Backport of password based CMS support from HEAD.

[openssl.git] / crypto / evp / evp_pbe.c

diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index f417b96f71d794e4f19fc489af8210f19c9292ed..f8c32d825e79535e6739a84bc37bea66ec4bd405 100644 (file)
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -1,5 +1,5 @@
 /* evp_pbe.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
 /* ====================================================================
@@ -61,10 +61,12 @@
 #include <openssl/evp.h>
 #include <openssl/pkcs12.h>
 #include <openssl/x509.h>
+#include "evp_locl.h"
 
 /* Password based encryption (PBE) functions */
 
-static STACK *pbe_algs;
+DECLARE_STACK_OF(EVP_PBE_CTL)
+static STACK_OF(EVP_PBE_CTL) *pbe_algs;
 
 /* Setup a cipher context from a PBE algorithm */
 
@@ -77,7 +79,7 @@ typedef struct
        EVP_PBE_KEYGEN *keygen;
        } EVP_PBE_CTL;
 
-EVP_PBE_CTL builtin_pbe[] = 
+static const EVP_PBE_CTL builtin_pbe[] = 
        {
        {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC,
                        NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen},
@@ -86,6 +88,10 @@ EVP_PBE_CTL builtin_pbe[] =
        {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
                        NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen},
 
+#ifndef OPENSSL_NO_HMAC
+       {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
+#endif
+
        {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4,
                        NID_rc4, NID_sha1, PKCS12_PBE_keyivgen},
        {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4,
@@ -111,12 +117,12 @@ EVP_PBE_CTL builtin_pbe[] =
 
 
        {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0},
-       {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
        {EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0},
        {EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0},
        {EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0},
        {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
        {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
+       {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
        };
 
 #ifdef TEST
@@ -147,7 +153,7 @@ int main(int argc, char **argv)
 
 
 int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
-            ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
+                      ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
        {
        const EVP_CIPHER *cipher;
        const EVP_MD *md;
@@ -173,12 +179,26 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
        if (cipher_nid == -1)
                cipher = NULL;
        else
+               {
                cipher = EVP_get_cipherbynid(cipher_nid);
+               if (!cipher)
+                       {
+                       EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_CIPHER);
+                       return 0;
+                       }
+               }
 
        if (md_nid == -1)
                md = NULL;
        else
+               {
                md = EVP_get_digestbynid(md_nid);
+               if (!md)
+                       {
+                       EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_DIGEST);
+                       return 0;
+                       }
+               }
 
        if (!keygen(ctx, pass, passlen, param, cipher, md, en_de))
                {
@@ -188,10 +208,10 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
        return 1;       
 }
 
-static int pbe_cmp2(const void *a, const void *b)
+DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2);
+
+static int pbe2_cmp(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2)
        {
-       const EVP_PBE_CTL *pbe1 = a;
-       const EVP_PBE_CTL *pbe2 = b;
        int ret = pbe1->pbe_type - pbe2->pbe_type;
        if (ret)
                return ret;
@@ -199,25 +219,25 @@ static int pbe_cmp2(const void *a, const void *b)
                return pbe1->pbe_nid - pbe2->pbe_nid;
        }
 
-static int pbe_cmp(const char * const *a, const char * const *b)
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2);
+
+static int pbe_cmp(const EVP_PBE_CTL * const *a, const EVP_PBE_CTL * const *b)
        {
-       const EVP_PBE_CTL * const *pbe1 = (const EVP_PBE_CTL * const *) a,
-                       * const *pbe2 = (const EVP_PBE_CTL * const *)b;
-       int ret = (*pbe1)->pbe_type - (*pbe2)->pbe_type;
+       int ret = (*a)->pbe_type - (*b)->pbe_type;
        if (ret)
                return ret;
        else
-               return (*pbe1)->pbe_nid - (*pbe2)->pbe_nid;
+               return (*a)->pbe_nid - (*b)->pbe_nid;
        }
 
 /* Add a PBE algorithm */
 
 int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid,
-            EVP_PBE_KEYGEN *keygen)
+                        EVP_PBE_KEYGEN *keygen)
        {
        EVP_PBE_CTL *pbe_tmp;
        if (!pbe_algs)
-               pbe_algs = sk_new(pbe_cmp);
+               pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp);
        if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL))))
                {
                EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE,ERR_R_MALLOC_FAILURE);
@@ -230,12 +250,12 @@ int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid,
        pbe_tmp->keygen = keygen;
 
 
-       sk_push (pbe_algs, (char *)pbe_tmp);
+       sk_EVP_PBE_CTL_push (pbe_algs, pbe_tmp);
        return 1;
        }
 
 int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
-            EVP_PBE_KEYGEN *keygen)
+                   EVP_PBE_KEYGEN *keygen)
        {
        int cipher_nid, md_nid;
        if (cipher)
@@ -252,7 +272,7 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
        }
 
 int EVP_PBE_find(int type, int pbe_nid,
-                       int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen)
+                int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen)
        {
        EVP_PBE_CTL *pbetmp = NULL, pbelu;
        int i;
@@ -264,17 +284,14 @@ int EVP_PBE_find(int type, int pbe_nid,
 
        if (pbe_algs)
                {
-               i = sk_find(pbe_algs, (char *)&pbelu);
+               i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu);
                if (i != -1)
-                       pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i);
+                       pbetmp = sk_EVP_PBE_CTL_value (pbe_algs, i);
                }
        if (pbetmp == NULL)
                {
-               pbetmp = (EVP_PBE_CTL *) OBJ_bsearch((char *)&pbelu,
-                       (char *)builtin_pbe,
-                       sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL),
-                       sizeof(EVP_PBE_CTL),
-                       pbe_cmp2);
+               pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe,
+                                    sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL));
                }
        if (pbetmp == NULL)
                return 0;
@@ -286,11 +303,14 @@ int EVP_PBE_find(int type, int pbe_nid,
                *pkeygen = pbetmp->keygen;
        return 1;
        }
-               
 
+static void free_evp_pbe_ctl(EVP_PBE_CTL *pbe)
+        {
+        OPENSSL_freeFunc(pbe);
+        }
 
 void EVP_PBE_cleanup(void)
        {
-       sk_pop_free(pbe_algs, OPENSSL_freeFunc);
+       sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl);
        pbe_algs = NULL;
        }