X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fpkcs12%2Fp12_crpt.c;h=b2659f60ef447bc9235adb87fb8e94429073d54a;hp=7d3a94dc33a33c86f32d3c9f2342e4fd4b9ea864;hb=4dc719fc37cb2201c8e211c6a684d71477c20f50;hpb=ee0508d4114e2b2291953a7d4c81a09b624b8821

diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c
index 7d3a94dc33..b2659f60ef 100644
--- a/crypto/pkcs12/p12_crpt.c
+++ b/crypto/pkcs12/p12_crpt.c
@@ -58,46 +58,67 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "pkcs12.h"
+#include <openssl/pkcs12.h>
 
 /* PKCS#12 specific PBE functions */
 
-void PKCS12_PBE_add()
+void PKCS12_PBE_add(void)
 {
+#ifndef OPENSSL_NO_RC4
 EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(),
 							 PKCS12_PBE_keyivgen);
 EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),
 							 PKCS12_PBE_keyivgen);
+#endif
+#ifndef OPENSSL_NO_DES
 EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
 		 	EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
 EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 
 			EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
+#endif
+#ifndef OPENSSL_NO_RC2
 EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),
 					EVP_sha1(), PKCS12_PBE_keyivgen);
 EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
 					EVP_sha1(), PKCS12_PBE_keyivgen);
+#endif
 }
 
-int PKCS12_PBE_keyivgen (pass, passlen, salt, saltlen, iter, cipher,
-								 md, key, iv)
-unsigned char *pass;
-int passlen;
-unsigned char *salt;
-int saltlen;
-int iter;
-EVP_CIPHER *cipher;
-EVP_MD *md;
-unsigned char *key, *iv;
+int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+		ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, int en_de)
 {
+	PBEPARAM *pbe;
+	int saltlen, iter;
+	unsigned char *salt, *pbuf;
+	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+
+	/* Extract useful info from parameter */
+	pbuf = param->value.sequence->data;
+	if (!param || (param->type != V_ASN1_SEQUENCE) ||
+	   !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
+		EVPerr(PKCS12_F_PKCS12_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+		return 0;
+	}
+
+	if (!pbe->iter) iter = 1;
+	else iter = ASN1_INTEGER_get (pbe->iter);
+	salt = pbe->salt->data;
+	saltlen = pbe->salt->length;
 	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
- 				iter, EVP_CIPHER_key_length(cipher), key, md)) {
+			     iter, EVP_CIPHER_key_length(cipher), key, md)) {
 		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR);
+		PBEPARAM_free(pbe);
 		return 0;
 	}
 	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
 				iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
 		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR);
+		PBEPARAM_free(pbe);
 		return 0;
 	}
+	PBEPARAM_free(pbe);
+	EVP_CipherInit(ctx, cipher, key, iv, en_de);
+	memset(key, 0, EVP_MAX_KEY_LENGTH);
+	memset(iv, 0, EVP_MAX_IV_LENGTH);
 	return 1;
 }