Further PKCS#12 integration, PBE, PKCS#8 additions.
authorDr. Stephen Henson <steve@openssl.org>
Sun, 28 Mar 1999 17:46:10 +0000 (17:46 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 28 Mar 1999 17:46:10 +0000 (17:46 +0000)
15 files changed:
CHANGES
crypto/asn1/Makefile.ssl
crypto/asn1/asn1.err
crypto/asn1/asn1.h
crypto/asn1/asn1_err.c
crypto/asn1/asn_pack.c [new file with mode: 0644]
crypto/asn1/p5_pbe.c [new file with mode: 0644]
crypto/asn1/p8_pkey.c [new file with mode: 0644]
crypto/evp/Makefile.ssl
crypto/evp/evp.err
crypto/evp/evp.h
crypto/evp/evp_err.c
crypto/evp/evp_pbe.c [new file with mode: 0644]
crypto/evp/evp_pkey.c [new file with mode: 0644]
crypto/x509/x509.h

diff --git a/CHANGES b/CHANGES
index 92021d3..f597acc 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,9 +5,14 @@
 
  Changes between 0.9.2b and 0.9.3
 
+  *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and
+     packing functions to asn1 and evp. Changed function names and error
+     codes along the way.
+     [Steve Henson]
+
   *) PKCS12 integration: and so it begins... First of several patches to
      slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12
-     objects to object.h
+     objects to objects.h
      [Steve Henson]
 
   *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1
index 1b3f69f..5f5750b 100644 (file)
@@ -36,7 +36,7 @@ LIBSRC=       a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
        f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
        f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
        asn1_par.c asn1_lib.c $(ERRC).c a_meth.c a_bytes.c \
-       evp_asn1.c
+       evp_asn1.c asn_pack.c p5_pbe.c p8_pkey.c
 LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
        a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o \
        a_enum.o a_sign.o a_digest.o a_verify.o \
@@ -51,7 +51,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
        f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
        f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
        asn1_par.o asn1_lib.o $(ERRC).o a_meth.o a_bytes.o \
-       evp_asn1.o
+       evp_asn1.o asn_pack.o p5_pbe.o p8_pkey.o
 
 SRC= $(LIBSRC)
 
index 3146d47..065448c 100644 (file)
 #define ASN1_F_ASN1_INTEGER_SET                                 111
 #define ASN1_F_ASN1_INTEGER_TO_BN                       112
 #define ASN1_F_ASN1_OBJECT_NEW                          113
+#define ASN1_F_ASN1_PACK_STRING                                 245
+#define ASN1_F_ASN1_SEQ_PACK                            246
+#define ASN1_F_ASN1_SEQ_UNPACK                          247
 #define ASN1_F_ASN1_SIGN                                114
 #define ASN1_F_ASN1_STRING_NEW                          115
 #define ASN1_F_ASN1_STRING_TYPE_NEW                     116
 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING            117
 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING                118
 #define ASN1_F_ASN1_TYPE_NEW                            119
+#define ASN1_F_ASN1_UNPACK_STRING                       248
 #define ASN1_F_ASN1_UTCTIME_NEW                                 120
 #define ASN1_F_ASN1_VERIFY                              121
 #define ASN1_F_AUTHORITY_KEYID_NEW                      237
@@ -60,6 +64,7 @@
 #define ASN1_F_D2I_NETSCAPE_RSA_2                       142
 #define ASN1_F_D2I_NETSCAPE_SPKAC                       143
 #define ASN1_F_D2I_NETSCAPE_SPKI                        144
+#define ASN1_F_D2I_PBEPARAM                             249
 #define ASN1_F_D2I_PKCS7                                145
 #define ASN1_F_D2I_PKCS7_DIGEST                                 146
 #define ASN1_F_D2I_PKCS7_ENCRYPT                        147
@@ -70,6 +75,7 @@
 #define ASN1_F_D2I_PKCS7_SIGNED                                 152
 #define ASN1_F_D2I_PKCS7_SIGNER_INFO                    153
 #define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE                  154
+#define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO                  250
 #define ASN1_F_D2I_PKEY_USAGE_PERIOD                    239
 #define ASN1_F_D2I_PRIVATEKEY                           155
 #define ASN1_F_D2I_PUBLICKEY                            156
 #define ASN1_F_NETSCAPE_PKEY_NEW                        189
 #define ASN1_F_NETSCAPE_SPKAC_NEW                       190
 #define ASN1_F_NETSCAPE_SPKI_NEW                        191
+#define ASN1_F_PBEPARAM_NEW                             251
 #define ASN1_F_PKCS7_DIGEST_NEW                                 192
 #define ASN1_F_PKCS7_ENCRYPT_NEW                        193
 #define ASN1_F_PKCS7_ENC_CONTENT_NEW                    194
 #define ASN1_F_PKCS7_SIGNED_NEW                                 199
 #define ASN1_F_PKCS7_SIGNER_INFO_NEW                    200
 #define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW                  201
+#define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW                  252
 #define ASN1_F_PKEY_USAGE_PERIOD_NEW                    240
 #define ASN1_F_SXNETID_NEW                              244
 #define ASN1_F_SXNET_NEW                                242
 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                  108
 #define ASN1_R_BUFFER_TOO_SMALL                                 109
 #define ASN1_R_DATA_IS_WRONG                            110
+#define ASN1_R_DECODE_ERROR                             155
 #define ASN1_R_DECODING_ERROR                           111
+#define ASN1_R_DEOCDE_ERROR                             157
+#define ASN1_R_ENCODE_ERROR                             156
 #define ASN1_R_ERROR_PARSING_SET_ELEMENT                112
 #define ASN1_R_EXPECTING_AN_ENUMERATED                  154
 #define ASN1_R_EXPECTING_AN_INTEGER                     113
index 7e605c8..36ffa37 100644 (file)
@@ -575,6 +575,13 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
 int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
        unsigned char *data, int max_len);
 
+STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
+                                                void (*free_func)() ); 
+unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
+                                                                int *len );
+char *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
+ASN1_STRING *ASN1_pack_string(char *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
+
 #else
 
 ASN1_TYPE *    ASN1_TYPE_new();
@@ -688,6 +695,11 @@ int ASN1_TYPE_get_int_octetstring();
 int i2d_ASN1_BMPSTRING();
 ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
 
