evp_pbe.c@ 100908

最後變更在這個檔案從100908是 99366,由 vboxsync 提交於 22 月前
openssl-3.1.0: Applied and adjusted our OpenSSL changes to 3.0.7. bugref:10418
檔案大小: 9.7 KB

行
1	/*
2	* Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include <stdio.h>
11	#include "internal/cryptlib.h"
12	#include <openssl/evp.h>
13	#include <openssl/core.h>
14	#include <openssl/core_names.h>
15	#include <openssl/pkcs12.h>
16	#include <openssl/x509.h>
17	#include "crypto/evp.h"
18	#include "evp_local.h"
19
20	/* Password based encryption (PBE) functions */
21
22	/* Setup a cipher context from a PBE algorithm */
23
24	struct evp_pbe_st {
25	int pbe_type;
26	int pbe_nid;
27	int cipher_nid;
28	int md_nid;
29	EVP_PBE_KEYGEN *keygen;
30	EVP_PBE_KEYGEN_EX *keygen_ex;
31	};
32
33	static STACK_OF(EVP_PBE_CTL) *pbe_algs;
34
35	static const EVP_PBE_CTL builtin_pbe[] = {
36	{EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC,
37	NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
38	{EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC,
39	NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
40	{EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
41	NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
42
43	{EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
44
45	{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4,
46	NID_rc4, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex},
47	{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4,
48	NID_rc4_40, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex},
49	{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
50	NID_des_ede3_cbc, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex},
51	{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
52	NID_des_ede_cbc, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex},
53	{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC2_CBC,
54	NID_rc2_cbc, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex},
55	{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC,
56	NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex},
57
58	{EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen, &PKCS5_v2_PBE_keyivgen_ex},
59
60	{EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC,
61	NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
62	{EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC,
63	NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
64	{EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC,
65	NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
66
67	{EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0},
68	{EVP_PBE_TYPE_PRF, NID_hmac_md5, -1, NID_md5, 0},
69	{EVP_PBE_TYPE_PRF, NID_hmac_sha1, -1, NID_sha1, 0},
70	{EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0},
71	{EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0},
72	{EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0},
73	{EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
74	{EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
75	{EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
76	{EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_256, -1,
77	NID_id_GostR3411_2012_256, 0},
78	{EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_512, -1,
79	NID_id_GostR3411_2012_512, 0},
80	{EVP_PBE_TYPE_PRF, NID_hmac_sha3_224, -1, NID_sha3_224, 0},
81	{EVP_PBE_TYPE_PRF, NID_hmac_sha3_256, -1, NID_sha3_256, 0},
82	{EVP_PBE_TYPE_PRF, NID_hmac_sha3_384, -1, NID_sha3_384, 0},
83	{EVP_PBE_TYPE_PRF, NID_hmac_sha3_512, -1, NID_sha3_512, 0},
84	{EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_224, -1, NID_sha512_224, 0},
85	{EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_256, -1, NID_sha512_256, 0},
86	{EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen, &PKCS5_v2_PBKDF2_keyivgen_ex},
87	#ifndef OPENSSL_NO_SCRYPT
88	{EVP_PBE_TYPE_KDF, NID_id_scrypt, -1, -1, PKCS5_v2_scrypt_keyivgen, &PKCS5_v2_scrypt_keyivgen_ex}
89	#endif
90	};
91
92
93	int EVP_PBE_CipherInit_ex(ASN1_OBJECT pbe_obj, const char pass, int passlen,
94	ASN1_TYPE param, EVP_CIPHER_CTX ctx, int en_de,
95	OSSL_LIB_CTX libctx, const char propq)
96	{
97	const EVP_CIPHER *cipher = NULL;
98	EVP_CIPHER *cipher_fetch = NULL;
99	const EVP_MD *md = NULL;
100	EVP_MD *md_fetch = NULL;
101	int ret = 0, cipher_nid, md_nid;
102	EVP_PBE_KEYGEN_EX *keygen_ex;
103	EVP_PBE_KEYGEN *keygen;
104
105	if (!EVP_PBE_find_ex(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj),
106	&cipher_nid, &md_nid, &keygen, &keygen_ex)) {
107	char obj_tmp[80];
108
109	if (pbe_obj == NULL)
110	OPENSSL_strlcpy(obj_tmp, "NULL", sizeof(obj_tmp));
111	else
112	i2t_ASN1_OBJECT(obj_tmp, sizeof(obj_tmp), pbe_obj);
113	ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_PBE_ALGORITHM,
114	"TYPE=%s", obj_tmp);
115	goto err;
116	}
117
118	if (pass == NULL)
119	passlen = 0;
120	else if (passlen == -1)
121	passlen = strlen(pass);
122
