10Sstevel@tonic-gate /* evp_pbe.c */
20Sstevel@tonic-gate /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
30Sstevel@tonic-gate * project 1999.
40Sstevel@tonic-gate */
50Sstevel@tonic-gate /* ====================================================================
60Sstevel@tonic-gate * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
70Sstevel@tonic-gate *
80Sstevel@tonic-gate * Redistribution and use in source and binary forms, with or without
90Sstevel@tonic-gate * modification, are permitted provided that the following conditions
100Sstevel@tonic-gate * are met:
110Sstevel@tonic-gate *
120Sstevel@tonic-gate * 1. Redistributions of source code must retain the above copyright
130Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer.
140Sstevel@tonic-gate *
150Sstevel@tonic-gate * 2. Redistributions in binary form must reproduce the above copyright
160Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer in
170Sstevel@tonic-gate * the documentation and/or other materials provided with the
180Sstevel@tonic-gate * distribution.
190Sstevel@tonic-gate *
200Sstevel@tonic-gate * 3. All advertising materials mentioning features or use of this
210Sstevel@tonic-gate * software must display the following acknowledgment:
220Sstevel@tonic-gate * "This product includes software developed by the OpenSSL Project
230Sstevel@tonic-gate * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
240Sstevel@tonic-gate *
250Sstevel@tonic-gate * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
260Sstevel@tonic-gate * endorse or promote products derived from this software without
270Sstevel@tonic-gate * prior written permission. For written permission, please contact
280Sstevel@tonic-gate * licensing@OpenSSL.org.
290Sstevel@tonic-gate *
300Sstevel@tonic-gate * 5. Products derived from this software may not be called "OpenSSL"
310Sstevel@tonic-gate * nor may "OpenSSL" appear in their names without prior written
320Sstevel@tonic-gate * permission of the OpenSSL Project.
330Sstevel@tonic-gate *
340Sstevel@tonic-gate * 6. Redistributions of any form whatsoever must retain the following
350Sstevel@tonic-gate * acknowledgment:
360Sstevel@tonic-gate * "This product includes software developed by the OpenSSL Project
370Sstevel@tonic-gate * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
380Sstevel@tonic-gate *
390Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
400Sstevel@tonic-gate * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
410Sstevel@tonic-gate * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
420Sstevel@tonic-gate * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
430Sstevel@tonic-gate * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
440Sstevel@tonic-gate * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
450Sstevel@tonic-gate * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
460Sstevel@tonic-gate * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
470Sstevel@tonic-gate * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
480Sstevel@tonic-gate * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
490Sstevel@tonic-gate * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
500Sstevel@tonic-gate * OF THE POSSIBILITY OF SUCH DAMAGE.
510Sstevel@tonic-gate * ====================================================================
520Sstevel@tonic-gate *
530Sstevel@tonic-gate * This product includes cryptographic software written by Eric Young
540Sstevel@tonic-gate * (eay@cryptsoft.com). This product includes software written by Tim
550Sstevel@tonic-gate * Hudson (tjh@cryptsoft.com).
