1 /* $OpenBSD: evp_pbe.c,v 1.50 2024/04/09 13:52:41 beck Exp $ */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 1999. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <stdio.h> 60 #include <string.h> 61 62 #include <openssl/asn1.h> 63 #include <openssl/err.h> 64 #include <openssl/evp.h> 65 #include <openssl/hmac.h> 66 #include <openssl/objects.h> 67 #include <openssl/pkcs12.h> 68 #include <openssl/x509.h> 69 70 #include "evp_local.h" 71 #include "hmac_local.h" 72 #include "pkcs12_local.h" 73 #include "x509_local.h" 74 75 /* Password based encryption (PBE) functions */ 76 int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 77 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); 78 int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 79 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de); 80 int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 81 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type, 82 int en_de); 83 int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 84 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de); 85 86 static const struct pbe_config { 87 int pbe_nid; 88 int cipher_nid; 89 int md_nid; 90 EVP_PBE_KEYGEN *keygen; 91 } pbe_outer[] = { 92 { 93 .pbe_nid = NID_pbeWithMD2AndDES_CBC, 94 .cipher_nid = NID_des_cbc, 95 .md_nid = NID_md2, 96 .keygen = PKCS5_PBE_keyivgen, 97 }, 98 { 99 .pbe_nid = NID_pbeWithMD5AndDES_CBC, 100 .cipher_nid = NID_des_cbc, 101 .md_nid = NID_md5, 102 .keygen = PKCS5_PBE_keyivgen, 103 }, 104 { 105 .pbe_nid = NID_pbeWithSHA1AndRC2_CBC, 106 .cipher_nid = NID_rc2_64_cbc, 107 .md_nid = NID_sha1, 108 .keygen = PKCS5_PBE_keyivgen, 109 }, 110 { 111 .pbe_nid = NID_id_pbkdf2, 112 .cipher_nid = -1, 113 .md_nid = -1, 114 .keygen = PKCS5_v2_PBKDF2_keyivgen, 115 }, 116 { 117 .pbe_nid = NID_pbe_WithSHA1And128BitRC4, 118 .cipher_nid = NID_rc4, 119 .md_nid = NID_sha1, 120 .keygen = PKCS12_PBE_keyivgen, 121 }, 122 { 123 .pbe_nid = NID_pbe_WithSHA1And40BitRC4, 124 .cipher_nid = NID_rc4_40, 125 .md_nid = NID_sha1, 126 .keygen = PKCS12_PBE_keyivgen, 127 }, 128 { 129 .pbe_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 130 .cipher_nid = NID_des_ede3_cbc, 131 .md_nid = NID_sha1, 132 .keygen = PKCS12_PBE_keyivgen, 133 }, 134 { 135 .pbe_nid = NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 136 .cipher_nid = NID_des_ede_cbc, 137 .md_nid = NID_sha1, 138 .keygen = PKCS12_PBE_keyivgen, 139 }, 140 { 141 .pbe_nid = NID_pbe_WithSHA1And128BitRC2_CBC, 142 .cipher_nid = NID_rc2_cbc, 143 .md_nid = NID_sha1, 144 .keygen = PKCS12_PBE_keyivgen, 145 }, 146 { 147 .pbe_nid = NID_pbe_WithSHA1And40BitRC2_CBC, 148 .cipher_nid = NID_rc2_40_cbc, 149 .md_nid = NID_sha1, 150 .keygen = PKCS12_PBE_keyivgen, 151 }, 152 { 153 .pbe_nid = NID_pbes2, 154 .cipher_nid = -1, 155 .md_nid = -1, 156 .keygen = PKCS5_v2_PBE_keyivgen, 157 }, 158 { 159 .pbe_nid = NID_pbeWithMD2AndRC2_CBC, 160 .cipher_nid = NID_rc2_64_cbc, 161 .md_nid = NID_md2, 162 .keygen = PKCS5_PBE_keyivgen, 163 }, 164 { 165 .pbe_nid = NID_pbeWithMD5AndRC2_CBC, 166 .cipher_nid = NID_rc2_64_cbc, 167 .md_nid = NID_md5, 168 .keygen = PKCS5_PBE_keyivgen, 169 }, 170 { 171 .pbe_nid = NID_pbeWithSHA1AndDES_CBC, 172 .cipher_nid = NID_des_cbc, 173 .md_nid = NID_sha1, 174 .keygen = PKCS5_PBE_keyivgen, 175 }, 176 }; 177 178 #define N_PBE_OUTER (sizeof(pbe_outer) / sizeof(pbe_outer[0])) 179 180 int 181 EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, 182 ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) 183 { 184 const struct pbe_config *cfg = NULL; 185 const EVP_CIPHER *cipher = NULL; 186 const EVP_MD *md = NULL; 187 int pbe_nid; 188 size_t i; 189 190 if ((pbe_nid = OBJ_obj2nid(pbe_obj)) == NID_undef) { 191 EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM); 192 return 0; 193 } 194 195 for (i = 0; i < N_PBE_OUTER; i++) { 196 if (pbe_nid == pbe_outer[i].pbe_nid) { 197 cfg = &pbe_outer[i]; 198 break; 199 } 200 } 201 if (cfg == NULL) { 202 EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM); 203 ERR_asprintf_error_data("NID=%d", pbe_nid); 204 return 0; 205 } 206 207 if (pass == NULL) 208 passlen = 0; 209 if (passlen == -1) 210 passlen = strlen(pass); 211 212 if (cfg->cipher_nid != -1) { 213 if ((cipher = EVP_get_cipherbynid(cfg->cipher_nid)) == NULL) { 214 EVPerror(EVP_R_UNKNOWN_CIPHER); 215 return 0; 216 } 217 } 218 if (cfg->md_nid != -1) { 219 if ((md = EVP_get_digestbynid(cfg->md_nid)) == NULL) { 220 EVPerror(EVP_R_UNKNOWN_DIGEST); 221 return 0; 222 } 223 } 224 225 if (!cfg->keygen(ctx, pass, passlen, param, cipher, md, en_de)) { 226 EVPerror(EVP_R_KEYGEN_FAILURE); 227 return 0; 228 } 229 230 return 1; 231 } 232 233 int 234 PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, 235 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) 236 { 237 EVP_MD_CTX *md_ctx; 238 unsigned char md_tmp[EVP_MAX_MD_SIZE]; 239 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; 240 int i; 241 PBEPARAM *pbe; 242 int saltlen, iter; 243 unsigned char *salt; 244 const unsigned char *pbuf; 245 int mdsize; 246 int ret = 0; 247 248 /* Extract useful info from parameter */ 249 if (param == NULL || param->type != V_ASN1_SEQUENCE || 250 param->value.sequence == NULL) { 251 EVPerror(EVP_R_DECODE_ERROR); 252 return 0; 253 } 254 255 mdsize = EVP_MD_size(md); 256 if (mdsize < 0) 257 return 0; 258 259 pbuf = param->value.sequence->data; 260 if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { 261 EVPerror(EVP_R_DECODE_ERROR); 262 return 0; 263 } 264 265 if (!pbe->iter) 266 iter = 1; 267 else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) { 268 EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); 269 PBEPARAM_free(pbe); 270 return 0; 271 } 272 salt = pbe->salt->data; 273 saltlen = pbe->salt->length; 274 275 if (!pass) 276 passlen = 0; 277 else if (passlen == -1) 278 passlen = strlen(pass); 279 280 if ((md_ctx = EVP_MD_CTX_new()) == NULL) 281 goto err; 282 283 if (!EVP_DigestInit_ex(md_ctx, md, NULL)) 284 goto err; 285 if (!EVP_DigestUpdate(md_ctx, pass, passlen)) 286 goto err; 287 if (!EVP_DigestUpdate(md_ctx, salt, saltlen)) 288 goto err; 289 if (!EVP_DigestFinal_ex(md_ctx, md_tmp, NULL)) 290 goto err; 291 for (i = 1; i < iter; i++) { 292 if (!EVP_DigestInit_ex(md_ctx, md, NULL)) 293 goto err; 294 if (!EVP_DigestUpdate(md_ctx, md_tmp, mdsize)) 