1*0Sstevel@tonic-gate /* evp_pbe.c */ 2*0Sstevel@tonic-gate /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 3*0Sstevel@tonic-gate * project 1999. 4*0Sstevel@tonic-gate */ 5*0Sstevel@tonic-gate /* ==================================================================== 6*0Sstevel@tonic-gate * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 7*0Sstevel@tonic-gate * 8*0Sstevel@tonic-gate * Redistribution and use in source and binary forms, with or without 9*0Sstevel@tonic-gate * modification, are permitted provided that the following conditions 10*0Sstevel@tonic-gate * are met: 11*0Sstevel@tonic-gate * 12*0Sstevel@tonic-gate * 1. Redistributions of source code must retain the above copyright 13*0Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer. 14*0Sstevel@tonic-gate * 15*0Sstevel@tonic-gate * 2. Redistributions in binary form must reproduce the above copyright 16*0Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer in 17*0Sstevel@tonic-gate * the documentation and/or other materials provided with the 18*0Sstevel@tonic-gate * distribution. 19*0Sstevel@tonic-gate * 20*0Sstevel@tonic-gate * 3. All advertising materials mentioning features or use of this 21*0Sstevel@tonic-gate * software must display the following acknowledgment: 22*0Sstevel@tonic-gate * "This product includes software developed by the OpenSSL Project 23*0Sstevel@tonic-gate * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24*0Sstevel@tonic-gate * 25*0Sstevel@tonic-gate * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26*0Sstevel@tonic-gate * endorse or promote products derived from this software without 27*0Sstevel@tonic-gate * prior written permission. For written permission, please contact 28*0Sstevel@tonic-gate * licensing@OpenSSL.org. 29*0Sstevel@tonic-gate * 30*0Sstevel@tonic-gate * 5. Products derived from this software may not be called "OpenSSL" 31*0Sstevel@tonic-gate * nor may "OpenSSL" appear in their names without prior written 32*0Sstevel@tonic-gate * permission of the OpenSSL Project. 33*0Sstevel@tonic-gate * 34*0Sstevel@tonic-gate * 6. Redistributions of any form whatsoever must retain the following 35*0Sstevel@tonic-gate * acknowledgment: 36*0Sstevel@tonic-gate * "This product includes software developed by the OpenSSL Project 37*0Sstevel@tonic-gate * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38*0Sstevel@tonic-gate * 39*0Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40*0Sstevel@tonic-gate * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41*0Sstevel@tonic-gate * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42*0Sstevel@tonic-gate * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43*0Sstevel@tonic-gate * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44*0Sstevel@tonic-gate * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45*0Sstevel@tonic-gate * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46*0Sstevel@tonic-gate * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47*0Sstevel@tonic-gate * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48*0Sstevel@tonic-gate * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49*0Sstevel@tonic-gate * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50*0Sstevel@tonic-gate * OF THE POSSIBILITY OF SUCH DAMAGE. 51*0Sstevel@tonic-gate * ==================================================================== 52*0Sstevel@tonic-gate * 53*0Sstevel@tonic-gate * This product includes cryptographic software written by Eric Young 54*0Sstevel@tonic-gate * (eay@cryptsoft.com). This product includes software written by Tim 55*0Sstevel@tonic-gate * Hudson (tjh@cryptsoft.com). 