Loading CHANGES +3 −1 Original line number Diff line number Diff line Loading @@ -6,7 +6,9 @@ *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC. Reorganize PBE internals to lookup from a static table using NIDs, add support for HMAC PBE OID translation. add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl: EVP_CTRL_PBE_PRF_NID this allows a cipher to specify an alternative PRF which will be automatically used with PBES2. [Steve Henson] *) Replace the algorithm specific calls to generate keys in "req" with the Loading crypto/asn1/p5_pbev2.c +17 −2 Original line number Diff line number Diff line Loading @@ -95,6 +95,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, PBE2PARAM *pbe2 = NULL; ASN1_OCTET_STRING *osalt = NULL; ASN1_OBJECT *obj; int prf_nid; alg_nid = EVP_CIPHER_type(cipher); if(alg_nid == NID_undef) { Loading @@ -119,7 +120,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, EVP_CIPHER_CTX_init(&ctx); /* Dummy cipherinit to just setup the IV */ /* Dummy cipherinit to just setup the IV, and PRF */ EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0); if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { ASN1err(ASN1_F_PKCS5_PBE2_SET, Loading @@ -127,6 +128,12 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, EVP_CIPHER_CTX_cleanup(&ctx); goto err; } /* An error is OK here: just means use default PRF */ if (EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { ERR_clear_error(); prf_nid = NID_hmacWithSHA1; } EVP_CIPHER_CTX_cleanup(&ctx); if(!(kdf = PBKDF2PARAM_new())) goto merr; Loading Loading @@ -154,7 +161,15 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, EVP_CIPHER_key_length(cipher))) goto merr; } /* prf can stay NULL because we are using hmacWithSHA1 */ /* prf can stay NULL if we are using hmacWithSHA1 */ if (prf_nid != NID_hmacWithSHA1) { kdf->prf = X509_ALGOR_new(); if (!kdf->prf) goto merr; X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), V_ASN1_NULL, NULL); } /* Now setup the PBE2PARAM keyfunc structure */ Loading crypto/evp/e_rc2.c +5 −0 Original line number Diff line number Diff line Loading @@ -223,6 +223,11 @@ static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 1; } return 0; #if PBE_PRF_TEST case EVP_CTRL_PBE_PRF_NID: *(int *)ptr = NID_hmacWithMD5; return 1; #endif default: return -1; Loading crypto/evp/evp.h +1 −0 Original line number Diff line number Diff line Loading @@ -301,6 +301,7 @@ struct evp_cipher_st #define EVP_CTRL_GET_RC5_ROUNDS 0x4 #define EVP_CTRL_SET_RC5_ROUNDS 0x5 #define EVP_CTRL_RAND_KEY 0x6 #define EVP_CTRL_PBE_PRF_NID 0x7 typedef struct evp_cipher_info_st { Loading Loading
CHANGES +3 −1 Original line number Diff line number Diff line Loading @@ -6,7 +6,9 @@ *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC. Reorganize PBE internals to lookup from a static table using NIDs, add support for HMAC PBE OID translation. add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl: EVP_CTRL_PBE_PRF_NID this allows a cipher to specify an alternative PRF which will be automatically used with PBES2. [Steve Henson] *) Replace the algorithm specific calls to generate keys in "req" with the Loading
crypto/asn1/p5_pbev2.c +17 −2 Original line number Diff line number Diff line Loading @@ -95,6 +95,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, PBE2PARAM *pbe2 = NULL; ASN1_OCTET_STRING *osalt = NULL; ASN1_OBJECT *obj; int prf_nid; alg_nid = EVP_CIPHER_type(cipher); if(alg_nid == NID_undef) { Loading @@ -119,7 +120,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, EVP_CIPHER_CTX_init(&ctx); /* Dummy cipherinit to just setup the IV */ /* Dummy cipherinit to just setup the IV, and PRF */ EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0); if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { ASN1err(ASN1_F_PKCS5_PBE2_SET, Loading @@ -127,6 +128,12 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, EVP_CIPHER_CTX_cleanup(&ctx); goto err; } /* An error is OK here: just means use default PRF */ if (EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { ERR_clear_error(); prf_nid = NID_hmacWithSHA1; } EVP_CIPHER_CTX_cleanup(&ctx); if(!(kdf = PBKDF2PARAM_new())) goto merr; Loading Loading @@ -154,7 +161,15 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, EVP_CIPHER_key_length(cipher))) goto merr; } /* prf can stay NULL because we are using hmacWithSHA1 */ /* prf can stay NULL if we are using hmacWithSHA1 */ if (prf_nid != NID_hmacWithSHA1) { kdf->prf = X509_ALGOR_new(); if (!kdf->prf) goto merr; X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), V_ASN1_NULL, NULL); } /* Now setup the PBE2PARAM keyfunc structure */ Loading
crypto/evp/e_rc2.c +5 −0 Original line number Diff line number Diff line Loading @@ -223,6 +223,11 @@ static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 1; } return 0; #if PBE_PRF_TEST case EVP_CTRL_PBE_PRF_NID: *(int *)ptr = NID_hmacWithMD5; return 1; #endif default: return -1; Loading
crypto/evp/evp.h +1 −0 Original line number Diff line number Diff line Loading @@ -301,6 +301,7 @@ struct evp_cipher_st #define EVP_CTRL_GET_RC5_ROUNDS 0x4 #define EVP_CTRL_SET_RC5_ROUNDS 0x5 #define EVP_CTRL_RAND_KEY 0x6 #define EVP_CTRL_PBE_PRF_NID 0x7 typedef struct evp_cipher_info_st { Loading