295 goto err; 296 if (!EVP_DigestFinal_ex(md_ctx, md_tmp, NULL)) 297 goto err; 298 } 299 if ((size_t)EVP_CIPHER_key_length(cipher) > sizeof(md_tmp)) { 300 EVPerror(EVP_R_BAD_KEY_LENGTH); 301 goto err; 302 } 303 memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); 304 if ((size_t)EVP_CIPHER_iv_length(cipher) > 16) { 305 EVPerror(EVP_R_IV_TOO_LARGE); 306 goto err; 307 } 308 memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), 309 EVP_CIPHER_iv_length(cipher)); 310 if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) 311 goto err; 312 explicit_bzero(md_tmp, EVP_MAX_MD_SIZE); 313 explicit_bzero(key, EVP_MAX_KEY_LENGTH); 314 explicit_bzero(iv, EVP_MAX_IV_LENGTH); 315 316 ret = 1; 317 318 err: 319 EVP_MD_CTX_free(md_ctx); 320 PBEPARAM_free(pbe); 321 322 return ret; 323 } 324 325 /* 326 * PKCS#5 v2.0 password based encryption key derivation function PBKDF2. 327 */ 328 329 int 330 PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, 331 int saltlen, int iter, const EVP_MD *digest, int keylen, unsigned char *out) 332 { 333 unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; 334 int cplen, j, k, tkeylen, mdlen; 335 unsigned long i = 1; 336 HMAC_CTX hctx_tpl, hctx; 337 338 mdlen = EVP_MD_size(digest); 339 if (mdlen < 0) 340 return 0; 341 342 HMAC_CTX_init(&hctx_tpl); 343 p = out; 344 tkeylen = keylen; 345 if (!pass) 346 passlen = 0; 347 else if (passlen == -1) 348 passlen = strlen(pass); 349 if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) { 350 HMAC_CTX_cleanup(&hctx_tpl); 351 return 0; 352 } 353 while (tkeylen) { 354 if (tkeylen > mdlen) 355 cplen = mdlen; 356 else 357 cplen = tkeylen; 358 /* 359 * We are unlikely to ever use more than 256 blocks (5120 bits!) 360 * but just in case... 361 */ 362 itmp[0] = (unsigned char)((i >> 24) & 0xff); 363 itmp[1] = (unsigned char)((i >> 16) & 0xff); 364 itmp[2] = (unsigned char)((i >> 8) & 0xff); 365 itmp[3] = (unsigned char)(i & 0xff); 366 if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { 367 HMAC_CTX_cleanup(&hctx_tpl); 368 return 0; 369 } 370 if (!HMAC_Update(&hctx, salt, saltlen) || 371 !HMAC_Update(&hctx, itmp, 4) || 372 !HMAC_Final(&hctx, digtmp, NULL)) { 373 HMAC_CTX_cleanup(&hctx_tpl); 374 HMAC_CTX_cleanup(&hctx); 375 return 0; 376 } 377 HMAC_CTX_cleanup(&hctx); 378 memcpy(p, digtmp, cplen); 379 for (j = 1; j < iter; j++) { 380 if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { 381 HMAC_CTX_cleanup(&hctx_tpl); 382 return 0; 383 } 384 if (!HMAC_Update(&hctx, digtmp, mdlen) || 385 !HMAC_Final(&hctx, digtmp, NULL)) { 386 HMAC_CTX_cleanup(&hctx_tpl); 387 HMAC_CTX_cleanup(&hctx); 388 return 0; 389 } 390 HMAC_CTX_cleanup(&hctx); 391 for (k = 0; k < cplen; k++) 392 p[k] ^= digtmp[k]; 393 } 394 tkeylen -= cplen; 395 i++; 396 p += cplen; 397 } 398 HMAC_CTX_cleanup(&hctx_tpl); 399 return 1; 400 } 401 LCRYPTO_ALIAS(PKCS5_PBKDF2_HMAC); 402 403 int 404 PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, const unsigned char *salt, 405 int saltlen, int iter, int keylen, unsigned char *out) 406 { 407 return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, 408 EVP_sha1(), keylen, out); 409 } 410 