+STACK *ASN1_seq_unpack();
+unsigned char *ASN1_seq_pack();
+char *ASN1_unpack_string();
+ASN1_STRING *ASN1_pack_string();
+
 #endif
 
 /* BEGIN ERROR CODES */
@@ -712,12 +724,16 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
 #define ASN1_F_ASN1_INTEGER_SET                                 111
 #define ASN1_F_ASN1_INTEGER_TO_BN                       112
 #define ASN1_F_ASN1_OBJECT_NEW                          113
+#define ASN1_F_ASN1_PACK_STRING                                 245
+#define ASN1_F_ASN1_SEQ_PACK                            246
+#define ASN1_F_ASN1_SEQ_UNPACK                          247
 #define ASN1_F_ASN1_SIGN                                114
 #define ASN1_F_ASN1_STRING_NEW                          115
 #define ASN1_F_ASN1_STRING_TYPE_NEW                     116
 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING            117
 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING                118
 #define ASN1_F_ASN1_TYPE_NEW                            119
+#define ASN1_F_ASN1_UNPACK_STRING                       248
 #define ASN1_F_ASN1_UTCTIME_NEW                                 120
 #define ASN1_F_ASN1_VERIFY                              121
 #define ASN1_F_AUTHORITY_KEYID_NEW                      237
@@ -753,6 +769,7 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
 #define ASN1_F_D2I_NETSCAPE_RSA_2                       142
 #define ASN1_F_D2I_NETSCAPE_SPKAC                       143
 #define ASN1_F_D2I_NETSCAPE_SPKI                        144
+#define ASN1_F_D2I_PBEPARAM                             249
 #define ASN1_F_D2I_PKCS7                                145
 #define ASN1_F_D2I_PKCS7_DIGEST                                 146
 #define ASN1_F_D2I_PKCS7_ENCRYPT                        147
@@ -763,6 +780,7 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
 #define ASN1_F_D2I_PKCS7_SIGNED                                 152
 #define ASN1_F_D2I_PKCS7_SIGNER_INFO                    153
 #define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE                  154
+#define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO                  250
 #define ASN1_F_D2I_PKEY_USAGE_PERIOD                    239
 #define ASN1_F_D2I_PRIVATEKEY                           155
 #define ASN1_F_D2I_PUBLICKEY                            156
@@ -806,6 +824,7 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
 #define ASN1_F_NETSCAPE_PKEY_NEW                        189
 #define ASN1_F_NETSCAPE_SPKAC_NEW                       190
 #define ASN1_F_NETSCAPE_SPKI_NEW                        191
+#define ASN1_F_PBEPARAM_NEW                             251
 #define ASN1_F_PKCS7_DIGEST_NEW                                 192
 #define ASN1_F_PKCS7_ENCRYPT_NEW                        193
 #define ASN1_F_PKCS7_ENC_CONTENT_NEW                    194
@@ -816,6 +835,7 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
 #define ASN1_F_PKCS7_SIGNED_NEW                                 199
 #define ASN1_F_PKCS7_SIGNER_INFO_NEW                    200
 #define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW                  201
+#define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW                  252
 #define ASN1_F_PKEY_USAGE_PERIOD_NEW                    240
 #define ASN1_F_SXNETID_NEW                              244
 #define ASN1_F_SXNET_NEW                                242
@@ -852,7 +872,10 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                  108
 #define ASN1_R_BUFFER_TOO_SMALL                                 109
 #define ASN1_R_DATA_IS_WRONG                            110
+#define ASN1_R_DECODE_ERROR                             155
 #define ASN1_R_DECODING_ERROR                           111
+#define ASN1_R_DEOCDE_ERROR                             157
+#define ASN1_R_ENCODE_ERROR                             156
 #define ASN1_R_ERROR_PARSING_SET_ELEMENT                112
 #define ASN1_R_EXPECTING_AN_ENUMERATED                  154
 #define ASN1_R_EXPECTING_AN_INTEGER                     113
index 9003582..a150e3f 100644 (file)
@@ -81,12 +81,16 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0),        "ASN1_INTEGER_set"},
 {ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0),      "ASN1_INTEGER_to_BN"},
 {ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0), "ASN1_OBJECT_new"},
+{ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0),        "ASN1_pack_string"},
+{ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0),   "ASN1_seq_pack"},
+{ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0), "ASN1_seq_unpack"},
 {ERR_PACK(0,ASN1_F_ASN1_SIGN,0),       "ASN1_SIGN"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_NEW,0), "ASN1_STRING_new"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0),    "ASN1_STRING_type_new"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),   "ASN1_TYPE_get_int_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),       "ASN1_TYPE_get_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_NEW,0),   "ASN1_TYPE_new"},
+{ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0),      "ASN1_unpack_string"},
 {ERR_PACK(0,ASN1_F_ASN1_UTCTIME_NEW,0),        "ASN1_UTCTIME_NEW"},
 {ERR_PACK(0,ASN1_F_ASN1_VERIFY,0),     "ASN1_VERIFY"},
 {ERR_PACK(0,ASN1_F_AUTHORITY_KEYID_NEW,0),     "AUTHORITY_KEYID_NEW"},
@@ -122,6 +126,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),      "D2I_NETSCAPE_RSA_2"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0),      "D2I_NETSCAPE_SPKAC"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0),       "D2I_NETSCAPE_SPKI"},
+{ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0),    "D2I_PBEPARAM"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS7,0),       "D2I_PKCS7"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS7_DIGEST,0),        "D2I_PKCS7_DIGEST"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS7_ENCRYPT,0),       "D2I_PKCS7_ENCRYPT"},
@@ -132,6 +137,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNED,0),        "D2I_PKCS7_SIGNED"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNER_INFO,0),   "D2I_PKCS7_SIGNER_INFO"},
 {ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,0), "D2I_PKCS7_SIGN_ENVELOPE"},
+{ERR_PACK(0,ASN1_F_D2I_PKCS8_PRIV_KEY_INFO,0), "D2I_PKCS8_PRIV_KEY_INFO"},
 {ERR_PACK(0,ASN1_F_D2I_PKEY_USAGE_PERIOD,0),   "D2I_PKEY_USAGE_PERIOD"},
 {ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0),  "D2I_PRIVATEKEY"},
 {ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0),   "D2I_PUBLICKEY"},
@@ -175,6 +181,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_NETSCAPE_PKEY_NEW,0),       "NETSCAPE_PKEY_NEW"},
 {ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0),      "NETSCAPE_SPKAC_NEW"},
 {ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0),       "NETSCAPE_SPKI_NEW"},
+{ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0),    "PBEPARAM_NEW"},
 {ERR_PACK(0,ASN1_F_PKCS7_DIGEST_NEW,0),        "PKCS7_DIGEST_NEW"},
 {ERR_PACK(0,ASN1_F_PKCS7_ENCRYPT_NEW,0),       "PKCS7_ENCRYPT_NEW"},
 {ERR_PACK(0,ASN1_F_PKCS7_ENC_CONTENT_NEW,0),   "PKCS7_ENC_CONTENT_NEW"},
@@ -185,6 +192,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_PKCS7_SIGNED_NEW,0),        "PKCS7_SIGNED_NEW"},
 {ERR_PACK(0,ASN1_F_PKCS7_SIGNER_INFO_NEW,0),   "PKCS7_SIGNER_INFO_NEW"},
 {ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0), "PKCS7_SIGN_ENVELOPE_NEW"},
+{ERR_PACK(0,ASN1_F_PKCS8_PRIV_KEY_INFO_NEW,0), "PKCS8_PRIV_KEY_INFO_NEW"},
 {ERR_PACK(0,ASN1_F_PKEY_USAGE_PERIOD_NEW,0),   "PKEY_USAGE_PERIOD_NEW"},
 {ERR_PACK(0,ASN1_F_SXNETID_NEW,0),     "SXNETID_NEW"},
 {ERR_PACK(0,ASN1_F_SXNET_NEW,0),       "SXNET_NEW"},
@@ -224,7 +232,10 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_BOOLEAN_IS_WRONG_LENGTH          ,"boolean is wrong length"},
 {ASN1_R_BUFFER_TOO_SMALL                 ,"buffer too small"},
 {ASN1_R_DATA_IS_WRONG                    ,"data is wrong"},
+{ASN1_R_DECODE_ERROR                     ,"decode error"},
