提交 cfcefcbe 编写于 作者: D Dr. Stephen Henson

Further PKCS#12 integration, PBE, PKCS#8 additions.

上级 4b518c26
......@@ -5,9 +5,14 @@
Changes between 0.9.2b and 0.9.3
*) Further PKCS#12 integration. Added password based encryption, PKCS#8 and
packing functions to asn1 and evp. Changed function names and error
codes along the way.
[Steve Henson]
*) PKCS12 integration: and so it begins... First of several patches to
slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12
objects to object.h
objects to objects.h
[Steve Henson]
*) Add a new 'indent' option to some X509V3 extension code. Initial ASN1
......
......@@ -36,7 +36,7 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
asn1_par.c asn1_lib.c $(ERRC).c a_meth.c a_bytes.c \
evp_asn1.c
evp_asn1.c asn_pack.c p5_pbe.c p8_pkey.c
LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o \
a_enum.o a_sign.o a_digest.o a_verify.o \
......@@ -51,7 +51,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
asn1_par.o asn1_lib.o $(ERRC).o a_meth.o a_bytes.o \
evp_asn1.o
evp_asn1.o asn_pack.o p5_pbe.o p8_pkey.o
SRC= $(LIBSRC)
......
......@@ -19,12 +19,16 @@
#define ASN1_F_ASN1_INTEGER_SET 111
#define ASN1_F_ASN1_INTEGER_TO_BN 112
#define ASN1_F_ASN1_OBJECT_NEW 113
#define ASN1_F_ASN1_PACK_STRING 245
#define ASN1_F_ASN1_SEQ_PACK 246
#define ASN1_F_ASN1_SEQ_UNPACK 247
#define ASN1_F_ASN1_SIGN 114
#define ASN1_F_ASN1_STRING_NEW 115
#define ASN1_F_ASN1_STRING_TYPE_NEW 116
#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 117
#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 118
#define ASN1_F_ASN1_TYPE_NEW 119
#define ASN1_F_ASN1_UNPACK_STRING 248
#define ASN1_F_ASN1_UTCTIME_NEW 120
#define ASN1_F_ASN1_VERIFY 121
#define ASN1_F_AUTHORITY_KEYID_NEW 237
......@@ -60,6 +64,7 @@
#define ASN1_F_D2I_NETSCAPE_RSA_2 142
#define ASN1_F_D2I_NETSCAPE_SPKAC 143
#define ASN1_F_D2I_NETSCAPE_SPKI 144
#define ASN1_F_D2I_PBEPARAM 249
#define ASN1_F_D2I_PKCS7 145
#define ASN1_F_D2I_PKCS7_DIGEST 146
#define ASN1_F_D2I_PKCS7_ENCRYPT 147
......@@ -70,6 +75,7 @@
#define ASN1_F_D2I_PKCS7_SIGNED 152
#define ASN1_F_D2I_PKCS7_SIGNER_INFO 153
#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE 154
#define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO 250
#define ASN1_F_D2I_PKEY_USAGE_PERIOD 239
#define ASN1_F_D2I_PRIVATEKEY 155
#define ASN1_F_D2I_PUBLICKEY 156
......@@ -113,6 +119,7 @@
#define ASN1_F_NETSCAPE_PKEY_NEW 189
#define ASN1_F_NETSCAPE_SPKAC_NEW 190
#define ASN1_F_NETSCAPE_SPKI_NEW 191
#define ASN1_F_PBEPARAM_NEW 251
#define ASN1_F_PKCS7_DIGEST_NEW 192
#define ASN1_F_PKCS7_ENCRYPT_NEW 193
#define ASN1_F_PKCS7_ENC_CONTENT_NEW 194
......@@ -123,6 +130,7 @@
#define ASN1_F_PKCS7_SIGNED_NEW 199
#define ASN1_F_PKCS7_SIGNER_INFO_NEW 200
#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW 201
#define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW 252
#define ASN1_F_PKEY_USAGE_PERIOD_NEW 240
#define ASN1_F_SXNETID_NEW 244
#define ASN1_F_SXNET_NEW 242
......@@ -159,7 +167,10 @@
#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 108
#define ASN1_R_BUFFER_TOO_SMALL 109
#define ASN1_R_DATA_IS_WRONG 110
#define ASN1_R_DECODE_ERROR 155
#define ASN1_R_DECODING_ERROR 111
#define ASN1_R_DEOCDE_ERROR 157
#define ASN1_R_ENCODE_ERROR 156
#define ASN1_R_ERROR_PARSING_SET_ELEMENT 112
#define ASN1_R_EXPECTING_AN_ENUMERATED 154
#define ASN1_R_EXPECTING_AN_INTEGER 113
......
