2
0

p5_pbe.c 3.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113
  1. /*
  2. * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/asn1t.h>
  12. #include <openssl/x509.h>
  13. #include <openssl/rand.h>
  14. #include "crypto/evp.h"
  15. /* PKCS#5 password based encryption structure */
  16. ASN1_SEQUENCE(PBEPARAM) = {
  17. ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
  18. ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
  19. } ASN1_SEQUENCE_END(PBEPARAM)
  20. IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
  21. /* Set an algorithm identifier for a PKCS#5 PBE algorithm */
  22. int PKCS5_pbe_set0_algor_ex(X509_ALGOR *algor, int alg, int iter,
  23. const unsigned char *salt, int saltlen,
  24. OSSL_LIB_CTX *ctx)
  25. {
  26. PBEPARAM *pbe = NULL;
  27. ASN1_STRING *pbe_str = NULL;
  28. unsigned char *sstr = NULL;
  29. pbe = PBEPARAM_new();
  30. if (pbe == NULL) {
  31. /* ERR_R_ASN1_LIB, because PBEPARAM_new() is defined in crypto/asn1 */
  32. ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
  33. goto err;
  34. }
  35. if (iter <= 0)
  36. iter = PKCS5_DEFAULT_ITER;
  37. if (!ASN1_INTEGER_set(pbe->iter, iter)) {
  38. ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
  39. goto err;
  40. }
  41. if (!saltlen)
  42. saltlen = PKCS5_DEFAULT_PBE1_SALT_LEN;
  43. if (saltlen < 0)
  44. goto err;
  45. sstr = OPENSSL_malloc(saltlen);
  46. if (sstr == NULL)
  47. goto err;
  48. if (salt)
  49. memcpy(sstr, salt, saltlen);
  50. else if (RAND_bytes_ex(ctx, sstr, saltlen, 0) <= 0)
  51. goto err;
  52. ASN1_STRING_set0(pbe->salt, sstr, saltlen);
  53. sstr = NULL;
  54. if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
  55. ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
  56. goto err;
  57. }
  58. PBEPARAM_free(pbe);
  59. pbe = NULL;
  60. if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str))
  61. return 1;
  62. err:
  63. OPENSSL_free(sstr);
  64. PBEPARAM_free(pbe);
  65. ASN1_STRING_free(pbe_str);
  66. return 0;
  67. }
  68. int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
  69. const unsigned char *salt, int saltlen)
  70. {
  71. return PKCS5_pbe_set0_algor_ex(algor, alg, iter, salt, saltlen, NULL);
  72. }
  73. /* Return an algorithm identifier for a PKCS#5 PBE algorithm */
  74. X509_ALGOR *PKCS5_pbe_set_ex(int alg, int iter,
  75. const unsigned char *salt, int saltlen,
  76. OSSL_LIB_CTX *ctx)
  77. {
  78. X509_ALGOR *ret;
  79. ret = X509_ALGOR_new();
  80. if (ret == NULL) {
  81. ERR_raise(ERR_LIB_ASN1, ERR_R_X509_LIB);
  82. return NULL;
  83. }
  84. if (PKCS5_pbe_set0_algor_ex(ret, alg, iter, salt, saltlen, ctx))
  85. return ret;
  86. X509_ALGOR_free(ret);
  87. return NULL;
  88. }
  89. X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
  90. const unsigned char *salt, int saltlen)
  91. {
  92. return PKCS5_pbe_set_ex(alg, iter, salt, saltlen, NULL);
  93. }