 {ASN1_R_DECODING_ERROR                   ,"decoding error"},
+{ASN1_R_DEOCDE_ERROR                     ,"deocde error"},
+{ASN1_R_ENCODE_ERROR                     ,"encode error"},
 {ASN1_R_ERROR_PARSING_SET_ELEMENT        ,"error parsing set element"},
 {ASN1_R_EXPECTING_AN_ENUMERATED          ,"expecting an enumerated"},
 {ASN1_R_EXPECTING_AN_INTEGER             ,"expecting an integer"},
diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c
new file mode 100644 (file)
index 0000000..e04d327
--- /dev/null
@@ -0,0 +1,154 @@
+/* asn_pack.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1.h"
+
+/* ASN1 packing and unpacking functions */
+
+/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
+
+STACK *ASN1_seq_unpack(buf, len, d2i, free_func)
+unsigned char *buf;
+int len;
+char *(*d2i)();
+void (*free_func)();
+{
+    STACK *sk;
+    unsigned char *pbuf;
+    pbuf =  buf;
+    if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
+                                       V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
+                ASN1err(ASN1_F_ASN1_SEQ_UNPACK,ASN1_R_DECODE_ERROR);
+    return sk;
+}
+
+/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
+ * Malloc'ed buffer
+ */
+
+unsigned char *ASN1_seq_pack(safes, i2d, buf, len)
+STACK *safes;
+int (*i2d)();
+unsigned char **buf;
+int *len;
+{
+       int safelen;
+       unsigned char *safe, *p;
+       if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE,
+                                             V_ASN1_UNIVERSAL, IS_SEQUENCE))) {
+               ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR);
+               return NULL;
+       }
+       if (!(safe = Malloc (safelen))) {
+               ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE);
+               return NULL;
+       }
+       p = safe;
+       i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
+                                                                IS_SEQUENCE);
+       if (len) *len = safelen;
+       if (buf) *buf = safe;
+       return safe;
+}
+
+/* Extract an ASN1 object from an ASN1_STRING */
+
+char *ASN1_unpack_string (oct, d2i)
+ASN1_STRING *oct;
+char *(*d2i)();
+{
+       unsigned char *p, *ret;
+       p = oct->data;
+       if(!(ret = d2i(NULL, &p, oct->length)))
+               ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
+       return ret;
+}
+
+/* Pack an ASN1 object into an ASN1_STRING */
+
+ASN1_STRING *ASN1_pack_string (obj, i2d, oct)
+char *obj;
+int (*i2d)();
+ASN1_STRING **oct;
+{
+       unsigned char *p;
+       ASN1_STRING *octmp;
+
+       if (!oct || !*oct) {
+               if (!(octmp = ASN1_STRING_new ())) {
+                       ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+                       return NULL;
+               }
+               if (oct) *oct = octmp;
+       } else octmp = *oct;
+               
+       if (!(octmp->length = i2d(obj, NULL))) {
+               ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
+               return NULL;
+       }
+       if (!(p = Malloc (octmp->length))) {
+               ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+               return NULL;
+       }
+       octmp->data = p;
+       i2d (obj, &p);
+       return octmp;
+}
+
diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c
new file mode 100644 (file)
index 0000000..a94d6c1
--- /dev/null
@@ -0,0 +1,116 @@
+/* p5_pbe.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1_mac.h"
+
+/* PKCS#5 password based encryption structure */
+
+/*
+ *ASN1err(ASN1_F_PBEPARAM_NEW,ASN1_R_DEOCDE_ERROR)
+ *ASN1err(ASN1_F_D2I_PBEPARAM,ASN1_R_DEOCDE_ERROR)
+ */
+
+int i2d_PBEPARAM(a, pp)
+PBEPARAM *a;
+unsigned char **pp;
+{
+       M_ASN1_I2D_vars(a);
+       M_ASN1_I2D_len (a->salt, i2d_ASN1_OCTET_STRING);
+       M_ASN1_I2D_len (a->iter, i2d_ASN1_INTEGER);
+
+       M_ASN1_I2D_seq_total ();
+
+       M_ASN1_I2D_put (a->salt, i2d_ASN1_OCTET_STRING);
+       M_ASN1_I2D_put (a->iter, i2d_ASN1_INTEGER);
+       M_ASN1_I2D_finish();
+}
+
+PBEPARAM *PBEPARAM_new()
+{
+       PBEPARAM *ret=NULL;
+       ASN1_CTX c;
+       M_ASN1_New_Malloc(ret, PBEPARAM);
+       M_ASN1_New(ret->iter,ASN1_INTEGER_new);
+       M_ASN1_New(ret->salt,ASN1_OCTET_STRING_new);
+       return (ret);
+       M_ASN1_New_Error(ASN1_F_PBEPARAM_NEW);
+}
+
+PBEPARAM *d2i_PBEPARAM(a,pp,length)
+PBEPARAM **a;
+unsigned char **pp;
+long length;
+{
+       M_ASN1_D2I_vars(a,PBEPARAM *,PBEPARAM_new);
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       M_ASN1_D2I_get (ret->salt, d2i_ASN1_OCTET_STRING);
+       M_ASN1_D2I_get (ret->iter, d2i_ASN1_INTEGER);
+       M_ASN1_D2I_Finish(a, PBEPARAM_free, ASN1_F_D2I_PBEPARAM);
+}
+
+void PBEPARAM_free (a)
+PBEPARAM *a;
+{
+       if(a==NULL) return;
+       ASN1_OCTET_STRING_free(a->salt);
+       ASN1_INTEGER_free (a->iter);
+       Free ((char *)a);
+}
diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c
new file mode 100644 (file)
index 0000000..3600094
--- /dev/null
@@ -0,0 +1,135 @@
+/* p8_pkey.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "asn1_mac.h"
+
+/*
+ *ASN1err(ASN1_F_PKCS8_PRIV_KEY_INFO_NEW,ASN1_R_DECODE_ERROR)
+ *ASN1err(ASN1_F_D2I_PKCS8_PRIV_KEY_INFO,ASN1_R_DECODE_ERROR)
+ */
+
+int i2d_PKCS8_PRIV_KEY_INFO (a,pp)
+PKCS8_PRIV_KEY_INFO *a;
+unsigned char **pp;
+{
+
+       M_ASN1_I2D_vars(a);
+
+       M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER);
+       M_ASN1_I2D_len (a->pkeyalg, i2d_X509_ALGOR);
+       M_ASN1_I2D_len (a->pkey, i2d_ASN1_TYPE);
+       M_ASN1_I2D_len_IMP_SET_opt (a->attributes, i2d_X509_ATTRIBUTE, 0);
+       
+       M_ASN1_I2D_seq_total ();
+
+       M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER);
+       M_ASN1_I2D_put (a->pkeyalg, i2d_X509_ALGOR);
+       M_ASN1_I2D_put (a->pkey, i2d_ASN1_TYPE);
+       M_ASN1_I2D_put_IMP_SET_opt (a->attributes, i2d_X509_ATTRIBUTE, 0);
+
+       M_ASN1_I2D_finish();
+}
+
+PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new()
+{
+       PKCS8_PRIV_KEY_INFO *ret=NULL;
+       ASN1_CTX c;
+       M_ASN1_New_Malloc(ret, PKCS8_PRIV_KEY_INFO);
+       M_ASN1_New (ret->version, ASN1_INTEGER_new);
+       M_ASN1_New (ret->pkeyalg, X509_ALGOR_new);
+       M_ASN1_New (ret->pkey, ASN1_TYPE_new);
+       ret->attributes = NULL;
+       ret->broken = PKCS8_OK;
+       return (ret);
+       M_ASN1_New_Error(ASN1_F_PKCS8_PRIV_KEY_INFO_NEW);
+}
+
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(a,pp,length)
+PKCS8_PRIV_KEY_INFO **a;
+unsigned char **pp;
+long length;
+{
+       M_ASN1_D2I_vars(a,PKCS8_PRIV_KEY_INFO *,PKCS8_PRIV_KEY_INFO_new);
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER);
+       M_ASN1_D2I_get (ret->pkeyalg, d2i_X509_ALGOR);
+       M_ASN1_D2I_get (ret->pkey, d2i_ASN1_TYPE);
+       M_ASN1_D2I_get_IMP_set_opt(ret->attributes, d2i_X509_ATTRIBUTE,
+                                                X509_ATTRIBUTE_free, 0);
+       if (ASN1_TYPE_get(ret->pkey) == V_ASN1_SEQUENCE) 
+                                               ret->broken = PKCS8_NO_OCTET;
+       M_ASN1_D2I_Finish(a, PKCS8_PRIV_KEY_INFO_free, ASN1_F_D2I_PKCS8_PRIV_KEY_INFO);
+}
+
+void PKCS8_PRIV_KEY_INFO_free (a)
+PKCS8_PRIV_KEY_INFO *a;
+{
+       if (a == NULL) return;
+       ASN1_INTEGER_free (a->version);
+       X509_ALGOR_free(a->pkeyalg);
+       /* Clear sensitive data */
+       if (a->pkey->value.octet_string)
+               memset (a->pkey->value.octet_string->data,
+                                0, a->pkey->value.octet_string->length);
+       ASN1_TYPE_free (a->pkey);
+       sk_pop_free (a->attributes, X509_ATTRIBUTE_free);
+       Free ((char *)a);
+}
index 89b7df5..4ed427b 100644 (file)
@@ -35,7 +35,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c \
        m_ripemd.c \
        p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
        bio_md.c bio_b64.c bio_enc.c $(ERRC).c e_null.c \
-       c_all.c evp_lib.c bio_ok.c
+       c_all.c evp_lib.c bio_ok.c evp_pkey.c evp_pbe.c
 