......@@ -575,6 +575,13 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
unsigned char *data, int max_len);
STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
void (*free_func)() );
unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
int *len );
char *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
ASN1_STRING *ASN1_pack_string(char *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
#else
ASN1_TYPE * ASN1_TYPE_new();
......@@ -688,6 +695,11 @@ int ASN1_TYPE_get_int_octetstring();
int i2d_ASN1_BMPSTRING();
ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
STACK *ASN1_seq_unpack();
unsigned char *ASN1_seq_pack();
char *ASN1_unpack_string();
ASN1_STRING *ASN1_pack_string();
#endif
/* BEGIN ERROR CODES */
......@@ -712,12 +724,16 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
#define ASN1_F_ASN1_INTEGER_SET 111
#define ASN1_F_ASN1_INTEGER_TO_BN 112
#define ASN1_F_ASN1_OBJECT_NEW 113
#define ASN1_F_ASN1_PACK_STRING 245
#define ASN1_F_ASN1_SEQ_PACK 246
#define ASN1_F_ASN1_SEQ_UNPACK 247
#define ASN1_F_ASN1_SIGN 114
#define ASN1_F_ASN1_STRING_NEW 115
#define ASN1_F_ASN1_STRING_TYPE_NEW 116
#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 117
#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 118
#define ASN1_F_ASN1_TYPE_NEW 119
#define ASN1_F_ASN1_UNPACK_STRING 248
#define ASN1_F_ASN1_UTCTIME_NEW 120
#define ASN1_F_ASN1_VERIFY 121
#define ASN1_F_AUTHORITY_KEYID_NEW 237
......@@ -753,6 +769,7 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
#define ASN1_F_D2I_NETSCAPE_RSA_2 142
#define ASN1_F_D2I_NETSCAPE_SPKAC 143
#define ASN1_F_D2I_NETSCAPE_SPKI 144
#define ASN1_F_D2I_PBEPARAM 249
#define ASN1_F_D2I_PKCS7 145
#define ASN1_F_D2I_PKCS7_DIGEST 146
#define ASN1_F_D2I_PKCS7_ENCRYPT 147
......@@ -763,6 +780,7 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
#define ASN1_F_D2I_PKCS7_SIGNED 152
#define ASN1_F_D2I_PKCS7_SIGNER_INFO 153
#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE 154
#define ASN1_F_D2I_PKCS8_PRIV_KEY_INFO 250
#define ASN1_F_D2I_PKEY_USAGE_PERIOD 239
#define ASN1_F_D2I_PRIVATEKEY 155
#define ASN1_F_D2I_PUBLICKEY 156
......@@ -806,6 +824,7 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
#define ASN1_F_NETSCAPE_PKEY_NEW 189
#define ASN1_F_NETSCAPE_SPKAC_NEW 190
#define ASN1_F_NETSCAPE_SPKI_NEW 191
#define ASN1_F_PBEPARAM_NEW 251
#define ASN1_F_PKCS7_DIGEST_NEW 192
#define ASN1_F_PKCS7_ENCRYPT_NEW 193
#define ASN1_F_PKCS7_ENC_CONTENT_NEW 194
......@@ -816,6 +835,7 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
#define ASN1_F_PKCS7_SIGNED_NEW 199
#define ASN1_F_PKCS7_SIGNER_INFO_NEW 200
#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW 201
#define ASN1_F_PKCS8_PRIV_KEY_INFO_NEW 252
#define ASN1_F_PKEY_USAGE_PERIOD_NEW 240
#define ASN1_F_SXNETID_NEW 244
#define ASN1_F_SXNET_NEW 242
......@@ -852,7 +872,10 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 108
#define ASN1_R_BUFFER_TOO_SMALL 109
#define ASN1_R_DATA_IS_WRONG 110
#define ASN1_R_DECODE_ERROR 155
#define ASN1_R_DECODING_ERROR 111
#define ASN1_R_DEOCDE_ERROR 157
#define ASN1_R_ENCODE_ERROR 156
#define ASN1_R_ERROR_PARSING_SET_ELEMENT 112
#define ASN1_R_EXPECTING_AN_ENUMERATED 154
#define ASN1_R_EXPECTING_AN_INTEGER 113
......
......@@ -81,12 +81,16 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0), "ASN1_INTEGER_set"},
{ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0), "ASN1_INTEGER_to_BN"},
{ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0), "ASN1_OBJECT_new"},
{ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0), "ASN1_pack_string"},
{ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0), "ASN1_seq_pack"},
{ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0), "ASN1_seq_unpack"},
{ERR_PACK(0,ASN1_F_ASN1_SIGN,0), "ASN1_SIGN"},
{ERR_PACK(0,ASN1_F_ASN1_STRING_NEW,0), "ASN1_STRING_new"},
{ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0), "ASN1_STRING_type_new"},
{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"},
{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"},
{ERR_PACK(0,ASN1_F_ASN1_TYPE_NEW,0), "ASN1_TYPE_new"},
{ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"},
{ERR_PACK(0,ASN1_F_ASN1_UTCTIME_NEW,0), "ASN1_UTCTIME_NEW"},
{ERR_PACK(0,ASN1_F_ASN1_VERIFY,0), "ASN1_VERIFY"},
{ERR_PACK(0,ASN1_F_AUTHORITY_KEYID_NEW,0), "AUTHORITY_KEYID_NEW"},
......@@ -122,6 +126,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0), "D2I_NETSCAPE_RSA_2"},
