openssl/crypto/evp/evp_pbe.c

/* evp_pbe.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <stdio.h>
#include "cryptlib.h"
#include <openssl/evp.h>
#include <openssl/pkcs12.h>
#include <openssl/x509.h>

/* Password based encryption (PBE) functions */

static STACK *pbe_algs;

/* Setup a cipher context from a PBE algorithm */

typedef struct
	{
	int pbe_type;
	int pbe_nid;
	int cipher_nid;
	int md_nid;
	EVP_PBE_KEYGEN *keygen;
	} EVP_PBE_CTL;

static const EVP_PBE_CTL builtin_pbe[] = 
	{
	{EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC,
			NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen},
	{EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC,
			NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen},
	{EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
			NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen},

	{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4,
			NID_rc4, NID_sha1, PKCS12_PBE_keyivgen},
	{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4,
			NID_rc4_40, NID_sha1, PKCS12_PBE_keyivgen},
	{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
		 	NID_des_ede3_cbc, NID_sha1, PKCS12_PBE_keyivgen},
	{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 
			NID_des_ede_cbc, NID_sha1, PKCS12_PBE_keyivgen},
	{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC2_CBC,
			NID_rc2_cbc, NID_sha1, PKCS12_PBE_keyivgen},
	{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC,
			NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen},

#ifndef OPENSSL_NO_HMAC
	{EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen},
#endif
	{EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC,
			NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen},
	{EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC,
			NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen},
	{EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC,
			NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen},


	{EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0},
	{EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0},
	{EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0},
	{EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0},
	{EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
	{EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
	{EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
	};

#ifdef TEST
int main(int argc, char **argv)
	{
	int i, nid_md, nid_cipher;
	EVP_PBE_CTL *tpbe, *tpbe2;
	/*OpenSSL_add_all_algorithms();*/

	for (i = 0; i < sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL); i++)
		{
		tpbe = builtin_pbe + i;
		fprintf(stderr, "%d %d %s ", tpbe->pbe_type, tpbe->pbe_nid,
						OBJ_nid2sn(tpbe->pbe_nid));
		if (EVP_PBE_find(tpbe->pbe_type, tpbe->pbe_nid,
					&nid_cipher ,&nid_md,0))
			fprintf(stderr, "Found %s %s\n",
					OBJ_nid2sn(nid_cipher),
					OBJ_nid2sn(nid_md));
		else
			fprintf(stderr, "Find ERROR!!\n");
		}

	return 0;
	}
#endif
		

int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
	     ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
	{
	const EVP_CIPHER *cipher;
	const EVP_MD *md;
	int cipher_nid, md_nid;
	EVP_PBE_KEYGEN *keygen;

	if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj),
					&cipher_nid, &md_nid, &keygen))
		{
		char obj_tmp[80];
		EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
		if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
		else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
		ERR_add_error_data(2, "TYPE=", obj_tmp);
		return 0;
		}

	if(!pass)
		passlen = 0;
	else if (passlen == -1)
		passlen = strlen(pass);

	if (cipher_nid == -1)
		cipher = NULL;
	else
		cipher = EVP_get_cipherbynid(cipher_nid);

	if (md_nid == -1)
		md = NULL;
	else
		md = EVP_get_digestbynid(md_nid);

	if (!keygen(ctx, pass, passlen, param, cipher, md, en_de))
		{
		EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE);
		return 0;
		}
	return 1;	
}

static int pbe_cmp2(const void *a, const void *b)
	{
	const EVP_PBE_CTL *pbe1 = a;
	const EVP_PBE_CTL *pbe2 = b;
	int ret = pbe1->pbe_type - pbe2->pbe_type;
	if (ret)
		return ret;
	else
		return pbe1->pbe_nid - pbe2->pbe_nid;
	}

static int pbe_cmp(const char * const *a, const char * const *b)
	{
	const EVP_PBE_CTL * const *pbe1 = (const EVP_PBE_CTL * const *) a,
			* const *pbe2 = (const EVP_PBE_CTL * const *)b;
	int ret = (*pbe1)->pbe_type - (*pbe2)->pbe_type;
	if (ret)
		return ret;
	else
		return (*pbe1)->pbe_nid - (*pbe2)->pbe_nid;
	}