LCRYPTO_ALIAS(PKCS5_PBKDF2_HMAC_SHA1); 411 412 /* 413 * Now the key derivation function itself. This is a bit evil because 414 * it has to check the ASN1 parameters are valid: and there are quite a 415 * few of them... 416 */ 417 418 int 419 PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 420 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) 421 { 422 const unsigned char *pbuf; 423 int plen; 424 PBE2PARAM *pbe2 = NULL; 425 const EVP_CIPHER *cipher; 426 int ret = 0; 427 428 if (param == NULL || param->type != V_ASN1_SEQUENCE || 429 param->value.sequence == NULL) { 430 EVPerror(EVP_R_DECODE_ERROR); 431 goto err; 432 } 433 434 pbuf = param->value.sequence->data; 435 plen = param->value.sequence->length; 436 if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { 437 EVPerror(EVP_R_DECODE_ERROR); 438 goto err; 439 } 440 441 /* See if we recognise the key derivation function */ 442 443 if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) { 444 EVPerror(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); 445 goto err; 446 } 447 448 /* Let's see if we recognise the encryption algorithm. */ 449 cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm); 450 if (!cipher) { 451 EVPerror(EVP_R_UNSUPPORTED_CIPHER); 452 goto err; 453 } 454 455 /* Fixup cipher based on AlgorithmIdentifier */ 456 if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de)) 457 goto err; 458 if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { 459 EVPerror(EVP_R_CIPHER_PARAMETER_ERROR); 460 goto err; 461 } 462 463 ret = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen, 464 pbe2->keyfunc->parameter, c, md, en_de); 465 466 err: 467 PBE2PARAM_free(pbe2); 468 469 return ret; 470 } 471 472 static int 473 md_nid_from_prf_nid(int nid) 474 { 475 switch (nid) { 476 case NID_hmacWithMD5: 477 return NID_md5; 478 case NID_hmacWithSHA1: 479 return NID_sha1; 480 case NID_hmacWithSHA224: 481 return NID_sha224; 482 case NID_hmacWithSHA256: 483 return NID_sha256; 484 case NID_hmacWithSHA384: 485 return NID_sha384; 486 case NID_hmacWithSHA512: 487 return NID_sha512; 488 case NID_hmacWithSHA512_224: 489 return NID_sha512_224; 490 case NID_hmacWithSHA512_256: 491 return NID_sha512_256; 492 case NID_hmac_sha3_224: 493 return NID_sha3_224; 494 case NID_hmac_sha3_256: 495 return NID_sha3_256; 496 case NID_hmac_sha3_384: 497 return NID_sha3_384; 498 case NID_hmac_sha3_512: 499 return NID_sha3_512; 500 default: 501 return NID_undef; 502 } 503 } 504 505 int 506 PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 507 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) 508 { 509 unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; 510 const unsigned char *pbuf; 511 int saltlen, iter, plen; 512 unsigned int keylen = 0; 513 int prf_nid, hmac_md_nid; 514 PBKDF2PARAM *kdf = NULL; 515 const EVP_MD *prfmd; 516 int ret = 0; 517 518 if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { 519 EVPerror(EVP_R_NO_CIPHER_SET); 520 return 0; 521 } 522 keylen = EVP_CIPHER_CTX_key_length(ctx); 523 if (keylen > sizeof key) { 524 EVPerror(EVP_R_BAD_KEY_LENGTH); 525 return 0; 526 } 527 528 /* Decode parameter */ 529 530 if (!param || (param->type != V_ASN1_SEQUENCE)) { 531 EVPerror(EVP_R_DECODE_ERROR); 532 return 0; 533 } 534 535 pbuf = param->value.sequence->data; 536 plen = param->value.sequence->length; 537 538 if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { 539 EVPerror(EVP_R_DECODE_ERROR); 540 return 0; 541 } 542 543 /* Now check the parameters of the kdf */ 544 545 if (kdf->keylength && 546 (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ 547 EVPerror(EVP_R_UNSUPPORTED_KEYLENGTH); 548 goto err; 549 } 550 551 if (kdf->prf) 552 prf_nid = OBJ_obj2nid(kdf->prf->algorithm); 553 else 554 prf_nid = NID_hmacWithSHA1; 555 556 if ((hmac_md_nid = md_nid_from_prf_nid(prf_nid)) == NID_undef) { 557 EVPerror(EVP_R_UNSUPPORTED_PRF); 558 goto err; 559 } 560 561 prfmd = EVP_get_digestbynid(hmac_md_nid); 562 if (prfmd == NULL) { 563 EVPerror(EVP_R_UNSUPPORTED_PRF); 564 goto err; 565 } 566 567 if (kdf->salt->type != V_ASN1_OCTET_STRING) { 568 EVPerror(EVP_R_UNSUPPORTED_SALT_TYPE); 569 goto err; 570 } 571 572 /* it seems that its all OK */ 573 salt = kdf->salt->value.octet_string->data; 574 saltlen = kdf->salt->value.octet_string->length; 575 if ((iter = ASN1_INTEGER_get(kdf->iter)) <= 0) { 576 EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); 577 goto err; 578 } 579 if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd, 580 keylen, key)) 581 goto err; 582 583 ret = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); 584 585 err: 586 explicit_bzero(key, keylen); 587 PBKDF2PARAM_free(kdf); 588 589 return ret; 590 } 591 592 void 593 PKCS12_PBE_add(void) 594 { 595 } 596 LCRYPTO_ALIAS(PKCS12_PBE_add); 597 598 int 599 PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 600 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) 601 { 602 PBEPARAM *pbe; 603 int saltlen, iter, ret; 604 unsigned char *salt; 605 const unsigned char *pbuf; 606 unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; 607 608 /* Extract useful info from parameter */ 609 if (param == NULL || param->type != V_ASN1_SEQUENCE || 610 param->value.sequence == NULL) { 611 PKCS12error(PKCS12_R_DECODE_ERROR); 612 return 0; 613 } 614 615 pbuf = param->value.sequence->data; 616 if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { 617 PKCS12error(PKCS12_R_DECODE_ERROR); 618 return 0; 619 } 620 621 if (!pbe->iter) 622 iter = 1; 623 else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) { 624 PKCS12error(PKCS12_R_DECODE_ERROR); 625 PBEPARAM_free(pbe); 626 return 0; 627 } 628 salt = pbe->salt->data; 629 saltlen = pbe->salt->length; 630 if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID, 631 iter, EVP_CIPHER_key_length(cipher), key, md)) { 632 PKCS12error(PKCS12_R_KEY_GEN_ERROR); 633 PBEPARAM_free(pbe); 634 return 0; 635 } 636 if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID, 637 iter, EVP_CIPHER_iv_length(cipher), iv, md)) { 638 PKCS12error(PKCS12_R_IV_GEN_ERROR); 639 PBEPARAM_free(pbe); 640 return 0; 641 } 642 PBEPARAM_free(pbe); 643 ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); 644 explicit_bzero(key, EVP_MAX_KEY_LENGTH); 645 explicit_bzero(iv, EVP_MAX_IV_LENGTH); 646 return ret; 647 } 648