{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0), "D2I_NETSCAPE_SPKAC"},
{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0), "D2I_NETSCAPE_SPKI"},
{ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0), "D2I_PBEPARAM"},
{ERR_PACK(0,ASN1_F_D2I_PKCS7,0), "D2I_PKCS7"},
{ERR_PACK(0,ASN1_F_D2I_PKCS7_DIGEST,0), "D2I_PKCS7_DIGEST"},
{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENCRYPT,0), "D2I_PKCS7_ENCRYPT"},
......@@ -132,6 +137,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNED,0), "D2I_PKCS7_SIGNED"},
{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNER_INFO,0), "D2I_PKCS7_SIGNER_INFO"},
{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,0), "D2I_PKCS7_SIGN_ENVELOPE"},
{ERR_PACK(0,ASN1_F_D2I_PKCS8_PRIV_KEY_INFO,0), "D2I_PKCS8_PRIV_KEY_INFO"},
{ERR_PACK(0,ASN1_F_D2I_PKEY_USAGE_PERIOD,0), "D2I_PKEY_USAGE_PERIOD"},
{ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0), "D2I_PRIVATEKEY"},
{ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0), "D2I_PUBLICKEY"},
......@@ -175,6 +181,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_PACK(0,ASN1_F_NETSCAPE_PKEY_NEW,0), "NETSCAPE_PKEY_NEW"},
{ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0), "NETSCAPE_SPKAC_NEW"},
{ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0), "NETSCAPE_SPKI_NEW"},
{ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0), "PBEPARAM_NEW"},
{ERR_PACK(0,ASN1_F_PKCS7_DIGEST_NEW,0), "PKCS7_DIGEST_NEW"},
{ERR_PACK(0,ASN1_F_PKCS7_ENCRYPT_NEW,0), "PKCS7_ENCRYPT_NEW"},
{ERR_PACK(0,ASN1_F_PKCS7_ENC_CONTENT_NEW,0), "PKCS7_ENC_CONTENT_NEW"},
......@@ -185,6 +192,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_PACK(0,ASN1_F_PKCS7_SIGNED_NEW,0), "PKCS7_SIGNED_NEW"},
{ERR_PACK(0,ASN1_F_PKCS7_SIGNER_INFO_NEW,0), "PKCS7_SIGNER_INFO_NEW"},
{ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0), "PKCS7_SIGN_ENVELOPE_NEW"},
{ERR_PACK(0,ASN1_F_PKCS8_PRIV_KEY_INFO_NEW,0), "PKCS8_PRIV_KEY_INFO_NEW"},
{ERR_PACK(0,ASN1_F_PKEY_USAGE_PERIOD_NEW,0), "PKEY_USAGE_PERIOD_NEW"},
{ERR_PACK(0,ASN1_F_SXNETID_NEW,0), "SXNETID_NEW"},
{ERR_PACK(0,ASN1_F_SXNET_NEW,0), "SXNET_NEW"},
......@@ -224,7 +232,10 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ASN1_R_BOOLEAN_IS_WRONG_LENGTH ,"boolean is wrong length"},
{ASN1_R_BUFFER_TOO_SMALL ,"buffer too small"},
{ASN1_R_DATA_IS_WRONG ,"data is wrong"},
{ASN1_R_DECODE_ERROR ,"decode error"},
{ASN1_R_DECODING_ERROR ,"decoding error"},
{ASN1_R_DEOCDE_ERROR ,"deocde error"},
{ASN1_R_ENCODE_ERROR ,"encode error"},
{ASN1_R_ERROR_PARSING_SET_ELEMENT ,"error parsing set element"},
{ASN1_R_EXPECTING_AN_ENUMERATED ,"expecting an enumerated"},
{ASN1_R_EXPECTING_AN_INTEGER ,"expecting an integer"},
......
/* asn_pack.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include "cryptlib.h"
#include "asn1.h"
/* ASN1 packing and unpacking functions */
/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
STACK *ASN1_seq_unpack(buf, len, d2i, free_func)
unsigned char *buf;
int len;
char *(*d2i)();
void (*free_func)();
{
STACK *sk;
unsigned char *pbuf;
pbuf = buf;
if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
ASN1err(ASN1_F_ASN1_SEQ_UNPACK,ASN1_R_DECODE_ERROR);
return sk;
}
/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
* Malloc'ed buffer
*/
unsigned char *ASN1_seq_pack(safes, i2d, buf, len)
STACK *safes;
int (*i2d)();
unsigned char **buf;
int *len;
{
int safelen;
unsigned char *safe, *p;
if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE,
V_ASN1_UNIVERSAL, IS_SEQUENCE))) {
ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR);
return NULL;
}
if (!(safe = Malloc (safelen))) {
ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE);
return NULL;
}
p = safe;
i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
IS_SEQUENCE);
if (len) *len = safelen;
if (buf) *buf = safe;
return safe;
}
/* Extract an ASN1 object from an ASN1_STRING */
char *ASN1_unpack_string (oct, d2i)
ASN1_STRING *oct;
char *(*d2i)();
{
unsigned char *p, *ret;
p = oct->data;
if(!(ret = d2i(NULL, &p, oct->length)))
ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
return ret;
}
/* Pack an ASN1 object into an ASN1_STRING */
ASN1_STRING *ASN1_pack_string (obj, i2d, oct)
char *obj;
int (*i2d)();
ASN1_STRING **oct;
{
unsigned char *p;
ASN1_STRING *octmp;
if (!oct || !*oct) {
if (!(octmp = ASN1_STRING_new ())) {
ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
return NULL;
}
