1 /* $OpenBSD: evp_pbe.c,v 1.42 2024/02/18 15:45:42 tb Exp $ */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 1999. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <stdio.h> 60 #include <string.h> 61 62 #include <openssl/asn1.h> 63 #include <openssl/err.h> 64 #include <openssl/evp.h> 65 #include <openssl/hmac.h> 66 #include <openssl/objects.h> 67 #include <openssl/pkcs12.h> 68 #include <openssl/x509.h> 69 70 #include "evp_local.h" 71 #include "hmac_local.h" 72 73 /* Password based encryption (PBE) functions */ 74 75 static const struct pbe_config { 76 int pbe_nid; 77 int cipher_nid; 78 int md_nid; 79 EVP_PBE_KEYGEN *keygen; 80 } pbe_outer[] = { 81 { 82 .pbe_nid = NID_pbeWithMD2AndDES_CBC, 83 .cipher_nid = NID_des_cbc, 84 .md_nid = NID_md2, 85 .keygen = PKCS5_PBE_keyivgen, 86 }, 87 { 88 .pbe_nid = NID_pbeWithMD5AndDES_CBC, 89 .cipher_nid = NID_des_cbc, 90 .md_nid = NID_md5, 91 .keygen = PKCS5_PBE_keyivgen, 92 }, 93 { 94 .pbe_nid = NID_pbeWithSHA1AndRC2_CBC, 95 .cipher_nid = NID_rc2_64_cbc, 96 .md_nid = NID_sha1, 97 .keygen = PKCS5_PBE_keyivgen, 98 }, 99 { 100 .pbe_nid = NID_id_pbkdf2, 101 .cipher_nid = -1, 102 .md_nid = -1, 103 .keygen = PKCS5_v2_PBKDF2_keyivgen, 104 }, 105 { 106 .pbe_nid = NID_pbe_WithSHA1And128BitRC4, 107 .cipher_nid = NID_rc4, 108 .md_nid = NID_sha1, 109 .keygen = PKCS12_PBE_keyivgen, 110 }, 111 { 112 .pbe_nid = NID_pbe_WithSHA1And40BitRC4, 113 .cipher_nid = NID_rc4_40, 114 .md_nid = NID_sha1, 115 .keygen = PKCS12_PBE_keyivgen, 116 }, 117 { 118 .pbe_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 119 .cipher_nid = NID_des_ede3_cbc, 120 .md_nid = NID_sha1, 121 .keygen = PKCS12_PBE_keyivgen, 122 }, 123 { 124 .pbe_nid = NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 125 .cipher_nid = NID_des_ede_cbc, 126 .md_nid = NID_sha1, 127 .keygen = PKCS12_PBE_keyivgen, 128 }, 129 { 130 .pbe_nid = NID_pbe_WithSHA1And128BitRC2_CBC, 131 .cipher_nid = NID_rc2_cbc, 132 .md_nid = NID_sha1, 133 .keygen = PKCS12_PBE_keyivgen, 134 }, 135 { 136 .pbe_nid = NID_pbe_WithSHA1And40BitRC2_CBC, 137 .cipher_nid = NID_rc2_40_cbc, 138 .md_nid = NID_sha1, 139 .keygen = PKCS12_PBE_keyivgen, 140 }, 141 { 142 .pbe_nid = NID_pbes2, 143 .cipher_nid = -1, 144 .md_nid = -1, 145 .keygen = PKCS5_v2_PBE_keyivgen, 146 }, 147 { 148 .pbe_nid = NID_pbeWithMD2AndRC2_CBC, 149 .cipher_nid = NID_rc2_64_cbc, 150 .md_nid = NID_md2, 151 .keygen = PKCS5_PBE_keyivgen, 152 }, 153 { 154 .pbe_nid = NID_pbeWithMD5AndRC2_CBC, 155 .cipher_nid = NID_rc2_64_cbc, 156 .md_nid = NID_md5, 157 .keygen = PKCS5_PBE_keyivgen, 158 }, 159 { 160 .pbe_nid = NID_pbeWithSHA1AndDES_CBC, 161 .cipher_nid = NID_des_cbc, 162 .md_nid = NID_sha1, 163 .keygen = PKCS5_PBE_keyivgen, 164 }, 165 }; 166 167 #define N_PBE_OUTER (sizeof(pbe_outer) / sizeof(pbe_outer[0])) 168 169 int 170 EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, 171 ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) 172 { 173 const struct pbe_config *cfg = NULL; 174 const EVP_CIPHER *cipher = NULL; 175 const EVP_MD *md = NULL; 176 int pbe_nid; 177 size_t i; 178 179 if ((pbe_nid = OBJ_obj2nid(pbe_obj)) == NID_undef) { 180 EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM); 181 return 0; 182 } 183 184 