 LIBOBJ=        encode.o digest.o evp_enc.o evp_key.o \
        e_ecb_d.o e_cbc_d.o e_cfb_d.o e_ofb_d.o \
@@ -50,7 +50,7 @@ LIBOBJ=       encode.o digest.o evp_enc.o evp_key.o \
        m_ripemd.o \
        p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
        bio_md.o bio_b64.o bio_enc.o $(ERRC).o e_null.o \
-       c_all.o evp_lib.o bio_ok.o
+       c_all.o evp_lib.o bio_ok.o evp_pkey.o evp_pbe.o
 
 SRC= $(LIBSRC)
 
index c2470f6..367584e 100644 (file)
@@ -3,7 +3,14 @@
 /* Function codes. */
 #define EVP_F_D2I_PKEY                                  100
 #define EVP_F_EVP_DECRYPTFINAL                          101
+#define EVP_F_EVP_MD_CTX_COPY                           110
 #define EVP_F_EVP_OPENINIT                              102
+#define EVP_F_EVP_PBE_ALGOR_CIPHERINIT                  114
+#define EVP_F_EVP_PBE_ALG_ADD                           115
+#define EVP_F_EVP_PBE_CIPHERINIT                        116
+#define EVP_F_EVP_PKCS82PKEY                            111
+#define EVP_F_EVP_PKCS8_SET_BROKEN                      112
+#define EVP_F_EVP_PKEY2PKCS8                            113
 #define EVP_F_EVP_PKEY_COPY_PARAMETERS                  103
 #define EVP_F_EVP_PKEY_DECRYPT                          104
 #define EVP_F_EVP_PKEY_ENCRYPT                          105
 #define EVP_F_EVP_SIGNFINAL                             107
 #define EVP_F_EVP_VERIFYFINAL                           108
 #define EVP_F_RC2_MAGIC_TO_METH                                 109
-#define EVP_F_EVP_MD_CTX_COPY                            110
 
 /* Reason codes. */
 #define EVP_R_BAD_DECRYPT                               100
+#define EVP_R_BN_DECODE_ERROR                           112
+#define EVP_R_BN_PUBKEY_ERROR                           113
+#define EVP_R_DECODE_ERROR                              114
 #define EVP_R_DIFFERENT_KEY_TYPES                       101
+#define EVP_R_ENCODE_ERROR                              115
+#define EVP_R_EVP_PBE_CIPHERINIT_ERROR                  119
+#define EVP_R_INPUT_NOT_INITALISED                      111
 #define EVP_R_IV_TOO_LARGE                              102
+#define EVP_R_KEYGEN_FAILURE                            120
 #define EVP_R_MISSING_PARMATERS                                 103
+#define EVP_R_NO_DSA_PARAMETERS                                 116
 #define EVP_R_NO_SIGN_FUNCTION_CONFIGURED               104
 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED             105
+#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE                         117
 #define EVP_R_PUBLIC_KEY_NOT_RSA                        106
+#define EVP_R_UNKNOWN_PBE_ALGORITHM                     121
 #define EVP_R_UNSUPPORTED_CIPHER                        107
 #define EVP_R_UNSUPPORTED_KEY_SIZE                      108
+#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM                 118
 #define EVP_R_WRONG_FINAL_BLOCK_LENGTH                  109
 #define EVP_R_WRONG_PUBLIC_KEY_TYPE                     110
-#define EVP_R_INPUT_NOT_INITALISED                       111
index 3aad7d1..31ed479 100644 (file)
@@ -261,6 +261,8 @@ typedef struct env_md_st
        int ctx_size; /* how big does the ctx need to be */
        } EVP_MD;
 
+
+
 #define EVP_PKEY_NULL_method   NULL,NULL,{0,0,0,0}
 
 #ifndef NO_DSA
@@ -396,6 +398,11 @@ typedef struct evp_Encode_Ctx_st
        int expect_nl;
        } EVP_ENCODE_CTX;
 
+/* Password based encryption function */
+typedef int (EVP_PBE_KEYGEN)(unsigned char *pass, int passlen,
+         unsigned char *salt,  int saltlen, int iter, EVP_CIPHER *cipher,
+                EVP_MD *md, unsigned char *key, unsigned char *iv);
+
 #define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
                                        (char *)(rsa))
 #define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
@@ -779,7 +786,14 @@ int EVP_CIPHER_get_asn1_iv();
 /* Function codes. */
 #define EVP_F_D2I_PKEY                                  100
 #define EVP_F_EVP_DECRYPTFINAL                          101
+#define EVP_F_EVP_MD_CTX_COPY                           110
 #define EVP_F_EVP_OPENINIT                              102
+#define EVP_F_EVP_PBE_ALGOR_CIPHERINIT                  114
+#define EVP_F_EVP_PBE_ALG_ADD                           115
+#define EVP_F_EVP_PBE_CIPHERINIT                        116
+#define EVP_F_EVP_PKCS82PKEY                            111
+#define EVP_F_EVP_PKCS8_SET_BROKEN                      112
+#define EVP_F_EVP_PKEY2PKCS8                            113
 #define EVP_F_EVP_PKEY_COPY_PARAMETERS                  103
 #define EVP_F_EVP_PKEY_DECRYPT                          104
 #define EVP_F_EVP_PKEY_ENCRYPT                          105
@@ -787,21 +801,30 @@ int EVP_CIPHER_get_asn1_iv();
 #define EVP_F_EVP_SIGNFINAL                             107
 #define EVP_F_EVP_VERIFYFINAL                           108
 #define EVP_F_RC2_MAGIC_TO_METH                                 109
-#define EVP_F_EVP_MD_CTX_COPY                            110
 
 /* Reason codes. */
 #define EVP_R_BAD_DECRYPT                               100
+#define EVP_R_BN_DECODE_ERROR                           112
+#define EVP_R_BN_PUBKEY_ERROR                           113
+#define EVP_R_DECODE_ERROR                              114
 #define EVP_R_DIFFERENT_KEY_TYPES                       101
+#define EVP_R_ENCODE_ERROR                              115
+#define EVP_R_EVP_PBE_CIPHERINIT_ERROR                  119
+#define EVP_R_INPUT_NOT_INITALISED                      111
 #define EVP_R_IV_TOO_LARGE                              102
+#define EVP_R_KEYGEN_FAILURE                            120
 #define EVP_R_MISSING_PARMATERS                                 103
+#define EVP_R_NO_DSA_PARAMETERS                                 116
 #define EVP_R_NO_SIGN_FUNCTION_CONFIGURED               104
 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED             105
+#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE                         117
 #define EVP_R_PUBLIC_KEY_NOT_RSA                        106
+#define EVP_R_UNKNOWN_PBE_ALGORITHM                     121
 #define EVP_R_UNSUPPORTED_CIPHER                        107
 #define EVP_R_UNSUPPORTED_KEY_SIZE                      108
+#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM                 118
 #define EVP_R_WRONG_FINAL_BLOCK_LENGTH                  109
 #define EVP_R_WRONG_PUBLIC_KEY_TYPE                     110
-#define EVP_R_INPUT_NOT_INITALISED                       111
  
 #ifdef  __cplusplus
 }
index 19b3a18..7f8fe8d 100644 (file)
@@ -65,7 +65,14 @@ static ERR_STRING_DATA EVP_str_functs[]=
        {
 {ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"},
 {ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"},
+{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0),  "EVP_MD_CTX_copy"},
 {ERR_PACK(0,EVP_F_EVP_OPENINIT,0),     "EVP_OpenInit"},
+{ERR_PACK(0,EVP_F_EVP_PBE_ALGOR_CIPHERINIT,0), "EVP_PBE_ALGOR_CIPHERINIT"},
+{ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0),  "EVP_PBE_ALG_ADD"},
+{ERR_PACK(0,EVP_F_EVP_PBE_CIPHERINIT,0),       "EVP_PBE_CIPHERINIT"},
+{ERR_PACK(0,EVP_F_EVP_PKCS82PKEY,0),   "EVP_PKCS82PKEY"},
+{ERR_PACK(0,EVP_F_EVP_PKCS8_SET_BROKEN,0),     "EVP_PKCS8_SET_BROKEN"},
+{ERR_PACK(0,EVP_F_EVP_PKEY2PKCS8,0),   "EVP_PKEY2PKCS8"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0), "EVP_PKEY_copy_parameters"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0), "EVP_PKEY_decrypt"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0), "EVP_PKEY_encrypt"},
@@ -73,24 +80,33 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0),    "EVP_SignFinal"},
 {ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0),  "EVP_VerifyFinal"},
 {ERR_PACK(0,EVP_F_RC2_MAGIC_TO_METH,0),        "RC2_MAGIC_TO_METH"},
-{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0),  "EVP_MD_CTX_copy"},
 {0,NULL},
        };
 
 static ERR_STRING_DATA EVP_str_reasons[]=
        {
 {EVP_R_BAD_DECRYPT                       ,"bad decrypt"},
+{EVP_R_BN_DECODE_ERROR                   ,"bn decode error"},
+{EVP_R_BN_PUBKEY_ERROR                   ,"bn pubkey error"},
+{EVP_R_DECODE_ERROR                      ,"decode error"},
 {EVP_R_DIFFERENT_KEY_TYPES               ,"different key types"},
+{EVP_R_ENCODE_ERROR                      ,"encode error"},
+{EVP_R_EVP_PBE_CIPHERINIT_ERROR          ,"evp pbe cipherinit error"},
+{EVP_R_INPUT_NOT_INITALISED              ,"input not initalised"},
 {EVP_R_IV_TOO_LARGE                      ,"iv too large"},
+{EVP_R_KEYGEN_FAILURE                    ,"keygen failure"},
 {EVP_R_MISSING_PARMATERS                 ,"missing parmaters"},
+{EVP_R_NO_DSA_PARAMETERS                 ,"no dsa parameters"},
 {EVP_R_NO_SIGN_FUNCTION_CONFIGURED       ,"no sign function configured"},
 {EVP_R_NO_VERIFY_FUNCTION_CONFIGURED     ,"no verify function configured"},
+{EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE         ,"pkcs8 unknown broken type"},
 {EVP_R_PUBLIC_KEY_NOT_RSA                ,"public key not rsa"},
+{EVP_R_UNKNOWN_PBE_ALGORITHM             ,"unknown pbe algorithm"},
 {EVP_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
 {EVP_R_UNSUPPORTED_KEY_SIZE              ,"unsupported key size"},
+{EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ,"unsupported private key algorithm"},
 {EVP_R_WRONG_FINAL_BLOCK_LENGTH          ,"wrong final block length"},
 {EVP_R_WRONG_PUBLIC_KEY_TYPE             ,"wrong public key type"},
-{EVP_R_INPUT_NOT_INITALISED              ,"input not initalised"},
 {0,NULL},
        };
 
diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
new file mode 100644 (file)
index 0000000..e1ebb66
--- /dev/null
@@ -0,0 +1,176 @@
+/* p12_pbop.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "evp.h"
+#include "x509.h"
+#include "cryptlib.h"
+
+/* Password based encryption (PBE) functions */
+
+static STACK *pbe_algs;
+
+/* Setup a cipher context from a PBE algorithm */
+
+typedef struct {
+int pbe_nid;
+EVP_CIPHER *cipher;
+EVP_MD *md;
+EVP_PBE_KEYGEN *keygen;
+} EVP_PBE_CTL;
+
+int EVP_PBE_CipherInit (pbe_obj, pass, passlen, salt, saltlen, iter, ctx, en_de)
+ASN1_OBJECT *pbe_obj;
+int passlen, saltlen, iter;
+unsigned char *pass, *salt;
+EVP_CIPHER_CTX *ctx;
+int en_de;
+{
+
+       EVP_PBE_CTL *pbetmp, pbelu;
+       unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+       int i;
+       pbelu.pbe_nid = OBJ_obj2nid(pbe_obj);
+       if ((pbelu.pbe_nid != NID_undef) && pbe_algs) 
+                       i = sk_find (pbe_algs, (char *)&pbelu);
+       else i = -1;
+
+       if (i == -1) {
+               char obj_tmp[80];
+               EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
+               if (!pbe_obj) strcpy (obj_tmp, "NULL");
+               else i2t_ASN1_OBJECT(obj_tmp, 80, pbe_obj);
+               ERR_add_error_data(2, "TYPE=", obj_tmp);
+               return 0;
+       }
+       if (passlen == -1) passlen = strlen(pass);
+       pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i);
+       i = (*pbetmp->keygen)(pass, passlen, salt, saltlen, iter,
+                                        pbetmp->cipher, pbetmp->md, key, iv);
+       if (!i) {
+               EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE);
+               return 0;
+       }
+       EVP_CipherInit (ctx, pbetmp->cipher, key, iv, en_de);
+       return 1;       
+}
+
+/* Setup a PBE algorithm but take most parameters from AlgorithmIdentifier */
+
+int EVP_PBE_ALGOR_CipherInit (algor, pass, passlen, ctx, en_de)
+X509_ALGOR *algor;
+unsigned char *pass;
+int passlen;
+EVP_CIPHER_CTX *ctx;
+int en_de;
+{
+       PBEPARAM *pbe;
+       int saltlen, iter;
+       unsigned char *salt, *pbuf;
+
+       /* Extract useful info from algor */
+       pbuf = (char *) algor->parameter->value.sequence->data;
+       if (!(pbe = d2i_PBEPARAM (NULL, &pbuf,
+                        algor->parameter->value.sequence->length))) {
+               EVPerr(EVP_F_EVP_PBE_ALGOR_CIPHERINIT,EVP_R_DECODE_ERROR);
+               return 0;
+       }
+
+       if (!pbe->iter) iter = 1;
+       else iter = ASN1_INTEGER_get (pbe->iter);
+       salt = pbe->salt->data;
+       saltlen = pbe->salt->length;
+
+       if (!(EVP_PBE_CipherInit (algor->algorithm, pass, passlen, salt,
+                                               saltlen, iter, ctx, en_de))) {
+               EVPerr(EVP_F_EVP_PBE_ALGOR_CIPHERINIT,EVP_R_EVP_PBE_CIPHERINIT_ERROR);
+               PBEPARAM_free(pbe);
+               return 0;
+       }
+       PBEPARAM_free(pbe);
+       return 1;
+}
+
+
+static int pbe_cmp (pbe1, pbe2)
+EVP_PBE_CTL **pbe1, **pbe2;
+{
+       return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid);
+}
+
+/* Add a PBE algorithm */
+
+int EVP_PBE_alg_add (nid, cipher, md, keygen)
+int nid;
+EVP_CIPHER *cipher;
+EVP_MD *md;
+EVP_PBE_KEYGEN *keygen;
+{
+       EVP_PBE_CTL *pbe_tmp;
+       if (!pbe_algs) pbe_algs = sk_new (pbe_cmp);
+       if (!(pbe_tmp = (EVP_PBE_CTL*) Malloc (sizeof(EVP_PBE_CTL)))) {
+               EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
+               return 0;
+       }
+       pbe_tmp->pbe_nid = nid;
+       pbe_tmp->cipher = cipher;
+       pbe_tmp->md = md;
+       pbe_tmp->keygen = keygen;
+       sk_push (pbe_algs, (char *)pbe_tmp);
+       return 1;
+}
diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
new file mode 100644 (file)
index 0000000..0046d8e
--- /dev/null
@@ -0,0 +1,291 @@
+/* evp_pkey.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include "x509.h"
+#include "rand.h"
+
+/* Extract a private key from a PKCS8 structure */
+
+EVP_PKEY *EVP_PKCS82PKEY (p8)
+PKCS8_PRIV_KEY_INFO *p8;
+{
+       EVP_PKEY *pkey;
+       RSA *rsa;
+       DSA *dsa;
+       ASN1_INTEGER *dsapriv;
+       X509_ALGOR *a;
+       STACK *ndsa;
+       BN_CTX *ctx;
+       unsigned char *p;
+       int plen, pkeylen;
+       char obj_tmp[80];
+
+       switch (p8->broken) {
+               case PKCS8_OK:
+               p = p8->pkey->value.octet_string->data;
+               pkeylen = p8->pkey->value.octet_string->length;
+               break;
+
+               case PKCS8_NO_OCTET:
+               p = p8->pkey->value.sequence->data;
+               pkeylen = p8->pkey->value.sequence->length;
+               break;
+
+               default:
+               EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
+               return NULL;
+               break;
+       }
+       if (!(pkey = EVP_PKEY_new())) {
+               EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
+               return NULL;
+       }
+       a = p8->pkeyalg;
+       switch (OBJ_obj2nid(a->algorithm))
+       {
+               case NID_rsaEncryption:
+               if (!(rsa = d2i_RSAPrivateKey (NULL, &p, pkeylen))) {
+                       EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                       return NULL;
+               }
+               EVP_PKEY_assign_RSA (pkey, rsa);
+               break;
+               
+               case NID_dsa:
+               /* PKCS#8 DSA is weird: you just get a private key integer
+                * and parameters in the AlgorithmIdentifier the pubkey must
+                * be recalculated.
+                */
+       
+               /* Check for broken Netscape Database DSA PKCS#8, UGH! */
+               if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
+                   if(!(ndsa = ASN1_seq_unpack(p, pkeylen, 
+                                       (char *(*)())d2i_ASN1_INTEGER,
+                                                        ASN1_STRING_free))) {
+                       EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                       return NULL;
+                   }
+                   if(sk_num(ndsa) != 2 ) {
+                       EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                       sk_pop_free(ndsa, ASN1_STRING_free);
+                       return NULL;
+                   }
+                   dsapriv = (ASN1_INTEGER *) sk_pop(ndsa);
+                   sk_pop_free(ndsa, ASN1_STRING_free);
+               } else if (!(dsapriv=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
+                       EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                       return NULL;
+               }
+               /* Retrieve parameters */
+               if (a->parameter->type != V_ASN1_SEQUENCE) {
+                       EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_NO_DSA_PARAMETERS);
+                       return NULL;
+               }
+               p = a->parameter->value.sequence->data;
+               plen = a->parameter->value.sequence->length;
+               if (!(dsa = d2i_DSAparams (NULL, &p, plen))) {
+                       EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                       return NULL;
+               }
+               /* We have parameters now set private key */
+               if (!(dsa->priv_key = ASN1_INTEGER_to_BN(dsapriv, NULL))) {
+                       EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
+                       DSA_free (dsa);
+                       return NULL;
+               }
+               /* Calculate public key (ouch!) */
+               if (!(dsa->pub_key = BN_new())) {
+                       EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
+                       DSA_free (dsa);
+                       return NULL;
+               }
+               if (!(ctx = BN_CTX_new())) {
+                       EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
+                       DSA_free (dsa);
+                       return NULL;
+               }
+                       
+               if (!BN_mod_exp(dsa->pub_key, dsa->g,
+                                                dsa->priv_key, dsa->p, ctx)) {
+                       
+                       EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
+                       BN_CTX_free (ctx);
+                       DSA_free (dsa);
+                       return NULL;
+               }
+
+               EVP_PKEY_assign_DSA (pkey, dsa);
+               BN_CTX_free (ctx);
+               break;
+
+               default:
+               EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+               if (!a->algorithm) strcpy (obj_tmp, "NULL");
+               else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
+               ERR_add_error_data(2, "TYPE=", obj_tmp);
+               EVP_PKEY_free (pkey);
+               return NULL;
+       }
+       return pkey;
+}
+
+/* Turn a private key into a PKCS8 structure */
+
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(pkey)
+EVP_PKEY *pkey;
+{
+       PKCS8_PRIV_KEY_INFO *p8;
+       ASN1_INTEGER *dpkey;
+       unsigned char *p, *q;
+       int len;
+       if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {        
+               EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+               return NULL;
+       }
+       ASN1_INTEGER_set (p8->version, 0);
+       if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
+               EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+               PKCS8_PRIV_KEY_INFO_free (p8);
+               return NULL;
+       }
+       switch (EVP_PKEY_type(pkey->type)) {
+               case EVP_PKEY_RSA:
+
+               p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
+               p8->pkeyalg->parameter->type = V_ASN1_NULL;
+               if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,
+                                        &p8->pkey->value.octet_string)) {
+                       EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                       PKCS8_PRIV_KEY_INFO_free (p8);
+                       return NULL;
+               }
+               break;
+
+               case EVP_PKEY_DSA:
+               p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
+
+               /* get paramaters and place in AlgorithmIdentifier */
+               len = i2d_DSAparams (pkey->pkey.dsa, NULL);
+               if (!(p = Malloc(len))) {
+                       EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                       PKCS8_PRIV_KEY_INFO_free (p8);
+                       return NULL;
+               }
+               q = p;
+               i2d_DSAparams (pkey->pkey.dsa, &q);
+               p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
+               p8->pkeyalg->parameter->value.sequence = ASN1_STRING_new();
+               ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, len);
+               Free(p);
+               /* Get private key into an integer and pack */
+               if (!(dpkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
+                       EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
+                       PKCS8_PRIV_KEY_INFO_free (p8);
+                       return NULL;
+               }
+               
+               if (!ASN1_pack_string((char *)dpkey, i2d_ASN1_INTEGER,
+                                        &p8->pkey->value.octet_string)) {
+                       EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                       ASN1_INTEGER_free (dpkey);
+                       PKCS8_PRIV_KEY_INFO_free (p8);
+                       return NULL;
+               }
+               ASN1_INTEGER_free (dpkey);
+               break;
+
+               default:
+               EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+               PKCS8_PRIV_KEY_INFO_free (p8);
+               return NULL;
+       }
+       p8->pkey->type = V_ASN1_OCTET_STRING;
+       RAND_seed (p8->pkey->value.octet_string->data,
+                                        p8->pkey->value.octet_string->length);
+       return p8;
+}
+
+PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(p8, broken)
+PKCS8_PRIV_KEY_INFO *p8;
+int broken;
+{
+       switch (broken) {
+
+               case PKCS8_OK:
+               p8->broken = PKCS8_OK;
+               return p8;
+               break;
+
+               case PKCS8_NO_OCTET:
+               p8->broken = PKCS8_NO_OCTET;
+               p8->pkey->type = V_ASN1_SEQUENCE;
+               return p8;
+               break;
+
+               default:
+               EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
+               return NULL;
+               break;
+               
+       }
+}
+
+
index 8c084db..c4677be 100644 (file)
@@ -337,6 +337,26 @@ typedef struct CBCParameter_st
        unsigned char iv[8];
        } CBC_PARAM;
 