if (oct) *oct = octmp;
} else octmp = *oct;
if (!(octmp->length = i2d(obj, NULL))) {
ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
return NULL;
}
if (!(p = Malloc (octmp->length))) {
ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
return NULL;
}
octmp->data = p;
i2d (obj, &p);
return octmp;
}
/* p5_pbe.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include "cryptlib.h"
#include "asn1_mac.h"
/* PKCS#5 password based encryption structure */
/*
*ASN1err(ASN1_F_PBEPARAM_NEW,ASN1_R_DEOCDE_ERROR)
*ASN1err(ASN1_F_D2I_PBEPARAM,ASN1_R_DEOCDE_ERROR)
*/
int i2d_PBEPARAM(a, pp)
PBEPARAM *a;
unsigned char **pp;
{
M_ASN1_I2D_vars(a);
M_ASN1_I2D_len (a->salt, i2d_ASN1_OCTET_STRING);
M_ASN1_I2D_len (a->iter, i2d_ASN1_INTEGER);
M_ASN1_I2D_seq_total ();
M_ASN1_I2D_put (a->salt, i2d_ASN1_OCTET_STRING);
M_ASN1_I2D_put (a->iter, i2d_ASN1_INTEGER);
M_ASN1_I2D_finish();
}
PBEPARAM *PBEPARAM_new()
{
PBEPARAM *ret=NULL;
ASN1_CTX c;
M_ASN1_New_Malloc(ret, PBEPARAM);
M_ASN1_New(ret->iter,ASN1_INTEGER_new);
M_ASN1_New(ret->salt,ASN1_OCTET_STRING_new);
return (ret);
M_ASN1_New_Error(ASN1_F_PBEPARAM_NEW);
}
PBEPARAM *d2i_PBEPARAM(a,pp,length)
PBEPARAM **a;
unsigned char **pp;
long length;
{
M_ASN1_D2I_vars(a,PBEPARAM *,PBEPARAM_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
M_ASN1_D2I_get (ret->salt, d2i_ASN1_OCTET_STRING);
M_ASN1_D2I_get (ret->iter, d2i_ASN1_INTEGER);
M_ASN1_D2I_Finish(a, PBEPARAM_free, ASN1_F_D2I_PBEPARAM);
}
void PBEPARAM_free (a)
PBEPARAM *a;
{
if(a==NULL) return;
ASN1_OCTET_STRING_free(a->salt);
ASN1_INTEGER_free (a->iter);
Free ((char *)a);
}
/* p8_pkey.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include "cryptlib.h"
#include "asn1_mac.h"
/*
*ASN1err(ASN1_F_PKCS8_PRIV_KEY_INFO_NEW,ASN1_R_DECODE_ERROR)
*ASN1err(ASN1_F_D2I_PKCS8_PRIV_KEY_INFO,ASN1_R_DECODE_ERROR)
*/
int i2d_PKCS8_PRIV_KEY_INFO (a,pp)
PKCS8_PRIV_KEY_INFO *a;
unsigned char **pp;
{
M_ASN1_I2D_vars(a);
M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER);
M_ASN1_I2D_len (a->pkeyalg, i2d_X509_ALGOR);
M_ASN1_I2D_len (a->pkey, i2d_ASN1_TYPE);
M_ASN1_I2D_len_IMP_SET_opt (a->attributes, i2d_X509_ATTRIBUTE, 0);
M_ASN1_I2D_seq_total ();
M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER);
M_ASN1_I2D_put (a->pkeyalg, i2d_X509_ALGOR);
M_ASN1_I2D_put (a->pkey, i2d_ASN1_TYPE);
M_ASN1_I2D_put_IMP_SET_opt (a->attributes, i2d_X509_ATTRIBUTE, 0);
M_ASN1_I2D_finish();
}
PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new()
{
PKCS8_PRIV_KEY_INFO *ret=NULL;
ASN1_CTX c;
M_ASN1_New_Malloc(ret, PKCS8_PRIV_KEY_INFO);
M_ASN1_New (ret->version, ASN1_INTEGER_new);
M_ASN1_New (ret->pkeyalg, X509_ALGOR_new);
M_ASN1_New (ret->pkey, ASN1_TYPE_new);
ret->attributes = NULL;
ret->broken = PKCS8_OK;
return (ret);
M_ASN1_New_Error(ASN1_F_PKCS8_PRIV_KEY_INFO_NEW);
}
PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(a,pp,length)
PKCS8_PRIV_KEY_INFO **a;
unsigned char **pp;
long length;
{
M_ASN1_D2I_vars(a,PKCS8_PRIV_KEY_INFO *,PKCS8_PRIV_KEY_INFO_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER);
M_ASN1_D2I_get (ret->pkeyalg, d2i_X509_ALGOR);
M_ASN1_D2I_get (ret->pkey, d2i_ASN1_TYPE);
M_ASN1_D2I_get_IMP_set_opt(ret->attributes, d2i_X509_ATTRIBUTE,
X509_ATTRIBUTE_free, 0);
if (ASN1_TYPE_get(ret->pkey) == V_ASN1_SEQUENCE)
ret->broken = PKCS8_NO_OCTET;
M_ASN1_D2I_Finish(a, PKCS8_PRIV_KEY_INFO_free, ASN1_F_D2I_PKCS8_PRIV_KEY_INFO);
}
void PKCS8_PRIV_KEY_INFO_free (a)
PKCS8_PRIV_KEY_INFO *a;
{
if (a == NULL) return;
ASN1_INTEGER_free (a->version);
X509_ALGOR_free(a->pkeyalg);
/* Clear sensitive data */
if (a->pkey->value.octet_string)
memset (a->pkey->value.octet_string->data,
0, a->pkey->value.octet_string->length);
ASN1_TYPE_free (a->pkey);
sk_pop_free (a->attributes, X509_ATTRIBUTE_free);
Free ((char *)a);
}
......@@ -35,7 +35,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c \
m_ripemd.c \
p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
bio_md.c bio_b64.c bio_enc.c $(ERRC).c e_null.c \
c_all.c evp_lib.c bio_ok.c
c_all.c evp_lib.c bio_ok.c evp_pkey.c evp_pbe.c
LIBOBJ= encode.o digest.o evp_enc.o evp_key.o \
e_ecb_d.o e_cbc_d.o e_cfb_d.o e_ofb_d.o \
......@@ -50,7 +50,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o \
m_ripemd.o \
p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
bio_md.o bio_b64.o bio_enc.o $(ERRC).o e_null.o \
c_all.o evp_lib.o bio_ok.o
c_all.o evp_lib.o bio_ok.o evp_pkey.o evp_pbe.o
SRC= $(LIBSRC)
......