for (i = 0; i < N_PBE_OUTER; i++) { 185 if (pbe_nid == pbe_outer[i].pbe_nid) { 186 cfg = &pbe_outer[i]; 187 break; 188 } 189 } 190 if (cfg == NULL) { 191 EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM); 192 ERR_asprintf_error_data("NID=%d", pbe_nid); 193 return 0; 194 } 195 196 if (pass == NULL) 197 passlen = 0; 198 if (passlen == -1) 199 passlen = strlen(pass); 200 201 if (cfg->cipher_nid != -1) { 202 if ((cipher = EVP_get_cipherbynid(cfg->cipher_nid)) == NULL) { 203 EVPerror(EVP_R_UNKNOWN_CIPHER); 204 return 0; 205 } 206 } 207 if (cfg->md_nid != -1) { 208 if ((md = EVP_get_digestbynid(cfg->md_nid)) == NULL) { 209 EVPerror(EVP_R_UNKNOWN_DIGEST); 210 return 0; 211 } 212 } 213 214 if (!cfg->keygen(ctx, pass, passlen, param, cipher, md, en_de)) { 215 EVPerror(EVP_R_KEYGEN_FAILURE); 216 return 0; 217 } 218 219 return 1; 220 } 221 222 int 223 PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, 224 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) 225 { 226 EVP_MD_CTX ctx; 227 unsigned char md_tmp[EVP_MAX_MD_SIZE]; 228 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; 229 int i; 230 PBEPARAM *pbe; 231 int saltlen, iter; 232 unsigned char *salt; 233 const unsigned char *pbuf; 234 int mdsize; 235 int ret = 0; 236 237 /* Extract useful info from parameter */ 238 if (param == NULL || param->type != V_ASN1_SEQUENCE || 239 param->value.sequence == NULL) { 240 EVPerror(EVP_R_DECODE_ERROR); 241 return 0; 242 } 243 244 mdsize = EVP_MD_size(md); 245 if (mdsize < 0) 246 return 0; 247 248 pbuf = param->value.sequence->data; 249 if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { 250 EVPerror(EVP_R_DECODE_ERROR); 251 return 0; 252 } 253 254 if (!pbe->iter) 255 iter = 1; 256 else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) { 257 EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); 258 PBEPARAM_free(pbe); 259 return 0; 260 } 261 salt = pbe->salt->data; 262 saltlen = pbe->salt->length; 263 264 if (!pass) 265 passlen = 0; 266 else if (passlen == -1) 267 passlen = strlen(pass); 268 269 EVP_MD_CTX_legacy_clear(&ctx); 270 271 if (!EVP_DigestInit_ex(&ctx, md, NULL)) 272 goto err; 273 if (!EVP_DigestUpdate(&ctx, pass, passlen)) 274 goto err; 275 if (!EVP_DigestUpdate(&ctx, salt, saltlen)) 276 goto err; 277 if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) 278 goto err; 279 for (i = 1; i < iter; i++) { 280 if (!EVP_DigestInit_ex(&ctx, md, NULL)) 281 goto err; 282 if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize)) 283 goto err; 284 if (!EVP_DigestFinal_ex (&ctx, md_tmp, NULL)) 285 goto err; 286 } 287 if ((size_t)EVP_CIPHER_key_length(cipher) > sizeof(md_tmp)) { 288 EVPerror(EVP_R_BAD_KEY_LENGTH); 289 goto err; 290 } 291 memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); 292 if ((size_t)EVP_CIPHER_iv_length(cipher) > 16) { 293 EVPerror(EVP_R_IV_TOO_LARGE); 294 goto err; 295 } 296 memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), 297 EVP_CIPHER_iv_length(cipher)); 298 if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) 299 goto err; 300 explicit_bzero(md_tmp, EVP_MAX_MD_SIZE); 301 explicit_bzero(key, EVP_MAX_KEY_LENGTH); 302 explicit_bzero(iv, EVP_MAX_IV_LENGTH); 303 304 ret = 1; 305 306 err: 307 EVP_MD_CTX_cleanup(&ctx); 308 PBEPARAM_free(pbe); 309 310 return ret; 311 } 312 313 /* 314 * PKCS#5 v2.0 password based encryption key derivation function PBKDF2. 315 */ 316 317 int 318 PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, 319 int saltlen, int iter, const EVP_MD *digest, int keylen, unsigned char *out) 320 { 321 unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; 322 int cplen, j, k, tkeylen, mdlen; 323 unsigned long i = 1; 324 HMAC_CTX hctx_tpl, hctx; 325 326 mdlen = EVP_MD_size(digest); 327 if (mdlen < 0) 328 return 0; 329 330 HMAC_CTX_init(&hctx_tpl); 331 p = out; 332 tkeylen = keylen; 333 if (!pass) 334 passlen = 0; 335 else if (passlen == -1) 336 passlen = strlen(pass); 337 if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) { 338 HMAC_CTX_cleanup(&hctx_tpl); 339 return 0; 340 } 341 while (tkeylen) { 342 if (tkeylen > mdlen) 343 cplen = mdlen; 344 else 345 cplen = tkeylen; 346 /* 347 * We are unlikely to ever use more than 256 blocks (5120 bits!) 348 * but just in case... 349 */ 350 itmp[0] = (unsigned char)((i >> 24) & 0xff); 351 itmp[1] = (unsigned char)((i >> 16) & 0xff); 352 itmp[2] = (unsigned char)((i >> 8) & 0xff); 353 itmp[3] = (unsigned char)(i & 0xff); 354 if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { 355 HMAC_CTX_cleanup(&hctx_tpl); 356 return 0; 357 } 358 if (!HMAC_Update(&hctx, salt, saltlen) || 359 !HMAC_Update(&hctx, itmp, 4) || 360 !HMAC_Final(&hctx, digtmp, NULL)) { 361 HMAC_CTX_cleanup(&hctx_tpl); 362 HMAC_CTX_cleanup(&hctx); 363 return 0; 364 } 365 HMAC_CTX_cleanup(&hctx); 366 memcpy(p, digtmp, cplen); 367 for (j = 1; j < iter; j++) { 368 if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { 369 HMAC_CTX_cleanup(&hctx_tpl); 370 return 0; 371 } 372 if (!HMAC_Update(&hctx, digtmp, mdlen) || 373 !HMAC_Final(&hctx, digtmp, NULL)) { 374 HMAC_CTX_cleanup(&hctx_tpl); 375 HMAC_CTX_cleanup(&hctx); 376 return 0; 377 } 378 HMAC_CTX_cleanup(&hctx); 379 for (k = 0; k < cplen; k++) 380 p[k] ^= digtmp[k]; 381 } 382 tkeylen -= cplen; 383 i++; 384 p += cplen; 385 } 386 HMAC_CTX_cleanup(&hctx_tpl); 387 return 1; 388 } 389 390 int 391 PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, const unsigned char *salt, 392 int saltlen, int iter, int keylen, unsigned char *out) 393 { 394 return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, 395 EVP_sha1(), keylen, out); 396 } 397 398 /* 399 * Now the key derivation function itself. This is a bit evil because 400 * it has to check the ASN1 parameters are valid: and there are quite a 401 * few of them... 402 */ 403 404 int 405 PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 406 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) 407 { 408 const unsigned char *pbuf; 409 int plen; 410 PBE2PARAM *pbe2 = NULL; 411 const EVP_CIPHER *cipher; 412 int ret = 0; 413 414 if (param == NULL || param->type != V_ASN1_SEQUENCE || 415 param->value.sequence == NULL) { 416 EVPerror(EVP_R_DECODE_ERROR); 417 goto err; 418 } 419 420 pbuf = param->value.sequence->data; 421 plen = param->value.sequence->length; 422 if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { 423 EVPerror(EVP_R_DECODE_ERROR); 424 goto err; 425 } 426 427 /* See if we recognise