+/* Password based encryption structure */
+
+typedef struct PBEPARAM_st {
+ASN1_OCTET_STRING *salt;
+ASN1_INTEGER *iter;
+} PBEPARAM;
+
+/* PKCS#8 private key info structure */
+
+typedef struct pkcs8_priv_key_info_st
+        {
+        int broken;     /* Flag for various broken formats */
+#define PKCS8_OK        0
+#define PKCS8_NO_OCTET  1
+        ASN1_INTEGER *version;
+        X509_ALGOR *pkeyalg;
+        ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
+        STACK *attributes;
+        } PKCS8_PRIV_KEY_INFO;
+
 #include "x509_vfy.h"
 #include "pkcs7.h"
 
@@ -839,6 +859,30 @@ X509 *X509_find_by_issuer_and_serial(STACK *sk,X509_NAME *name,
                 ASN1_INTEGER *serial);
 X509 *X509_find_by_subject(STACK *sk,X509_NAME *name);
 
+int i2d_PBEPARAM(PBEPARAM *a, unsigned char **pp);
+PBEPARAM *PBEPARAM_new(void);
+PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, unsigned char **pp, long length);
+void PBEPARAM_free(PBEPARAM *a);
+
+/* PKCS#8 utilities */
+
+int i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **pp);
+PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a,
+                                        unsigned char **pp, long length);
+void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a);
+
+EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
+PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
+
+/* Password based encryption routines */
+
+int EVP_PBE_ALGOR_CipherInit(X509_ALGOR *algor, unsigned char *pass,
+                                int passlen, EVP_CIPHER_CTX *ctx, int en_de);
+int EVP_PBE_alg_add(int nid, EVP_CIPHER *cipher, EVP_MD *md,
+                                                EVP_PBE_KEYGEN *keygen);
+
 #else
 
 #ifndef SSLEAY_MACROS
@@ -1138,6 +1182,23 @@ char *          X509_verify_cert_error_string();
 X509 *X509_find_by_issuer_and_serial();
 X509 *X509_find_by_subject();
 
+int i2d_PBEPARAM();
+PBEPARAM *PBEPARAM_new();
+PBEPARAM *d2i_PBEPARAM();
+void PBEPARAM_free();
+
+int i2d_PKCS8_PRIV_KEY_INFO();
+PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new();
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO();
+void PKCS8_PRIV_KEY_INFO_free();
+
+EVP_PKEY *EVP_PKCS82PKEY();
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8();
+PKCS8_PRIV_KEY_INFO *PKCS8_set_broken();
+
+int EVP_PBE_ALGOR_CipherInit();
+int EVP_PBE_alg_add();
+
 #endif
 
 /* BEGIN ERROR CODES */