EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),
PKCS12_PBE_keyivgen);
#endif
+#ifndef NO_DES
EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
+#endif
#ifndef NO_RC2
EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),
EVP_sha1(), PKCS12_PBE_keyivgen);
#endif
}
-int PKCS12_PBE_keyivgen (const char *pass, int passlen, ASN1_TYPE *param,
- EVP_CIPHER *cipher, EVP_MD *md,
- unsigned char *key, unsigned char *iv)
+int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+ ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, int en_de)
{
PBEPARAM *pbe;
int saltlen, iter;
unsigned char *salt, *pbuf;
+ unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
/* Extract useful info from parameter */
pbuf = param->value.sequence->data;
- if (!(pbe = d2i_PBEPARAM (NULL, &pbuf,
- param->value.sequence->length))) {
+ if (!param || (param->type != V_ASN1_SEQUENCE) ||
+ !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
EVPerr(PKCS12_F_PKCS12_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
return 0;
}
return 0;
}
PBEPARAM_free(pbe);
+ EVP_CipherInit(ctx, cipher, key, iv, en_de);
+ memset(key, 0, EVP_MAX_KEY_LENGTH);
+ memset(iv, 0, EVP_MAX_IV_LENGTH);
return 1;
}