123	if (cipher_nid != -1) {
124	(void)ERR_set_mark();
125	cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(cipher_nid), propq);
126	/* Fallback to legacy method */
127	if (cipher == NULL)
128	cipher = EVP_get_cipherbynid(cipher_nid);
129	if (cipher == NULL) {
130	(void)ERR_clear_last_mark();
131	ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_CIPHER,
132	OBJ_nid2sn(cipher_nid));
133	goto err;
134	}
135	(void)ERR_pop_to_mark();
136	}
137
138	if (md_nid != -1) {
139	(void)ERR_set_mark();
140	md = md_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(md_nid), propq);
141	/* Fallback to legacy method */
142	if (md == NULL)
143	EVP_get_digestbynid(md_nid);
144
145	if (md == NULL) {
146	(void)ERR_clear_last_mark();
147	ERR_raise(ERR_LIB_EVP, EVP_R_UNKNOWN_DIGEST);
148	goto err;
149	}
150	(void)ERR_pop_to_mark();
151	}
152
153	/* Try extended keygen with libctx/propq first, fall back to legacy keygen */
154	if (keygen_ex != NULL)
155	ret = keygen_ex(ctx, pass, passlen, param, cipher, md, en_de, libctx, propq);
156	else
157	ret = keygen(ctx, pass, passlen, param, cipher, md, en_de);
158
159	err:
160	EVP_CIPHER_free(cipher_fetch);
161	EVP_MD_free(md_fetch);
162
163	return ret;
164	}
165
166	int EVP_PBE_CipherInit(ASN1_OBJECT pbe_obj, const char pass, int passlen,
167	ASN1_TYPE param, EVP_CIPHER_CTX ctx, int en_de)
168	{
169	return EVP_PBE_CipherInit_ex(pbe_obj, pass, passlen, param, ctx, en_de, NULL, NULL);
170	}
171
172	DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2);
173
174	static int pbe2_cmp(const EVP_PBE_CTL pbe1, const EVP_PBE_CTL pbe2)
175	{
176	int ret = pbe1->pbe_type - pbe2->pbe_type;
177	if (ret)
178	return ret;
179	else
180	return pbe1->pbe_nid - pbe2->pbe_nid;
181	}
182
183	IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2);
184
185	static int pbe_cmp(const EVP_PBE_CTL const a, const EVP_PBE_CTL const b)
186	{
187	int ret = (a)->pbe_type - (b)->pbe_type;
188	if (ret)
189	return ret;
190	else
191	return (a)->pbe_nid - (b)->pbe_nid;
192	}
193
194	/* Add a PBE algorithm */
195
196	int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid,
197	int md_nid, EVP_PBE_KEYGEN *keygen)
198	{
199	EVP_PBE_CTL *pbe_tmp;
200
201	if (pbe_algs == NULL) {
202	pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp);
203	if (pbe_algs == NULL)
204	goto err;
205	}
206
207	if ((pbe_tmp = OPENSSL_zalloc(sizeof(*pbe_tmp))) == NULL)
208	goto err;
209
210	pbe_tmp->pbe_type = pbe_type;
211	pbe_tmp->pbe_nid = pbe_nid;
212	pbe_tmp->cipher_nid = cipher_nid;
213	pbe_tmp->md_nid = md_nid;
214	pbe_tmp->keygen = keygen;
215
216	if (!sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp)) {
217	OPENSSL_free(pbe_tmp);
218	goto err;
219	}
220	return 1;
221
222	err:
223	ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
224	return 0;
225	}
226
227	int EVP_PBE_alg_add(int nid, const EVP_CIPHER cipher, const EVP_MD md,
228	EVP_PBE_KEYGEN *keygen)
229	{
230	int cipher_nid, md_nid;
231
232	if (cipher)
233	cipher_nid = EVP_CIPHER_get_nid(cipher);
234	else
235	cipher_nid = -1;
236	if (md)
237	md_nid = EVP_MD_get_type(md);
238	else
239	md_nid = -1;
240
241	return EVP_PBE_alg_add_type(EVP_PBE_TYPE_OUTER, nid,
242	cipher_nid, md_nid, keygen);
243	}
244
245	int EVP_PBE_find_ex(int type, int pbe_nid, int pcnid, int pmnid,
246	EVP_PBE_KEYGEN pkeygen, EVP_PBE_KEYGEN_EX pkeygen_ex)
247	{
248	EVP_PBE_CTL *pbetmp = NULL, pbelu;
249	int i;
250	if (pbe_nid == NID_undef)
251	return 0;
252
253	pbelu.pbe_type = type;
254	pbelu.pbe_nid = pbe_nid;
255
256	if (pbe_algs != NULL) {
257	i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu);
258	pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i);
259	}
260	if (pbetmp == NULL) {
261	pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, OSSL_NELEM(builtin_pbe));
262	}
263	if (pbetmp == NULL)
264	return 0;
265	if (pcnid != NULL)
266	*pcnid = pbetmp->cipher_nid;
267	if (pmnid != NULL)
268	*pmnid = pbetmp->md_nid;
269	if (pkeygen != NULL)
270	*pkeygen = pbetmp->keygen;
271	if (pkeygen_ex != NULL)
272	*pkeygen_ex = pbetmp->keygen_ex;
273	return 1;
274	}
275
276	int EVP_PBE_find(int type, int pbe_nid,
277	int pcnid, int pmnid, EVP_PBE_KEYGEN **pkeygen)
278	{
279	return EVP_PBE_find_ex(type, pbe_nid, pcnid, pmnid, pkeygen, NULL);
280	}
281
282	static void free_evp_pbe_ctl(EVP_PBE_CTL *pbe)
283	{
284	OPENSSL_free(pbe);
285	}
286
287	void EVP_PBE_cleanup(void)
288	{
289	sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl);
290	pbe_algs = NULL;
291	}
292
293	int EVP_PBE_get(int ptype, int ppbe_nid, size_t num)
294	{
295	const EVP_PBE_CTL *tpbe;
296
297	if (num >= OSSL_NELEM(builtin_pbe))
298	return 0;
299
300	tpbe = builtin_pbe + num;
301	if (ptype)
302	*ptype = tpbe->pbe_type;
303	if (ppbe_nid)
304	*ppbe_nid = tpbe->pbe_nid;
305	return 1;
306	}

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/openssl-3.1.0/crypto/evp/evp_pbe.c@ 100908

以其他格式下載: