1 files changed, 118 insertions, 60 deletions

diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c
index 5054f0c4..73ba4a3d 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c
@@ -83,24 +83,24 @@ IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
 
 /*
  * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: yes I know
- * this is horrible!
+ * this is horrible! Extended version to allow application supplied PRF NID
+ * and IV.
  */
 
-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
-                           unsigned char *salt, int saltlen)
+X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
+                              unsigned char *salt, int saltlen,
+                              unsigned char *aiv, int prf_nid)
 {
     X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
-    int alg_nid;
+    int alg_nid, keylen;
     EVP_CIPHER_CTX ctx;
     unsigned char iv[EVP_MAX_IV_LENGTH];
-    PBKDF2PARAM *kdf = NULL;
     PBE2PARAM *pbe2 = NULL;
-    ASN1_OCTET_STRING *osalt = NULL;
     ASN1_OBJECT *obj;
 
     alg_nid = EVP_CIPHER_type(cipher);
     if (alg_nid == NID_undef) {
-        ASN1err(ASN1_F_PKCS5_PBE2_SET,
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
                 ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
         goto err;
     }
@@ -117,31 +117,112 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
         goto merr;
 
     /* Create random IV */
-    if (EVP_CIPHER_iv_length(cipher) &&
-        RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
-        goto err;
+    if (EVP_CIPHER_iv_length(cipher)) {
+        if (aiv)
+            memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
+        else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+            goto err;
+    }
 
     EVP_CIPHER_CTX_init(&ctx);
 
-    /* Dummy cipherinit to just setup the IV */
-    EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
+    /* Dummy cipherinit to just setup the IV, and PRF */
+    if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
+        goto err;
     if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
-        ASN1err(ASN1_F_PKCS5_PBE2_SET, ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
         EVP_CIPHER_CTX_cleanup(&ctx);
         goto err;
     }
+    /*
+     * If prf NID unspecified see if cipher has a preference. An error is OK
+     * here: just means use default PRF.
+     */
+    if ((prf_nid == -1) &&
+        EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
+        ERR_clear_error();
+        prf_nid = NID_hmacWithSHA1;
+    }
     EVP_CIPHER_CTX_cleanup(&ctx);
 
+    /* If its RC2 then we'd better setup the key length */
+
+    if (alg_nid == NID_rc2_cbc)
+        keylen = EVP_CIPHER_key_length(cipher);
+    else
+        keylen = -1;
+
+    /* Setup keyfunc */
+
+    X509_ALGOR_free(pbe2->keyfunc);
+
+    pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);
+
+    if (!pbe2->keyfunc)
+        goto merr;
+
+    /* Now set up top level AlgorithmIdentifier */
+
+    if (!(ret = X509_ALGOR_new()))
+        goto merr;
+    if (!(ret->parameter = ASN1_TYPE_new()))
+        goto merr;
+
+    ret->algorithm = OBJ_nid2obj(NID_pbes2);
+
+    /* Encode PBE2PARAM into parameter */
+
+    if (!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),
+                        &ret->parameter->value.sequence))
+         goto merr;
+    ret->parameter->type = V_ASN1_SEQUENCE;
+
+    PBE2PARAM_free(pbe2);
+    pbe2 = NULL;
+
+    return ret;
+
+ merr:
+    ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE);
+
+ err:
+    PBE2PARAM_free(pbe2);
+    /* Note 'scheme' is freed as part of pbe2 */
+    X509_ALGOR_free(kalg);
+    X509_ALGOR_free(ret);
+
+    return NULL;
+
+}
+
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+                           unsigned char *salt, int saltlen)
+{
+    return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
+}
+
+X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
+                             int prf_nid, int keylen)
+{
+    X509_ALGOR *keyfunc = NULL;
+    PBKDF2PARAM *kdf = NULL;
+    ASN1_OCTET_STRING *osalt = NULL;
+
     if (!(kdf = PBKDF2PARAM_new()))
         goto merr;
     if (!(osalt = M_ASN1_OCTET_STRING_new()))
         goto merr;
 
