER *costParameter;
- ASN1_INTEGER *blockSize;
- ASN1_INTEGER *parallelizationParameter;
- ASN1_INTEGER *keyLength;
-} SCRYPT_PARAMS;
-
ASN1_SEQUENCE(SCRYPT_PARAMS) = {
ASN1_SIMPLE(SCRYPT_PARAMS, salt, ASN1_OCTET_STRING),
ASN1_SIMPLE(SCRYPT_PARAMS, costParameter, ASN1_INTEGER),
ASN1_SIMPLE(SCRYPT_PARAMS, blockSize, ASN1_INTEGER),
ASN1_SIMPLE(SCRYPT_PARAMS, parallelizationParameter, ASN1_INTEGER),
ASN1_OPT(SCRYPT_PARAMS, keyLength, ASN1_INTEGER),
-} static_ASN1_SEQUENCE_END(SCRYPT_PARAMS)
+} ASN1_SEQUENCE_END(SCRYPT_PARAMS)
-DECLARE_ASN1_ALLOC_FUNCTIONS(SCRYPT_PARAMS)
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(SCRYPT_PARAMS)
+IMPLEMENT_ASN1_FUNCTIONS(SCRYPT_PARAMS)
static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen,
size_t keylen, uint64_t N, uint64_t r,
unsigned char *aiv, uint64_t N, uint64_t r,
uint64_t p)
{
- X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
+ X509_ALGOR *scheme = NULL, *ret = NULL;
int alg_nid;
size_t keylen = 0;
EVP_CIPHER_CTX *ctx = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
PBE2PARAM *pbe2 = NULL;
- ASN1_OBJECT *obj;
if (!cipher) {
ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ERR_R_PASSED_NULL_PARAMETER);
ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
goto err;
}
- obj = OBJ_nid2obj(alg_nid);
+
pbe2 = PBE2PARAM_new();
if (pbe2 == NULL)
goto merr;
/* Setup the AlgorithmIdentifier for the encryption scheme */
scheme = pbe2->encryption;
- scheme->algorithm = obj;
+ scheme->algorithm = OBJ_nid2obj(alg_nid);
scheme->parameter = ASN1_TYPE_new();
if (scheme->parameter == NULL)
goto merr;
if (EVP_CIPHER_iv_length(cipher)) {
if (aiv)
memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
- else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+ else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
goto err;
}
/* Dummy cipherinit to just setup the IV */
if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0) == 0)
goto err;
- if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) {
+ if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) {
ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,
ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
goto err;
err:
PBE2PARAM_free(pbe2);
- X509_ALGOR_free(kalg);
X509_ALGOR_free(ret);
EVP_CIPHER_CTX_free(ctx);
return NULL;
-
}
static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen,
uint64_t p)
{
X509_ALGOR *keyfunc = NULL;
- SCRYPT_PARAMS *sparam = NULL;
+ SCRYPT_PARAMS *sparam = SCRYPT_PARAMS_new();
- sparam = SCRYPT_PARAMS_new();
if (sparam == NULL)
goto merr;
uint64_t p, r, N;
size_t saltlen;
size_t keylen = 0;
- int rv = 0;
+ int t, rv = 0;
SCRYPT_PARAMS *sparam = NULL;
if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
goto err;
}
- keylen = EVP_CIPHER_CTX_key_length(ctx);
+ t = EVP_CIPHER_CTX_key_length(ctx);
+ if (t < 0) {
+ EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_INVALID_KEY_LENGTH);
+ goto err;
+ }
+ keylen = t;
/* Now check the parameters of sparam */