560Sstevel@tonic-gate *
570Sstevel@tonic-gate */
580Sstevel@tonic-gate
590Sstevel@tonic-gate #include <stdio.h>
600Sstevel@tonic-gate #include "cryptlib.h"
610Sstevel@tonic-gate #include <openssl/evp.h>
620Sstevel@tonic-gate #include <openssl/x509.h>
630Sstevel@tonic-gate
640Sstevel@tonic-gate /* Password based encryption (PBE) functions */
650Sstevel@tonic-gate
660Sstevel@tonic-gate static STACK *pbe_algs;
670Sstevel@tonic-gate
680Sstevel@tonic-gate /* Setup a cipher context from a PBE algorithm */
690Sstevel@tonic-gate
700Sstevel@tonic-gate typedef struct {
710Sstevel@tonic-gate int pbe_nid;
720Sstevel@tonic-gate const EVP_CIPHER *cipher;
730Sstevel@tonic-gate const EVP_MD *md;
740Sstevel@tonic-gate EVP_PBE_KEYGEN *keygen;
750Sstevel@tonic-gate } EVP_PBE_CTL;
760Sstevel@tonic-gate
EVP_PBE_CipherInit(ASN1_OBJECT * pbe_obj,const char * pass,int passlen,ASN1_TYPE * param,EVP_CIPHER_CTX * ctx,int en_de)77*2139Sjp161948 int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
780Sstevel@tonic-gate ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
790Sstevel@tonic-gate {
800Sstevel@tonic-gate
810Sstevel@tonic-gate EVP_PBE_CTL *pbetmp, pbelu;
820Sstevel@tonic-gate int i;
830Sstevel@tonic-gate pbelu.pbe_nid = OBJ_obj2nid(pbe_obj);
840Sstevel@tonic-gate if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu);
850Sstevel@tonic-gate else i = -1;
860Sstevel@tonic-gate
870Sstevel@tonic-gate if (i == -1) {
880Sstevel@tonic-gate char obj_tmp[80];
890Sstevel@tonic-gate EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
900Sstevel@tonic-gate if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
910Sstevel@tonic-gate else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
920Sstevel@tonic-gate ERR_add_error_data(2, "TYPE=", obj_tmp);
930Sstevel@tonic-gate return 0;
940Sstevel@tonic-gate }
950Sstevel@tonic-gate if(!pass) passlen = 0;
960Sstevel@tonic-gate else if (passlen == -1) passlen = strlen(pass);
970Sstevel@tonic-gate pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i);
980Sstevel@tonic-gate i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher,
990Sstevel@tonic-gate pbetmp->md, en_de);
1000Sstevel@tonic-gate if (!i) {
1010Sstevel@tonic-gate EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE);
1020Sstevel@tonic-gate return 0;
1030Sstevel@tonic-gate }
1040Sstevel@tonic-gate return 1;
1050Sstevel@tonic-gate }
1060Sstevel@tonic-gate
pbe_cmp(const char * const * a,const char * const * b)1070Sstevel@tonic-gate static int pbe_cmp(const char * const *a, const char * const *b)
1080Sstevel@tonic-gate {
109*2139Sjp161948 const EVP_PBE_CTL * const *pbe1 = (const EVP_PBE_CTL * const *) a,
110*2139Sjp161948 * const *pbe2 = (const EVP_PBE_CTL * const *)b;
1110Sstevel@tonic-gate return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid);
1120Sstevel@tonic-gate }
1130Sstevel@tonic-gate
1140Sstevel@tonic-gate /* Add a PBE algorithm */
1150Sstevel@tonic-gate
EVP_PBE_alg_add(int nid,const EVP_CIPHER * cipher,const EVP_MD * md,EVP_PBE_KEYGEN * keygen)1160Sstevel@tonic-gate int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
1170Sstevel@tonic-gate EVP_PBE_KEYGEN *keygen)
1180Sstevel@tonic-gate {
1190Sstevel@tonic-gate EVP_PBE_CTL *pbe_tmp;
1200Sstevel@tonic-gate if (!pbe_algs) pbe_algs = sk_new(pbe_cmp);
1210Sstevel@tonic-gate if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) {
1220Sstevel@tonic-gate EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
1230Sstevel@tonic-gate return 0;
1240Sstevel@tonic-gate }
1250Sstevel@tonic-gate pbe_tmp->pbe_nid = nid;
1260Sstevel@tonic-gate pbe_tmp->cipher = cipher;
1270Sstevel@tonic-gate pbe_tmp->md = md;
1280Sstevel@tonic-gate pbe_tmp->keygen = keygen;
1290Sstevel@tonic-gate sk_push (pbe_algs, (char *)pbe_tmp);
1300Sstevel@tonic-gate return 1;
1310Sstevel@tonic-gate }
1320Sstevel@tonic-gate
EVP_PBE_cleanup(void)1330Sstevel@tonic-gate void EVP_PBE_cleanup(void)
1340Sstevel@tonic-gate {
1350Sstevel@tonic-gate sk_pop_free(pbe_algs, OPENSSL_freeFunc);
1360Sstevel@tonic-gate pbe_algs = NULL;
1370Sstevel@tonic-gate }
138