+    kdf->salt->value.octet_string = osalt;
+    kdf->salt->type = V_ASN1_OCTET_STRING;
+
     if (!saltlen)
         saltlen = PKCS5_SALT_LEN;
     if (!(osalt->data = OPENSSL_malloc(saltlen)))
         goto merr;
+
     osalt->length = saltlen;
+
     if (salt)
         memcpy(osalt->data, salt, saltlen);
     else if (RAND_pseudo_bytes(osalt->data, saltlen) < 0)
@@ -149,74 +230,51 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
 
     if (iter <= 0)
         iter = PKCS5_DEFAULT_ITER;
+
     if (!ASN1_INTEGER_set(kdf->iter, iter))
         goto merr;
 
-    /* Now include salt in kdf structure */
-    kdf->salt->value.octet_string = osalt;
-    kdf->salt->type = V_ASN1_OCTET_STRING;
-    osalt = NULL;
-
-    /* If its RC2 then we'd better setup the key length */
+    /* If have a key len set it up */
 
-    if (alg_nid == NID_rc2_cbc) {
+    if (keylen > 0) {
         if (!(kdf->keylength = M_ASN1_INTEGER_new()))
             goto merr;
-        if (!ASN1_INTEGER_set(kdf->keylength, EVP_CIPHER_key_length(cipher)))
+        if (!ASN1_INTEGER_set(kdf->keylength, keylen))
             goto merr;
     }
 
-    /* prf can stay NULL because we are using hmacWithSHA1 */
-
-    /* Now setup the PBE2PARAM keyfunc structure */
-
-    pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
+    /* prf can stay NULL if we are using hmacWithSHA1 */
+    if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) {
+        kdf->prf = X509_ALGOR_new();
+        if (!kdf->prf)
+            goto merr;
+        X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), V_ASN1_NULL, NULL);
+    }
 
-    /* Encode PBKDF2PARAM into parameter of pbe2 */
+    /* Finally setup the keyfunc structure */
 
-    if (!(pbe2->keyfunc->parameter = ASN1_TYPE_new()))
+    keyfunc = X509_ALGOR_new();
+    if (!keyfunc)
         goto merr;
 
-    if (!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM,
-                             &pbe2->keyfunc->parameter->value.sequence))
-         goto merr;
-    pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
-
-    PBKDF2PARAM_free(kdf);
-    kdf = NULL;
+    keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
 
-    /* Now set up top level AlgorithmIdentifier */
+    /* Encode PBKDF2PARAM into parameter of pbe2 */
 
-    if (!(ret = X509_ALGOR_new()))
-        goto merr;
-    if (!(ret->parameter = ASN1_TYPE_new()))
+    if (!(keyfunc->parameter = ASN1_TYPE_new()))
         goto merr;
 
-    ret->algorithm = OBJ_nid2obj(NID_pbes2);
-
-    /* Encode PBE2PARAM into parameter */
-
-    if (!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM,
-                             &ret->parameter->value.sequence))
+    if (!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
+                        &keyfunc->parameter->value.sequence))
          goto merr;
-    ret->parameter->type = V_ASN1_SEQUENCE;
-
-    PBE2PARAM_free(pbe2);
-    pbe2 = NULL;
+    keyfunc->parameter->type = V_ASN1_SEQUENCE;
 
-    return ret;
+    PBKDF2PARAM_free(kdf);
+    return keyfunc;
 
  merr:
-    ASN1err(ASN1_F_PKCS5_PBE2_SET, ERR_R_MALLOC_FAILURE);
-
- err:
-    PBE2PARAM_free(pbe2);
-    /* Note 'scheme' is freed as part of pbe2 */
-    M_ASN1_OCTET_STRING_free(osalt);
+    ASN1err(ASN1_F_PKCS5_PBKDF2_SET, ERR_R_MALLOC_FAILURE);
     PBKDF2PARAM_free(kdf);
-    X509_ALGOR_free(kalg);
-    X509_ALGOR_free(ret);
-
+    X509_ALGOR_free(keyfunc);
     return NULL;
-
 }