......@@ -3,7 +3,14 @@
/* Function codes. */
#define EVP_F_D2I_PKEY 100
#define EVP_F_EVP_DECRYPTFINAL 101
#define EVP_F_EVP_MD_CTX_COPY 110
#define EVP_F_EVP_OPENINIT 102
#define EVP_F_EVP_PBE_ALGOR_CIPHERINIT 114
#define EVP_F_EVP_PBE_ALG_ADD 115
#define EVP_F_EVP_PBE_CIPHERINIT 116
#define EVP_F_EVP_PKCS82PKEY 111
#define EVP_F_EVP_PKCS8_SET_BROKEN 112
#define EVP_F_EVP_PKEY2PKCS8 113
#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103
#define EVP_F_EVP_PKEY_DECRYPT 104
#define EVP_F_EVP_PKEY_ENCRYPT 105
......@@ -11,18 +18,27 @@
#define EVP_F_EVP_SIGNFINAL 107
#define EVP_F_EVP_VERIFYFINAL 108
#define EVP_F_RC2_MAGIC_TO_METH 109
#define EVP_F_EVP_MD_CTX_COPY 110
/* Reason codes. */
#define EVP_R_BAD_DECRYPT 100
#define EVP_R_BN_DECODE_ERROR 112
#define EVP_R_BN_PUBKEY_ERROR 113
#define EVP_R_DECODE_ERROR 114
#define EVP_R_DIFFERENT_KEY_TYPES 101
#define EVP_R_ENCODE_ERROR 115
#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
#define EVP_R_INPUT_NOT_INITALISED 111
#define EVP_R_IV_TOO_LARGE 102
#define EVP_R_KEYGEN_FAILURE 120
#define EVP_R_MISSING_PARMATERS 103
#define EVP_R_NO_DSA_PARAMETERS 116
#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104
#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105
#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117
#define EVP_R_PUBLIC_KEY_NOT_RSA 106
#define EVP_R_UNKNOWN_PBE_ALGORITHM 121
#define EVP_R_UNSUPPORTED_CIPHER 107
#define EVP_R_UNSUPPORTED_KEY_SIZE 108
#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118
#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
#define EVP_R_WRONG_PUBLIC_KEY_TYPE 110
#define EVP_R_INPUT_NOT_INITALISED 111
......@@ -261,6 +261,8 @@ typedef struct env_md_st
int ctx_size; /* how big does the ctx need to be */
} EVP_MD;
#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0}
#ifndef NO_DSA
......@@ -396,6 +398,11 @@ typedef struct evp_Encode_Ctx_st
int expect_nl;
} EVP_ENCODE_CTX;
/* Password based encryption function */
typedef int (EVP_PBE_KEYGEN)(unsigned char *pass, int passlen,
unsigned char *salt, int saltlen, int iter, EVP_CIPHER *cipher,
EVP_MD *md, unsigned char *key, unsigned char *iv);
#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
(char *)(rsa))
#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
......@@ -779,7 +786,14 @@ int EVP_CIPHER_get_asn1_iv();
/* Function codes. */
#define EVP_F_D2I_PKEY 100
#define EVP_F_EVP_DECRYPTFINAL 101
#define EVP_F_EVP_MD_CTX_COPY 110
#define EVP_F_EVP_OPENINIT 102
#define EVP_F_EVP_PBE_ALGOR_CIPHERINIT 114
#define EVP_F_EVP_PBE_ALG_ADD 115
#define EVP_F_EVP_PBE_CIPHERINIT 116
#define EVP_F_EVP_PKCS82PKEY 111
#define EVP_F_EVP_PKCS8_SET_BROKEN 112
#define EVP_F_EVP_PKEY2PKCS8 113
#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103
#define EVP_F_EVP_PKEY_DECRYPT 104
#define EVP_F_EVP_PKEY_ENCRYPT 105
......@@ -787,21 +801,30 @@ int EVP_CIPHER_get_asn1_iv();
#define EVP_F_EVP_SIGNFINAL 107
#define EVP_F_EVP_VERIFYFINAL 108
#define EVP_F_RC2_MAGIC_TO_METH 109
#define EVP_F_EVP_MD_CTX_COPY 110
/* Reason codes. */
#define EVP_R_BAD_DECRYPT 100
#define EVP_R_BN_DECODE_ERROR 112
#define EVP_R_BN_PUBKEY_ERROR 113
#define EVP_R_DECODE_ERROR 114
#define EVP_R_DIFFERENT_KEY_TYPES 101
#define EVP_R_ENCODE_ERROR 115
#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
#define EVP_R_INPUT_NOT_INITALISED 111
#define EVP_R_IV_TOO_LARGE 102
#define EVP_R_KEYGEN_FAILURE 120
#define EVP_R_MISSING_PARMATERS 103
#define EVP_R_NO_DSA_PARAMETERS 116
#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104
#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105
#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117
#define EVP_R_PUBLIC_KEY_NOT_RSA 106
#define EVP_R_UNKNOWN_PBE_ALGORITHM 121
#define EVP_R_UNSUPPORTED_CIPHER 107
#define EVP_R_UNSUPPORTED_KEY_SIZE 108
#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118
#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
#define EVP_R_WRONG_PUBLIC_KEY_TYPE 110
#define EVP_R_INPUT_NOT_INITALISED 111
#ifdef __cplusplus
}
......
