提交 2bd83ca1 编写于 作者: D Dr. Stephen Henson

Change PBE handling a bit more: now the key and iv generator does calls

EVP_CipherInit() this because the IV wont be easily available when doing
PKCS#5 v2.0
上级 69cbf468
......@@ -395,9 +395,9 @@ typedef struct evp_Encode_Ctx_st
} EVP_ENCODE_CTX;
/* Password based encryption function */
typedef int (EVP_PBE_KEYGEN)(const char *pass, int passlen,
typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
ASN1_TYPE *param, EVP_CIPHER *cipher,
EVP_MD *md, unsigned char *key, unsigned char *iv);
EVP_MD *md, int en_de);
#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
(char *)(rsa))
......@@ -635,9 +635,9 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
/* PKCS5 password based encryption */
int PKCS5_PBE_keyivgen(const char *pass, int passlen, ASN1_TYPE *param,
EVP_CIPHER *cipher, EVP_MD *md,
unsigned char *key, unsigned char *iv);
int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md,
int en_de);
void PKCS5_PBE_add(void);
......
......@@ -79,7 +79,6 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
{
EVP_PBE_CTL *pbetmp, pbelu;
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
int i;
pbelu.pbe_nid = OBJ_obj2nid(pbe_obj);
if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu);
......@@ -95,13 +94,12 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
}
if (passlen == -1) passlen = strlen(pass);
pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i);
i = (*pbetmp->keygen)(pass, passlen, param, pbetmp->cipher,
pbetmp->md, key, iv);
i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher,
pbetmp->md, en_de);
if (!i) {
EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE);
return 0;
}
EVP_CipherInit (ctx, pbetmp->cipher, key, iv, en_de);
return 1;
}
......
......@@ -85,12 +85,13 @@ EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(),
#endif
}
int PKCS5_PBE_keyivgen(const char *pass, int passlen, ASN1_TYPE *param,
EVP_CIPHER *cipher, EVP_MD *md,
unsigned char *key, unsigned char *iv)
int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md,
int en_de)
{
EVP_MD_CTX ctx;
unsigned char md_tmp[EVP_MAX_MD_SIZE];
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
int i;
PBEPARAM *pbe;
int saltlen, iter;
......@@ -122,5 +123,9 @@ int PKCS5_PBE_keyivgen(const char *pass, int passlen, ASN1_TYPE *param,
memcpy (key, md_tmp, EVP_CIPHER_key_length(cipher));
memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
EVP_CIPHER_iv_length(cipher));
EVP_CipherInit(cctx, cipher, key, iv, en_de);
memset(md_tmp, 0, EVP_MAX_MD_SIZE);
memset(key, 0, EVP_MAX_KEY_LENGTH);
memset(iv, 0, EVP_MAX_IV_LENGTH);
return 1;
}
......@@ -82,13 +82,13 @@ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
#endif
}
int PKCS12_PBE_keyivgen (const char *pass, int passlen, ASN1_TYPE *param,
EVP_CIPHER *cipher, EVP_MD *md,
unsigned char *key, unsigned char *iv)
int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, int en_de)
{
PBEPARAM *pbe;
int saltlen, iter;
unsigned char *salt, *pbuf;
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
/* Extract useful info from parameter */
pbuf = param->value.sequence->data;
......@@ -115,5 +115,8 @@ int PKCS12_PBE_keyivgen (const char *pass, int passlen, ASN1_TYPE *param,
return 0;
}
PBEPARAM_free(pbe);
EVP_CipherInit(ctx, cipher, key, iv, en_de);
memset(key, 0, EVP_MAX_KEY_LENGTH);
memset(iv, 0, EVP_MAX_IV_LENGTH);
return 1;
}
......@@ -230,9 +230,9 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
int saltlen, int id, int iter, int n,
unsigned char *out, const EVP_MD *md_type);
int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type);
int PKCS12_PBE_keyivgen(const char *pass, int passlen, ASN1_TYPE *param,
EVP_CIPHER *cipher, EVP_MD *md_type,
unsigned char *key, unsigned char *iv);
int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md_type,
int en_de);
int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
unsigned char *mac, unsigned int *maclen);
int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册