/* Add a PBE algorithm */

int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid,
	     EVP_PBE_KEYGEN *keygen)
	{
	EVP_PBE_CTL *pbe_tmp;
	if (!pbe_algs)
		pbe_algs = sk_new(pbe_cmp);
	if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL))))
		{
		EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE,ERR_R_MALLOC_FAILURE);
		return 0;
		}
	pbe_tmp->pbe_type = pbe_type;
	pbe_tmp->pbe_nid = pbe_nid;
	pbe_tmp->cipher_nid = cipher_nid;
	pbe_tmp->md_nid = md_nid;
	pbe_tmp->keygen = keygen;


	sk_push (pbe_algs, (char *)pbe_tmp);
	return 1;
	}

int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
	     EVP_PBE_KEYGEN *keygen)
	{
	int cipher_nid, md_nid;
	if (cipher)
		cipher_nid = EVP_CIPHER_type(cipher);
	else
		cipher_nid = -1;
	if (md)
		md_nid = EVP_MD_type(md);
	else
		md_nid = -1;

	return EVP_PBE_alg_add_type(EVP_PBE_TYPE_OUTER, nid,
					cipher_nid, md_nid, keygen);
	}

int EVP_PBE_find(int type, int pbe_nid,
			int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen)
	{
	EVP_PBE_CTL *pbetmp = NULL, pbelu;
	int i;
	if (pbe_nid == NID_undef)
		return 0;

	pbelu.pbe_type = type;
	pbelu.pbe_nid = pbe_nid;

	if (pbe_algs)
		{
		i = sk_find(pbe_algs, (char *)&pbelu);
		if (i != -1)
			pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i);
		}
	if (pbetmp == NULL)
		{
		pbetmp = (EVP_PBE_CTL *) OBJ_bsearch((char *)&pbelu,
        		(char *)builtin_pbe,
			sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL),
        		sizeof(EVP_PBE_CTL),
			pbe_cmp2);
		}
	if (pbetmp == NULL)
		return 0;
	if (pcnid)
		*pcnid = pbetmp->cipher_nid;
	if (pmnid)
		*pmnid = pbetmp->md_nid;
	if (pkeygen)
		*pkeygen = pbetmp->keygen;
	return 1;
	}
		

void EVP_PBE_cleanup(void)
	{
	sk_pop_free(pbe_algs, OPENSSL_freeFunc);
	pbe_algs = NULL;
	}
Work with -pedantic! 1999-04-23 23:01:15 +08:00			`/* evp_pbe.c */`
Further PKCS#12 integration, PBE, PKCS#8 additions. 1999-03-29 01:46:10 +08:00			`/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL`
			`* project 1999.`
			`*/`
			`/* ====================================================================`
Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-15 02:40:53 +08:00			`* Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.`
Further PKCS#12 integration, PBE, PKCS#8 additions. 1999-03-29 01:46:10 +08:00			`*`
			`* Redistribution and use in source and binary forms, with or without`
			`* modification, are permitted provided that the following conditions`
			`* are met:`
			`*`
			`* 1. Redistributions of source code must retain the above copyright`
			`* notice, this list of conditions and the following disclaimer.`
			`*`
			`* 2. Redistributions in binary form must reproduce the above copyright`
			`* notice, this list of conditions and the following disclaimer in`
			`* the documentation and/or other materials provided with the`
			`* distribution.`
			`*`
			`* 3. All advertising materials mentioning features or use of this`
			`* software must display the following acknowledgment:`
			`* "This product includes software developed by the OpenSSL Project`
			`* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"`
			`*`
			`* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to`
			`* endorse or promote products derived from this software without`
			`* prior written permission. For written permission, please contact`
			`* licensing@OpenSSL.org.`
			`*`
			`* 5. Products derived from this software may not be called "OpenSSL"`
			`* nor may "OpenSSL" appear in their names without prior written`
			`* permission of the OpenSSL Project.`
			`*`
			`* 6. Redistributions of any form whatsoever must retain the following`
			`* acknowledgment:`
			`* "This product includes software developed by the OpenSSL Project`
			`* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"`
			`*`
			* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
			`* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE`
			`* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR`
			`* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR`
			`* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,`
			`* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT`
			`* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;`
			`* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)`
			`* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,`
			`* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)`
			`* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED`
			`* OF THE POSSIBILITY OF SUCH DAMAGE.`
			`* ====================================================================`
			`*`
			`* This product includes cryptographic software written by Eric Young`
			`* (eay@cryptsoft.com). This product includes software written by Tim`
			`* Hudson (tjh@cryptsoft.com).`
			`*`
			`*/`