......@@ -65,7 +65,14 @@ static ERR_STRING_DATA EVP_str_functs[]=
{
{ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"},
{ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"},
{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"},
{ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"},
{ERR_PACK(0,EVP_F_EVP_PBE_ALGOR_CIPHERINIT,0), "EVP_PBE_ALGOR_CIPHERINIT"},
{ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_ALG_ADD"},
{ERR_PACK(0,EVP_F_EVP_PBE_CIPHERINIT,0), "EVP_PBE_CIPHERINIT"},
{ERR_PACK(0,EVP_F_EVP_PKCS82PKEY,0), "EVP_PKCS82PKEY"},
{ERR_PACK(0,EVP_F_EVP_PKCS8_SET_BROKEN,0), "EVP_PKCS8_SET_BROKEN"},
{ERR_PACK(0,EVP_F_EVP_PKEY2PKCS8,0), "EVP_PKEY2PKCS8"},
{ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0), "EVP_PKEY_copy_parameters"},
{ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0), "EVP_PKEY_decrypt"},
{ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0), "EVP_PKEY_encrypt"},
......@@ -73,24 +80,33 @@ static ERR_STRING_DATA EVP_str_functs[]=
{ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0), "EVP_SignFinal"},
{ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0), "EVP_VerifyFinal"},
{ERR_PACK(0,EVP_F_RC2_MAGIC_TO_METH,0), "RC2_MAGIC_TO_METH"},
{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"},
{0,NULL},
};
static ERR_STRING_DATA EVP_str_reasons[]=
{
{EVP_R_BAD_DECRYPT ,"bad decrypt"},
{EVP_R_BN_DECODE_ERROR ,"bn decode error"},
{EVP_R_BN_PUBKEY_ERROR ,"bn pubkey error"},
{EVP_R_DECODE_ERROR ,"decode error"},
{EVP_R_DIFFERENT_KEY_TYPES ,"different key types"},
{EVP_R_ENCODE_ERROR ,"encode error"},
{EVP_R_EVP_PBE_CIPHERINIT_ERROR ,"evp pbe cipherinit error"},
{EVP_R_INPUT_NOT_INITALISED ,"input not initalised"},
{EVP_R_IV_TOO_LARGE ,"iv too large"},
{EVP_R_KEYGEN_FAILURE ,"keygen failure"},
{EVP_R_MISSING_PARMATERS ,"missing parmaters"},
{EVP_R_NO_DSA_PARAMETERS ,"no dsa parameters"},
{EVP_R_NO_SIGN_FUNCTION_CONFIGURED ,"no sign function configured"},
{EVP_R_NO_VERIFY_FUNCTION_CONFIGURED ,"no verify function configured"},
{EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE ,"pkcs8 unknown broken type"},
{EVP_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"},
{EVP_R_UNKNOWN_PBE_ALGORITHM ,"unknown pbe algorithm"},
{EVP_R_UNSUPPORTED_CIPHER ,"unsupported cipher"},
{EVP_R_UNSUPPORTED_KEY_SIZE ,"unsupported key size"},
{EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ,"unsupported private key algorithm"},
{EVP_R_WRONG_FINAL_BLOCK_LENGTH ,"wrong final block length"},
{EVP_R_WRONG_PUBLIC_KEY_TYPE ,"wrong public key type"},
{EVP_R_INPUT_NOT_INITALISED ,"input not initalised"},
{0,NULL},
};
......