the key derivation function */ 428 429 if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) { 430 EVPerror(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); 431 goto err; 432 } 433 434 /* Let's see if we recognise the encryption algorithm. */ 435 cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm); 436 if (!cipher) { 437 EVPerror(EVP_R_UNSUPPORTED_CIPHER); 438 goto err; 439 } 440 441 /* Fixup cipher based on AlgorithmIdentifier */ 442 if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de)) 443 goto err; 444 if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { 445 EVPerror(EVP_R_CIPHER_PARAMETER_ERROR); 446 goto err; 447 } 448 449 ret = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen, 450 pbe2->keyfunc->parameter, c, md, en_de); 451 452 err: 453 PBE2PARAM_free(pbe2); 454 455 return ret; 456 } 457 458 static int 459 md_nid_from_prf_nid(int nid) 460 { 461 switch (nid) { 462 case NID_hmacWithMD5: 463 return NID_md5; 464 case NID_hmacWithSHA1: 465 return NID_sha1; 466 case NID_hmacWithSHA224: 467 return NID_sha224; 468 case NID_hmacWithSHA256: 469 return NID_sha256; 470 case NID_hmacWithSHA384: 471 return NID_sha384; 472 case NID_hmacWithSHA512: 473 return NID_sha512; 474 case NID_hmacWithSHA512_224: 475 return NID_sha512_224; 476 case NID_hmacWithSHA512_256: 477 return NID_sha512_256; 478 case NID_hmac_sha3_224: 479 return NID_sha3_224; 480 case NID_hmac_sha3_256: 481 return NID_sha3_256; 482 case NID_hmac_sha3_384: 483 return NID_sha3_384; 484 case NID_hmac_sha3_512: 485 return NID_sha3_512; 486 #ifndef OPENSSL_NO_GOST 487 case NID_id_HMACGostR3411_94: 488 return NID_id_GostR3411_94; 489 case NID_id_tc26_hmac_gost_3411_12_256: 490 return NID_id_tc26_gost3411_2012_256; 491 case NID_id_tc26_hmac_gost_3411_12_512: 492 return NID_id_tc26_gost3411_2012_512; 493 #endif 494 default: 495 return NID_undef; 496 } 497 } 498 499 int 500 PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 501 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) 502 { 503 unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; 504 const unsigned char *pbuf; 505 int saltlen, iter, plen; 506 unsigned int keylen = 0; 507 int prf_nid, hmac_md_nid; 508 PBKDF2PARAM *kdf = NULL; 509 const EVP_MD *prfmd; 510 int ret = 0; 511 512 if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { 513 EVPerror(EVP_R_NO_CIPHER_SET); 514 return 0; 515 } 516 keylen = EVP_CIPHER_CTX_key_length(ctx); 517 if (keylen > sizeof key) { 518 EVPerror(EVP_R_BAD_KEY_LENGTH); 519 return 0; 520 } 521 522 /* Decode parameter */ 523 524 if (!param || (param->type != V_ASN1_SEQUENCE)) { 525 EVPerror(EVP_R_DECODE_ERROR); 526 return 0; 527 } 528 529 pbuf = param->value.sequence->data; 530 plen = param->value.sequence->length; 531 532 if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { 533 EVPerror(EVP_R_DECODE_ERROR); 534 return 0; 535 } 536 537 /* Now check the parameters of the kdf */ 538 539 if (kdf->keylength && 540 (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ 541 EVPerror(EVP_R_UNSUPPORTED_KEYLENGTH); 542 goto err; 543 } 544 545 if (kdf->prf) 546 prf_nid = OBJ_obj2nid(kdf->prf->algorithm); 547 else 548 prf_nid = NID_hmacWithSHA1; 549 550 if ((hmac_md_nid = md_nid_from_prf_nid(prf_nid)) == NID_undef) { 551 EVPerror(EVP_R_UNSUPPORTED_PRF); 552 goto err; 553 } 554 555 prfmd = EVP_get_digestbynid(hmac_md_nid); 556 if (prfmd == NULL) { 557 EVPerror(EVP_R_UNSUPPORTED_PRF); 558 goto err; 559 } 560 561 if (kdf->salt->type != V_ASN1_OCTET_STRING) { 562 EVPerror(EVP_R_UNSUPPORTED_SALT_TYPE); 563 goto err; 564 } 565 566 /* it seems that its all OK */ 567 salt = kdf->salt->value.octet_string->data; 568 saltlen = kdf->salt->value.octet_string->length; 569 if ((iter = ASN1_INTEGER_get(kdf->iter)) <= 0) { 570 EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); 571 goto err; 572 } 573 if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd, 574 keylen, key)) 575 goto err; 576 577 ret = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); 578 579 err: 580 explicit_bzero(key, keylen); 581 PBKDF2PARAM_free(kdf); 582 583 return ret; 584 } 585 586 void 587 PKCS12_PBE_add(void) 588 { 589 } 590 LCRYPTO_ALIAS(PKCS12_PBE_add); 591 592 int 593 PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 594 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) 595 { 596 PBEPARAM *pbe; 597 int saltlen, iter, ret; 598 unsigned char *salt; 599 const unsigned char *pbuf; 600 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; 601 602 /* Extract useful info from parameter */ 603 if (param == NULL || param->type != V_ASN1_SEQUENCE || 604 param->value.sequence == NULL) { 605 PKCS12error(PKCS12_R_DECODE_ERROR); 606 return 0; 607 } 608 609 pbuf = param->value.sequence->data; 610 if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { 611 PKCS12error(PKCS12_R_DECODE_ERROR); 612 return 0; 613 } 614 615 if (!pbe->iter) 616 iter = 1; 617 else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) { 618 PKCS12error(PKCS12_R_DECODE_ERROR); 619 PBEPARAM_free(pbe); 620 return 0; 621 } 622 salt = pbe->salt->data; 623 saltlen = pbe->salt->length; 624 if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID, 625 iter, EVP_CIPHER_key_length(cipher), key, md)) { 626 PKCS12error(PKCS12_R_KEY_GEN_ERROR); 627 PBEPARAM_free(pbe); 628 return 0; 629 } 630 if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID, 631 iter, EVP_CIPHER_iv_length(cipher), iv, md)) { 632 PKCS12error(PKCS12_R_IV_GEN_ERROR); 633 PBEPARAM_free(pbe); 634 return 0; 635 } 636 PBEPARAM_free(pbe); 637 ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); 638 explicit_bzero(key, EVP_MAX_KEY_LENGTH); 639 explicit_bzero(iv, EVP_MAX_IV_LENGTH); 640 return ret; 641 } 642 LCRYPTO_ALIAS(PKCS12_PBE_keyivgen); 643 644 /* 645 * XXX - remove the functions below in the next major bump 646 */ 647 648 int 649 EVP_PBE_find(int type, int pbe_nid, int *out_cipher_nid, int *out_md_nid, 650 EVP_PBE_KEYGEN **out_keygen) 651 { 652 EVPerror(ERR_R_DISABLED); 653 return 0; 654 } 655 656 int 657 EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid, 658 EVP_PBE_KEYGEN *keygen) 659 { 660 EVPerror(ERR_R_DISABLED); 661 return 0; 662 } 663 664 int 665 EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, 666 EVP_PBE_KEYGEN *keygen) 667 { 668 EVPerror(ERR_R_DISABLED); 669 return 0; 670 } 671 672 void 673 EVP_PBE_cleanup(void) 674 { 675 } 676 677 void 678 PKCS5_PBE_add(void) 679 { 680 } 681