			`#include <stdio.h>`
Reorder inclusion of header files: des_old.h redefines crypt: #define crypt(b,s)\ DES_crypt((b),(s)) This scheme leads to failure, if header files with the OS's true definition of crypt() are processed _after_ des_old.h was processed. This is e.g. the case on HP-UX with unistd.h. As evp.h now again includes des.h (which includes des_old.h), this problem only came up after this modification. Solution: move header files (indirectly) including e_os.h before the header files (indirectly) including evp.h. Submitted by: Reviewed by: PR: 2002-07-10 15:01:54 +08:00			`#include "cryptlib.h"`
Change #include filenames from <foo.h> to <openssl.h>. Submitted by: Reviewed by: PR: 1999-04-24 06:13:45 +08:00			`#include <openssl/evp.h>`
Change builting PBE to use static table. Add entries for HMAC and MD5, GOST. 2006-05-16 01:34:36 +08:00			`#include <openssl/pkcs12.h>`
Change #include filenames from <foo.h> to <openssl.h>. Submitted by: Reviewed by: PR: 1999-04-24 06:13:45 +08:00			`#include <openssl/x509.h>`
Further PKCS#12 integration, PBE, PKCS#8 additions. 1999-03-29 01:46:10 +08:00
			`/* Password based encryption (PBE) functions */`

			`static STACK *pbe_algs;`

			`/* Setup a cipher context from a PBE algorithm */`

Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-15 02:40:53 +08:00			`typedef struct`
			`{`
			`int pbe_type;`
			`int pbe_nid;`
			`int cipher_nid;`
			`int md_nid;`
			`EVP_PBE_KEYGEN *keygen;`
			`} EVP_PBE_CTL;`
Further PKCS#12 integration, PBE, PKCS#8 additions. 1999-03-29 01:46:10 +08:00
Constify version strings and some structures. 2007-01-21 21:07:17 +08:00			`static const EVP_PBE_CTL builtin_pbe[] =`
Change builting PBE to use static table. Add entries for HMAC and MD5, GOST. 2006-05-16 01:34:36 +08:00			`{`
			`{EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC,`
			`NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen},`
			`{EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC,`
			`NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen},`
			`{EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,`
			`NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen},`

			`{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4,`
			`NID_rc4, NID_sha1, PKCS12_PBE_keyivgen},`
			`{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4,`
			`NID_rc4_40, NID_sha1, PKCS12_PBE_keyivgen},`
			`{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,`
			`NID_des_ede3_cbc, NID_sha1, PKCS12_PBE_keyivgen},`
			`{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And2_Key_TripleDES_CBC,`
			`NID_des_ede_cbc, NID_sha1, PKCS12_PBE_keyivgen},`
			`{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC2_CBC,`
			`NID_rc2_cbc, NID_sha1, PKCS12_PBE_keyivgen},`
			`{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC,`
			`NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen},`

			`#ifndef OPENSSL_NO_HMAC`
			`{EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen},`
			`#endif`
			`{EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC,`
			`NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen},`
			`{EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC,`
			`NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen},`
			`{EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC,`
			`NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen},`


			`{EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0},`
			`{EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0},`
HMAC OIDs from RFC4231. 2006-05-17 20:27:45 +08:00			`{EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0},`
			`{EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0},`
			`{EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},`
			`{EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},`
fix order PR: 1442 2006-12-22 03:50:48 +08:00			`{EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},`
Change builting PBE to use static table. Add entries for HMAC and MD5, GOST. 2006-05-16 01:34:36 +08:00			`};`

			`#ifdef TEST`
			`int main(int argc, char **argv)`
			`{`
			`int i, nid_md, nid_cipher;`
			`EVP_PBE_CTL tpbe, tpbe2;`
			`/OpenSSL_add_all_algorithms();/`

			`for (i = 0; i < sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL); i++)`
			`{`
			`tpbe = builtin_pbe + i;`
			`fprintf(stderr, "%d %d %s ", tpbe->pbe_type, tpbe->pbe_nid,`
			`OBJ_nid2sn(tpbe->pbe_nid));`
			`if (EVP_PBE_find(tpbe->pbe_type, tpbe->pbe_nid,`
			`&nid_cipher ,&nid_md,0))`
			`fprintf(stderr, "Found %s %s\n",`
			`OBJ_nid2sn(nid_cipher),`
			`OBJ_nid2sn(nid_md));`
			`else`
			`fprintf(stderr, "Find ERROR!!\n");`
			`}`