/* p12_pbop.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include "evp.h"
#include "x509.h"
#include "cryptlib.h"
/* Password based encryption (PBE) functions */
static STACK *pbe_algs;
/* Setup a cipher context from a PBE algorithm */
typedef struct {
int pbe_nid;
EVP_CIPHER *cipher;
EVP_MD *md;
EVP_PBE_KEYGEN *keygen;
} EVP_PBE_CTL;
int EVP_PBE_CipherInit (pbe_obj, pass, passlen, salt, saltlen, iter, ctx, en_de)
ASN1_OBJECT *pbe_obj;
int passlen, saltlen, iter;
unsigned char *pass, *salt;
EVP_CIPHER_CTX *ctx;
int en_de;
{
EVP_PBE_CTL *pbetmp, pbelu;
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
int i;
pbelu.pbe_nid = OBJ_obj2nid(pbe_obj);
if ((pbelu.pbe_nid != NID_undef) && pbe_algs)
i = sk_find (pbe_algs, (char *)&pbelu);
else i = -1;
if (i == -1) {
char obj_tmp[80];
EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
if (!pbe_obj) strcpy (obj_tmp, "NULL");
else i2t_ASN1_OBJECT(obj_tmp, 80, pbe_obj);
ERR_add_error_data(2, "TYPE=", obj_tmp);
return 0;
}
if (passlen == -1) passlen = strlen(pass);
pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i);
i = (*pbetmp->keygen)(pass, passlen, salt, saltlen, iter,
pbetmp->cipher, pbetmp->md, key, iv);
if (!i) {
EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE);
return 0;
}
EVP_CipherInit (ctx, pbetmp->cipher, key, iv, en_de);
return 1;
}
/* Setup a PBE algorithm but take most parameters from AlgorithmIdentifier */
int EVP_PBE_ALGOR_CipherInit (algor, pass, passlen, ctx, en_de)
X509_ALGOR *algor;
unsigned char *pass;
int passlen;
EVP_CIPHER_CTX *ctx;
int en_de;
{
PBEPARAM *pbe;
int saltlen, iter;
unsigned char *salt, *pbuf;
/* Extract useful info from algor */
pbuf = (char *) algor->parameter->value.sequence->data;
if (!(pbe = d2i_PBEPARAM (NULL, &pbuf,
algor->parameter->value.sequence->length))) {
EVPerr(EVP_F_EVP_PBE_ALGOR_CIPHERINIT,EVP_R_DECODE_ERROR);
return 0;
}
if (!pbe->iter) iter = 1;
else iter = ASN1_INTEGER_get (pbe->iter);
salt = pbe->salt->data;
saltlen = pbe->salt->length;
if (!(EVP_PBE_CipherInit (algor->algorithm, pass, passlen, salt,
saltlen, iter, ctx, en_de))) {
EVPerr(EVP_F_EVP_PBE_ALGOR_CIPHERINIT,EVP_R_EVP_PBE_CIPHERINIT_ERROR);
PBEPARAM_free(pbe);
return 0;
}
PBEPARAM_free(pbe);
return 1;
}
static int pbe_cmp (pbe1, pbe2)
EVP_PBE_CTL **pbe1, **pbe2;
{
return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid);
}
/* Add a PBE algorithm */
int EVP_PBE_alg_add (nid, cipher, md, keygen)
int nid;
EVP_CIPHER *cipher;
EVP_MD *md;
EVP_PBE_KEYGEN *keygen;
{
EVP_PBE_CTL *pbe_tmp;
if (!pbe_algs) pbe_algs = sk_new (pbe_cmp);
if (!(pbe_tmp = (EVP_PBE_CTL*) Malloc (sizeof(EVP_PBE_CTL)))) {
EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
return 0;
}
pbe_tmp->pbe_nid = nid;
pbe_tmp->cipher = cipher;
pbe_tmp->md = md;
pbe_tmp->keygen = keygen;
sk_push (pbe_algs, (char *)pbe_tmp);
return 1;
}
/* evp_pkey.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <stdlib.h>
#include "cryptlib.h"
#include "x509.h"
#include "rand.h"
/* Extract a private key from a PKCS8 structure */
EVP_PKEY *EVP_PKCS82PKEY (p8)
PKCS8_PRIV_KEY_INFO *p8;
{
EVP_PKEY *pkey;
RSA *rsa;
DSA *dsa;
ASN1_INTEGER *dsapriv;
X509_ALGOR *a;
STACK *ndsa;
BN_CTX *ctx;
unsigned char *p;
int plen, pkeylen;
char obj_tmp[80];
switch (p8->broken) {
case PKCS8_OK:
p = p8->pkey->value.octet_string->data;
pkeylen = p8->pkey->value.octet_string->length;
break;
case PKCS8_NO_OCTET:
p = p8->pkey->value.sequence->data;
pkeylen = p8->pkey->value.sequence->length;
break;
default:
EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
return NULL;
break;
}
if (!(pkey = EVP_PKEY_new())) {
EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
return NULL;
}
a = p8->pkeyalg;
switch (OBJ_obj2nid(a->algorithm))
{
case NID_rsaEncryption:
if (!(rsa = d2i_RSAPrivateKey (NULL, &p, pkeylen))) {
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
return NULL;
}
EVP_PKEY_assign_RSA (pkey, rsa);
break;
case NID_dsa:
/* PKCS#8 DSA is weird: you just get a private key integer
* and parameters in the AlgorithmIdentifier the pubkey must
* be recalculated.
*/
/* Check for broken Netscape Database DSA PKCS#8, UGH! */
if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
if(!(ndsa = ASN1_seq_unpack(p, pkeylen,
(char *(*)())d2i_ASN1_INTEGER,
ASN1_STRING_free))) {
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
return NULL;
}
if(sk_num(ndsa) != 2 ) {
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
sk_pop_free(ndsa, ASN1_STRING_free);
return NULL;
}
dsapriv = (ASN1_INTEGER *) sk_pop(ndsa);
sk_pop_free(ndsa, ASN1_STRING_free);
} else if (!(dsapriv=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
return NULL;
}
/* Retrieve parameters */
if (a->parameter->type != V_ASN1_SEQUENCE) {
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_NO_DSA_PARAMETERS);
return NULL;
}
p = a->parameter->value.sequence->data;
plen = a->parameter->value.sequence->length;
if (!(dsa = d2i_DSAparams (NULL, &p, plen))) {
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
return NULL;
}
/* We have parameters now set private key */
if (!(dsa->priv_key = ASN1_INTEGER_to_BN(dsapriv, NULL))) {
EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
DSA_free (dsa);
return NULL;
}
/* Calculate public key (ouch!) */
if (!(dsa->pub_key = BN_new())) {
EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
DSA_free (dsa);
return NULL;
}
if (!(ctx = BN_CTX_new())) {
EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
DSA_free (dsa);
return NULL;
}
if (!BN_mod_exp(dsa->pub_key, dsa->g,
dsa->priv_key, dsa->p, ctx)) {
EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
BN_CTX_free (ctx);
DSA_free (dsa);
return NULL;
}
EVP_PKEY_assign_DSA (pkey, dsa);
BN_CTX_free (ctx);
break;
default:
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
if (!a->algorithm) strcpy (obj_tmp, "NULL");
else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
ERR_add_error_data(2, "TYPE=", obj_tmp);
EVP_PKEY_free (pkey);
return NULL;
}
return pkey;
}
/* Turn a private key into a PKCS8 structure */
PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(pkey)
EVP_PKEY *pkey;
{
PKCS8_PRIV_KEY_INFO *p8;
ASN1_INTEGER *dpkey;
unsigned char *p, *q;
int len;
if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
return NULL;
}
ASN1_INTEGER_set (p8->version, 0);
if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
PKCS8_PRIV_KEY_INFO_free (p8);
return NULL;
}
switch (EVP_PKEY_type(pkey->type)) {
case EVP_PKEY_RSA:
p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
p8->pkeyalg->parameter->type = V_ASN1_NULL;
if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,
&p8->pkey->value.octet_string)) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
PKCS8_PRIV_KEY_INFO_free (p8);
return NULL;
}
break;
case EVP_PKEY_DSA:
p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
/* get paramaters and place in AlgorithmIdentifier */
len = i2d_DSAparams (pkey->pkey.dsa, NULL);
if (!(p = Malloc(len))) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
PKCS8_PRIV_KEY_INFO_free (p8);
return NULL;
}
q = p;
i2d_DSAparams (pkey->pkey.dsa, &q);
p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
p8->pkeyalg->parameter->value.sequence = ASN1_STRING_new();
ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, len);
Free(p);
/* Get private key into an integer and pack */
if (!(dpkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
PKCS8_PRIV_KEY_INFO_free (p8);
return NULL;
}
if (!ASN1_pack_string((char *)dpkey, i2d_ASN1_INTEGER,
&p8->pkey->value.octet_string)) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
ASN1_INTEGER_free (dpkey);
PKCS8_PRIV_KEY_INFO_free (p8);
return NULL;
}
ASN1_INTEGER_free (dpkey);
break;
default:
EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
PKCS8_PRIV_KEY_INFO_free (p8);
return NULL;
}
p8->pkey->type = V_ASN1_OCTET_STRING;
RAND_seed (p8->pkey->value.octet_string->data,
p8->pkey->value.octet_string->length);
return p8;
}
PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(p8, broken)
PKCS8_PRIV_KEY_INFO *p8;
int broken;
{
switch (broken) {
case PKCS8_OK:
p8->broken = PKCS8_OK;
return p8;
break;
case PKCS8_NO_OCTET:
p8->broken = PKCS8_NO_OCTET;
p8->pkey->type = V_ASN1_SEQUENCE;
return p8;
break;
default:
EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
return NULL;
break;
}
}
......@@ -337,6 +337,26 @@ typedef struct CBCParameter_st
unsigned char iv[8];
} CBC_PARAM;
/* Password based encryption structure */
typedef struct PBEPARAM_st {
ASN1_OCTET_STRING *salt;
ASN1_INTEGER *iter;
} PBEPARAM;
/* PKCS#8 private key info structure */
typedef struct pkcs8_priv_key_info_st
{
int broken; /* Flag for various broken formats */
#define PKCS8_OK 0
#define PKCS8_NO_OCTET 1
ASN1_INTEGER *version;
X509_ALGOR *pkeyalg;
ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
STACK *attributes;
} PKCS8_PRIV_KEY_INFO;
#include "x509_vfy.h"
#include "pkcs7.h"
......@@ -839,6 +859,30 @@ X509 *X509_find_by_issuer_and_serial(STACK *sk,X509_NAME *name,
ASN1_INTEGER *serial);
X509 *X509_find_by_subject(STACK *sk,X509_NAME *name);
int i2d_PBEPARAM(PBEPARAM *a, unsigned char **pp);
PBEPARAM *PBEPARAM_new(void);
PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, unsigned char **pp, long length);
void PBEPARAM_free(PBEPARAM *a);
/* PKCS#8 utilities */
int i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **pp);
PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void);
PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a,
unsigned char **pp, long length);
void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a);
EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
/* Password based encryption routines */
int EVP_PBE_ALGOR_CipherInit(X509_ALGOR *algor, unsigned char *pass,
int passlen, EVP_CIPHER_CTX *ctx, int en_de);
int EVP_PBE_alg_add(int nid, EVP_CIPHER *cipher, EVP_MD *md,
EVP_PBE_KEYGEN *keygen);
#else
#ifndef SSLEAY_MACROS
......@@ -1138,6 +1182,23 @@ char * X509_verify_cert_error_string();
X509 *X509_find_by_issuer_and_serial();
X509 *X509_find_by_subject();
int i2d_PBEPARAM();
PBEPARAM *PBEPARAM_new();
PBEPARAM *d2i_PBEPARAM();
void PBEPARAM_free();
int i2d_PKCS8_PRIV_KEY_INFO();
PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new();
PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO();
void PKCS8_PRIV_KEY_INFO_free();
EVP_PKEY *EVP_PKCS82PKEY();
PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8();
PKCS8_PRIV_KEY_INFO *PKCS8_set_broken();
int EVP_PBE_ALGOR_CipherInit();
int EVP_PBE_alg_add();
#endif
/* BEGIN ERROR CODES */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册