56*0Sstevel@tonic-gate * 57*0Sstevel@tonic-gate */ 58*0Sstevel@tonic-gate 59*0Sstevel@tonic-gate #include <stdio.h> 60*0Sstevel@tonic-gate #include "cryptlib.h" 61*0Sstevel@tonic-gate #include <openssl/evp.h> 62*0Sstevel@tonic-gate #include <openssl/x509.h> 63*0Sstevel@tonic-gate 64*0Sstevel@tonic-gate /* Password based encryption (PBE) functions */ 65*0Sstevel@tonic-gate 66*0Sstevel@tonic-gate static STACK *pbe_algs; 67*0Sstevel@tonic-gate 68*0Sstevel@tonic-gate /* Setup a cipher context from a PBE algorithm */ 69*0Sstevel@tonic-gate 70*0Sstevel@tonic-gate typedef struct { 71*0Sstevel@tonic-gate int pbe_nid; 72*0Sstevel@tonic-gate const EVP_CIPHER *cipher; 73*0Sstevel@tonic-gate const EVP_MD *md; 74*0Sstevel@tonic-gate EVP_PBE_KEYGEN *keygen; 75*0Sstevel@tonic-gate } EVP_PBE_CTL; 76*0Sstevel@tonic-gate 77*0Sstevel@tonic-gate int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, 78*0Sstevel@tonic-gate ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) 79*0Sstevel@tonic-gate { 80*0Sstevel@tonic-gate 81*0Sstevel@tonic-gate EVP_PBE_CTL *pbetmp, pbelu; 82*0Sstevel@tonic-gate int i; 83*0Sstevel@tonic-gate pbelu.pbe_nid = OBJ_obj2nid(pbe_obj); 84*0Sstevel@tonic-gate if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu); 85*0Sstevel@tonic-gate else i = -1; 86*0Sstevel@tonic-gate 87*0Sstevel@tonic-gate if (i == -1) { 88*0Sstevel@tonic-gate char obj_tmp[80]; 89*0Sstevel@tonic-gate EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM); 90*0Sstevel@tonic-gate if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); 91*0Sstevel@tonic-gate else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); 92*0Sstevel@tonic-gate ERR_add_error_data(2, "TYPE=", obj_tmp); 93*0Sstevel@tonic-gate return 0; 94*0Sstevel@tonic-gate } 95*0Sstevel@tonic-gate if(!pass) passlen = 0; 96*0Sstevel@tonic-gate else if (passlen == -1) passlen = strlen(pass); 97*0Sstevel@tonic-gate pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i); 98*0Sstevel@tonic-gate i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher, 99*0Sstevel@tonic-gate pbetmp->md, en_de); 100*0Sstevel@tonic-gate if (!i) { 101*0Sstevel@tonic-gate EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE); 102*0Sstevel@tonic-gate return 0; 103*0Sstevel@tonic-gate } 104*0Sstevel@tonic-gate return 1; 105*0Sstevel@tonic-gate } 106*0Sstevel@tonic-gate 107*0Sstevel@tonic-gate static int pbe_cmp(const char * const *a, const char * const *b) 108*0Sstevel@tonic-gate { 109*0Sstevel@tonic-gate EVP_PBE_CTL **pbe1 = (EVP_PBE_CTL **) a, **pbe2 = (EVP_PBE_CTL **)b; 110*0Sstevel@tonic-gate return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); 111*0Sstevel@tonic-gate } 112*0Sstevel@tonic-gate 113*0Sstevel@tonic-gate /* Add a PBE algorithm */ 114*0Sstevel@tonic-gate 115*0Sstevel@tonic-gate int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, 116*0Sstevel@tonic-gate EVP_PBE_KEYGEN *keygen) 117*0Sstevel@tonic-gate { 118*0Sstevel@tonic-gate EVP_PBE_CTL *pbe_tmp; 119*0Sstevel@tonic-gate if (!pbe_algs) pbe_algs = sk_new(pbe_cmp); 120*0Sstevel@tonic-gate if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) { 121*0Sstevel@tonic-gate EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE); 122*0Sstevel@tonic-gate return 0; 123*0Sstevel@tonic-gate } 124*0Sstevel@tonic-gate pbe_tmp->pbe_nid = nid; 125*0Sstevel@tonic-gate pbe_tmp->cipher = cipher; 126*0Sstevel@tonic-gate pbe_tmp->md = md; 127*0Sstevel@tonic-gate pbe_tmp->keygen = keygen; 128*0Sstevel@tonic-gate sk_push (pbe_algs, (char *)pbe_tmp); 129*0Sstevel@tonic-gate return 1; 130*0Sstevel@tonic-gate } 131*0Sstevel@tonic-gate 132*0Sstevel@tonic-gate void EVP_PBE_cleanup(void) 133*0Sstevel@tonic-gate { 134*0Sstevel@tonic-gate sk_pop_free(pbe_algs, OPENSSL_freeFunc); 135*0Sstevel@tonic-gate pbe_algs = NULL; 136*0Sstevel@tonic-gate } 137