			`return 0;`
			`}`
			`#endif`



Fix more error codes. (Also improve util/ck_errf.pl script, and occasionally fix source code formatting.) 2005-05-11 11:45:39 +08:00			`int EVP_PBE_CipherInit(ASN1_OBJECT pbe_obj, const char pass, int passlen,`
Rewrite PBE handling read to support PKCS#5 v2.0 and update the function list for Win32. 1999-06-06 21:07:13 +08:00			`ASN1_TYPE param, EVP_CIPHER_CTX ctx, int en_de)`
Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-15 02:40:53 +08:00			`{`
			`const EVP_CIPHER *cipher;`
			`const EVP_MD *md;`
			`int cipher_nid, md_nid;`
			`EVP_PBE_KEYGEN *keygen;`
Further PKCS#12 integration, PBE, PKCS#8 additions. 1999-03-29 01:46:10 +08:00
Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-15 02:40:53 +08:00			`if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj),`
			`&cipher_nid, &md_nid, &keygen))`
			`{`
Further PKCS#12 integration, PBE, PKCS#8 additions. 1999-03-29 01:46:10 +08:00			`char obj_tmp[80];`
			`EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);`
Use BUF_strlcpy() instead of strcpy(). Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl <markus@openbsd.org> 2003-12-27 22:40:17 +08:00			`if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);`
Security fixes brought forward from 0.9.7. 2002-11-13 23:43:43 +08:00			`else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);`
Further PKCS#12 integration, PBE, PKCS#8 additions. 1999-03-29 01:46:10 +08:00			`ERR_add_error_data(2, "TYPE=", obj_tmp);`
			`return 0;`
Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-15 02:40:53 +08:00			`}`

			`if(!pass)`
			`passlen = 0;`
			`else if (passlen == -1)`
			`passlen = strlen(pass);`

			`if (cipher_nid == -1)`
			`cipher = NULL;`
			`else`
			`cipher = EVP_get_cipherbynid(cipher_nid);`

			`if (md_nid == -1)`
			`md = NULL;`
			`else`
			`md = EVP_get_digestbynid(md_nid);`

			`if (!keygen(ctx, pass, passlen, param, cipher, md, en_de))`
			`{`
Further PKCS#12 integration, PBE, PKCS#8 additions. 1999-03-29 01:46:10 +08:00			`EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE);`
			`return 0;`
Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-15 02:40:53 +08:00			`}`
Further PKCS#12 integration, PBE, PKCS#8 additions. 1999-03-29 01:46:10 +08:00			`return 1;`
			`}`

Change builting PBE to use static table. Add entries for HMAC and MD5, GOST. 2006-05-16 01:34:36 +08:00			`static int pbe_cmp2(const void a, const void b)`
			`{`
			`const EVP_PBE_CTL *pbe1 = a;`
			`const EVP_PBE_CTL *pbe2 = b;`
			`int ret = pbe1->pbe_type - pbe2->pbe_type;`
			`if (ret)`
			`return ret;`
			`else`
			`return pbe1->pbe_nid - pbe2->pbe_nid;`
			`}`

Fixes for Win32 build. This is mostly a work around for the old VC++ problem that it treats func() as func(void). Various prototypes had been added to 'compare' function pointers that triggered this. This could be fixed by removing the prototype, adding function pointer casts to every call or changing the passed function to use the expected arguments. I mostly did the latter. The mkdef.pl script was modified to remove the typesafe functions which no longer exist. Oh and some functions called OPENSSL_freeLibrary() were changed back to FreeLibrary(), wonder how that happened :-) 2000-06-21 10:25:30 +08:00			`static int pbe_cmp(const char * const a, const char const *b)`
Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-15 02:40:53 +08:00			`{`
some const fixes and cleanup 2005-04-05 18:29:43 +08:00			`const EVP_PBE_CTL * const pbe1 = (const EVP_PBE_CTL const *) a,`
			`* const pbe2 = (const EVP_PBE_CTL const *)b;`
Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-15 02:40:53 +08:00			`int ret = (pbe1)->pbe_type - (pbe2)->pbe_type;`
			`if (ret)`
			`return ret;`
			`else`
			`return (pbe1)->pbe_nid - (pbe2)->pbe_nid;`
			`}`
Further PKCS#12 integration, PBE, PKCS#8 additions. 1999-03-29 01:46:10 +08:00
			`/* Add a PBE algorithm */`

Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-15 02:40:53 +08:00			`int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid,`
Change functions to ANSI C. 1999-04-20 05:31:43 +08:00			`EVP_PBE_KEYGEN *keygen)`
Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-15 02:40:53 +08:00			`{`
Further PKCS#12 integration, PBE, PKCS#8 additions. 1999-03-29 01:46:10 +08:00			`EVP_PBE_CTL *pbe_tmp;`
Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-15 02:40:53 +08:00			`if (!pbe_algs)`
			`pbe_algs = sk_new(pbe_cmp);`
			`if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL))))`
			`{`
Fix various error codes to match functions. 2006-07-18 00:33:31 +08:00			`EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE,ERR_R_MALLOC_FAILURE);`
Further PKCS#12 integration, PBE, PKCS#8 additions. 1999-03-29 01:46:10 +08:00			`return 0;`
Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-15 02:40:53 +08:00			`}`
			`pbe_tmp->pbe_type = pbe_type;`
			`pbe_tmp->pbe_nid = pbe_nid;`
			`pbe_tmp->cipher_nid = cipher_nid;`
			`pbe_tmp->md_nid = md_nid;`
Further PKCS#12 integration, PBE, PKCS#8 additions. 1999-03-29 01:46:10 +08:00			`pbe_tmp->keygen = keygen;`
Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-15 02:40:53 +08:00

Further PKCS#12 integration, PBE, PKCS#8 additions. 1999-03-29 01:46:10 +08:00			`sk_push (pbe_algs, (char *)pbe_tmp);`
			`return 1;`
Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-15 02:40:53 +08:00			`}`

			`int EVP_PBE_alg_add(int nid, const EVP_CIPHER cipher, const EVP_MD md,`
			`EVP_PBE_KEYGEN *keygen)`
			`{`
			`int cipher_nid, md_nid;`
			`if (cipher)`
			`cipher_nid = EVP_CIPHER_type(cipher);`
			`else`
			`cipher_nid = -1;`
			`if (md)`
			`md_nid = EVP_MD_type(md);`
			`else`
			`md_nid = -1;`

			`return EVP_PBE_alg_add_type(EVP_PBE_TYPE_OUTER, nid,`
			`cipher_nid, md_nid, keygen);`
			`}`

			`int EVP_PBE_find(int type, int pbe_nid,`
			`int pcnid, int pmnid, EVP_PBE_KEYGEN **pkeygen)`
			`{`
Change builting PBE to use static table. Add entries for HMAC and MD5, GOST. 2006-05-16 01:34:36 +08:00			`EVP_PBE_CTL *pbetmp = NULL, pbelu;`
Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-15 02:40:53 +08:00			`int i;`
			`if (pbe_nid == NID_undef)`
			`return 0;`
Change builting PBE to use static table. Add entries for HMAC and MD5, GOST. 2006-05-16 01:34:36 +08:00
Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-15 02:40:53 +08:00			`pbelu.pbe_type = type;`
			`pbelu.pbe_nid = pbe_nid;`
Change builting PBE to use static table. Add entries for HMAC and MD5, GOST. 2006-05-16 01:34:36 +08:00
			`if (pbe_algs)`
			`{`
			`i = sk_find(pbe_algs, (char *)&pbelu);`
			`if (i != -1)`
			`pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i);`
			`}`
			`if (pbetmp == NULL)`
			`{`
			`pbetmp = (EVP_PBE_CTL ) OBJ_bsearch((char )&pbelu,`
			`(char *)builtin_pbe,`
			`sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL),`
			`sizeof(EVP_PBE_CTL),`
			`pbe_cmp2);`
			`}`
			`if (pbetmp == NULL)`
Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-15 02:40:53 +08:00			`return 0;`
			`if (pcnid)`
			`*pcnid = pbetmp->cipher_nid;`
			`if (pmnid)`
			`*pmnid = pbetmp->md_nid;`
			`if (pkeygen)`
			`*pkeygen = pbetmp->keygen;`
			`return 1;`
			`}`


Include pkcs12 program as part of openssl. This completes most of the PKCS#12 integration. 1999-03-30 01:50:26 +08:00
Change functions to ANSI C. 1999-04-20 05:31:43 +08:00			`void EVP_PBE_cleanup(void)`
Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-15 02:40:53 +08:00			`{`
There have been a number of complaints from a number of sources that names like Malloc, Realloc and especially Free conflict with already existing names on some operating systems or other packages. That is reason enough to change the names of the OpenSSL memory allocation macros to something that has a better chance of being unique, like prepending them with OPENSSL_. This change includes all the name changes needed throughout all C files. 2000-06-02 06:19:21 +08:00			`sk_pop_free(pbe_algs, OPENSSL_freeFunc);`
Add PKCS#12 documentation and new option in x509 to add certificate extensions. 1999-04-27 08:36:20 +08:00			`pbe_algs = NULL;`
Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-15 02:40:53 +08:00			`}`