From: Dr. Stephen Henson Date: Sun, 6 Jun 1999 18:41:52 +0000 (+0000) Subject: Change PBE handling a bit more: now the key and iv generator does calls X-Git-Tag: OpenSSL_0_9_4~238 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=2bd83ca1c95405fe03b33cdc98e6fa43e7258246 Change PBE handling a bit more: now the key and iv generator does calls EVP_CipherInit() this because the IV wont be easily available when doing PKCS#5 v2.0 --- diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 5e12b21f9c..ad02fd33da 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -395,9 +395,9 @@ typedef struct evp_Encode_Ctx_st } EVP_ENCODE_CTX; /* Password based encryption function */ -typedef int (EVP_PBE_KEYGEN)(const char *pass, int passlen, +typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, EVP_CIPHER *cipher, - EVP_MD *md, unsigned char *key, unsigned char *iv); + EVP_MD *md, int en_de); #define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ (char *)(rsa)) @@ -635,9 +635,9 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); /* PKCS5 password based encryption */ -int PKCS5_PBE_keyivgen(const char *pass, int passlen, ASN1_TYPE *param, - EVP_CIPHER *cipher, EVP_MD *md, - unsigned char *key, unsigned char *iv); +int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, + int en_de); void PKCS5_PBE_add(void); diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index abc4d0683c..353c3ad667 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -79,7 +79,6 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, { EVP_PBE_CTL *pbetmp, pbelu; - unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; int i; pbelu.pbe_nid = OBJ_obj2nid(pbe_obj); if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu); @@ -95,13 +94,12 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, } if (passlen == -1) passlen = strlen(pass); pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i); - i = (*pbetmp->keygen)(pass, passlen, param, pbetmp->cipher, - pbetmp->md, key, iv); + i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher, + pbetmp->md, en_de); if (!i) { EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE); return 0; } - EVP_CipherInit (ctx, pbetmp->cipher, key, iv, en_de); return 1; } diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index 857835bc74..2d80c3416a 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -85,12 +85,13 @@ EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(), #endif } -int PKCS5_PBE_keyivgen(const char *pass, int passlen, ASN1_TYPE *param, - EVP_CIPHER *cipher, EVP_MD *md, - unsigned char *key, unsigned char *iv) +int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, + int en_de) { EVP_MD_CTX ctx; unsigned char md_tmp[EVP_MAX_MD_SIZE]; + unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; int i; PBEPARAM *pbe; int saltlen, iter; @@ -122,5 +123,9 @@ int PKCS5_PBE_keyivgen(const char *pass, int passlen, ASN1_TYPE *param, memcpy (key, md_tmp, EVP_CIPHER_key_length(cipher)); memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), EVP_CIPHER_iv_length(cipher)); + EVP_CipherInit(cctx, cipher, key, iv, en_de); + memset(md_tmp, 0, EVP_MAX_MD_SIZE); + memset(key, 0, EVP_MAX_KEY_LENGTH); + memset(iv, 0, EVP_MAX_IV_LENGTH); return 1; } diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c index cb65c42000..ae516eeb8d 100644 --- a/crypto/pkcs12/p12_crpt.c +++ b/crypto/pkcs12/p12_crpt.c @@ -82,13 +82,13 @@ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(), #endif } -int PKCS12_PBE_keyivgen (const char *pass, int passlen, ASN1_TYPE *param, - EVP_CIPHER *cipher, EVP_MD *md, - unsigned char *key, unsigned char *iv) +int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, int en_de) { PBEPARAM *pbe; int saltlen, iter; unsigned char *salt, *pbuf; + unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; /* Extract useful info from parameter */ pbuf = param->value.sequence->data; @@ -115,5 +115,8 @@ int PKCS12_PBE_keyivgen (const char *pass, int passlen, ASN1_TYPE *param, return 0; } PBEPARAM_free(pbe); + EVP_CipherInit(ctx, cipher, key, iv, en_de); + memset(key, 0, EVP_MAX_KEY_LENGTH); + memset(iv, 0, EVP_MAX_IV_LENGTH); return 1; } diff --git a/crypto/pkcs12/pkcs12.h b/crypto/pkcs12/pkcs12.h index 12ef0e5146..1ab91a3c8f 100644 --- a/crypto/pkcs12/pkcs12.h +++ b/crypto/pkcs12/pkcs12.h @@ -230,9 +230,9 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type); int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type); -int PKCS12_PBE_keyivgen(const char *pass, int passlen, ASN1_TYPE *param, - EVP_CIPHER *cipher, EVP_MD *md_type, - unsigned char *key, unsigned char *iv); +int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md_type, + int en_de); int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *mac, unsigned int *maclen); int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);