Reimplement pkcs12_pbe_keyivgen with CBS.

BUG=54 Change-Id: Ie003a9635b33ad6f7e430684f0eb6975c613ebf3 Reviewed-on: https://boringssl-review.googlesource.com/13068 Reviewed-by: Adam Langley <alangley@gmail.com>
author: David Benjamin <davidben@google.com> 2016-12-28 22:39:32 -0500
committer: Adam Langley <alangley@gmail.com> 2017-01-11 00:54:08 +0000
commit: 314d81420c7aae3495d59d590b39d8d1b222ebba (patch)
tree: a11442581936c118da6175e8ac725639d25d2844
parent: d1afc4186937edb303665f27d794e1eae1c54a7e (diff)
download: boringssl-314d81420c7aae3495d59d590b39d8d1b222ebba.zip
boringssl-314d81420c7aae3495d59d590b39d8d1b222ebba.tar.gz
boringssl-314d81420c7aae3495d59d590b39d8d1b222ebba.tar.bz2
3 files changed, 24 insertions, 41 deletions
diff --git a/crypto/pkcs8/internal.h b/crypto/pkcs8/internal.h
index f0af8fe..7a6f057 100644
--- a/crypto/pkcs8/internal.h
+++ b/crypto/pkcs8/internal.h
@@ -66,13 +66,6 @@ extern "C" {
 #define PKCS5_DEFAULT_ITERATIONS 2048
 #define PKCS5_SALT_LEN 8
 
-typedef struct {
-  ASN1_OCTET_STRING *salt;
-  ASN1_INTEGER *iter;
-} PBEPARAM;
-
-DECLARE_ASN1_FUNCTIONS(PBEPARAM)
-
 /* PKCS5_v2_PBE_keyivgen intializes the supplied |ctx| for PBKDF v2, which must
  * be specified by |param|. The password is specified by |pass_raw| and
  * |pass_raw_len|. |cipher| and |md| are ignored.
diff --git a/crypto/pkcs8/p5_pbe.c b/crypto/pkcs8/p5_pbe.c
index 81865cd..eff2e40 100644
--- a/crypto/pkcs8/p5_pbe.c
+++ b/crypto/pkcs8/p5_pbe.c
@@ -53,7 +53,7 @@
  * (eay@cryptsoft.com).  This product includes software written by Tim
  * Hudson (tjh@cryptsoft.com). */
 
-#include <openssl/asn1t.h>
+#include <openssl/asn1.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
 #include <openssl/obj.h>
@@ -65,16 +65,6 @@
 #include "internal.h"
 
 
-/* PKCS#5 password based encryption structure */
-
-ASN1_SEQUENCE(PBEPARAM) = {
-	ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
-	ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(PBEPARAM)
-
-IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
-
-
 X509_ALGOR *PKCS5_pbe_set(int alg, int iter, const uint8_t *salt,
                           size_t salt_len) {
   if (iter <= 0) {
diff --git a/crypto/pkcs8/pkcs8.c b/crypto/pkcs8/pkcs8.c
index 2e81adf..22d6369 100644
--- a/crypto/pkcs8/pkcs8.c
+++ b/crypto/pkcs8/pkcs8.c
@@ -227,12 +227,6 @@ static int pkcs12_pbe_keyivgen(EVP_CIPHER_CTX *ctx, const uint8_t *pass_raw,
                                size_t pass_raw_len, ASN1_TYPE *param,
                                const EVP_CIPHER *cipher, const EVP_MD *md,
                                int is_encrypt) {
-  PBEPARAM *pbe;
-  int salt_len, iterations, ret;
-  uint8_t *salt;
-  const uint8_t *pbuf;
-  uint8_t key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
-
   /* Extract useful info from parameter */
   if (param == NULL || param->type != V_ASN1_SEQUENCE ||
       param->value.sequence == NULL) {
@@ -240,34 +234,40 @@ static int pkcs12_pbe_keyivgen(EVP_CIPHER_CTX *ctx, const uint8_t *pass_raw,
     return 0;
   }
 
-  pbuf = param->value.sequence->data;
-  pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length);
-  if (pbe == NULL) {
+  CBS cbs, pbe_param, salt;
+  uint64_t iterations;
+  CBS_init(&cbs, param->value.sequence->data, param->value.sequence->length);
+  if (!CBS_get_asn1(&cbs, &pbe_param, CBS_ASN1_SEQUENCE) ||
+      !CBS_get_asn1(&pbe_param, &salt, CBS_ASN1_OCTETSTRING) ||
+      !CBS_get_asn1_uint64(&pbe_param, &iterations) ||
+      CBS_len(&pbe_param) != 0 ||
+      CBS_len(&cbs) != 0) {
     OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR);
     return 0;
   }
 
-  if (!pbe->iter) {
-    iterations = 1;
-  } else {
-    iterations = ASN1_INTEGER_get(pbe->iter);
+  if (iterations == 0 || iterations > INT_MAX) {
+    OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_ITERATION_COUNT);
+    return 0;
   }
-  salt = pbe->salt->data;
-  salt_len = pbe->salt->length;
-  if (!pkcs12_key_gen_raw(pass_raw, pass_raw_len, salt, salt_len, PKCS12_KEY_ID,
-                          iterations, EVP_CIPHER_key_length(cipher), key, md)) {
+
+  uint8_t key[EVP_MAX_KEY_LENGTH];
+  if (!pkcs12_key_gen_raw(pass_raw, pass_raw_len, CBS_data(&salt),
+                          CBS_len(&salt), PKCS12_KEY_ID, iterations,
+                          EVP_CIPHER_key_length(cipher), key, md)) {
     OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_KEY_GEN_ERROR);
-    PBEPARAM_free(pbe);
     return 0;
   }
-  if (!pkcs12_key_gen_raw(pass_raw, pass_raw_len, salt, salt_len, PKCS12_IV_ID,
-                          iterations, EVP_CIPHER_iv_length(cipher), iv, md)) {
+
+  uint8_t iv[EVP_MAX_IV_LENGTH];
+  if (!pkcs12_key_gen_raw(pass_raw, pass_raw_len, CBS_data(&salt),
+                          CBS_len(&salt), PKCS12_IV_ID, iterations,
+                          EVP_CIPHER_iv_length(cipher), iv, md)) {
     OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_KEY_GEN_ERROR);
-    PBEPARAM_free(pbe);
     return 0;
   }
-  PBEPARAM_free(pbe);
-  ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, is_encrypt);
+
+  int ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, is_encrypt);
   OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
   OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
   return ret;
author	David Benjamin <davidben@google.com>	2016-12-28 22:39:32 -0500
committer	Adam Langley <alangley@gmail.com>	2017-01-11 00:54:08 +0000
commit	314d81420c7aae3495d59d590b39d8d1b222ebba (patch)
tree	a11442581936c118da6175e8ac725639d25d2844
parent	d1afc4186937edb303665f27d794e1eae1c54a7e (diff)
download	boringssl-314d81420c7aae3495d59d590b39d8d1b222ebba.zip boringssl-314d81420c7aae3495d59d590b39d8d1b222ebba.tar.gz boringssl-314d81420c7aae3495d59d590b39d8d1b222ebba.tar.bz2