Rewrite PBE handling read to support PKCS#5 v2.0 and update the function

list for Win32.

1 files changed, 21 insertions, 2 deletions

diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c
index 9e37436c92..cb65c42000 100644
--- a/crypto/pkcs12/p12_crpt.c
+++ b/crypto/pkcs12/p12_crpt.c
@@ -82,19 +82,38 @@ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
 #endif
 }
 
-int PKCS12_PBE_keyivgen (const char *pass, int passlen, unsigned char *salt,
-	     int saltlen, int iter, EVP_CIPHER *cipher, EVP_MD *md,
+int PKCS12_PBE_keyivgen (const char *pass, int passlen, ASN1_TYPE *param,
+	     EVP_CIPHER *cipher, EVP_MD *md,
 	     unsigned char *key, unsigned char *iv)
 {
+	PBEPARAM *pbe;
+	int saltlen, iter;
+	unsigned char *salt, *pbuf;
+
+	/* Extract useful info from parameter */
+	pbuf = param->value.sequence->data;
+	if (!(pbe = d2i_PBEPARAM (NULL, &pbuf,
+					param->value.sequence->length))) {
+		EVPerr(PKCS12_F_PKCS12_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+		return 0;
+	}
+
+	if (!pbe->iter) iter = 1;
+	else iter = ASN1_INTEGER_get (pbe->iter);
+	salt = pbe->salt->data;
+	saltlen = pbe->salt->length;
 	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
 			     iter, EVP_CIPHER_key_length(cipher), key, md)) {
 		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR);
+		PBEPARAM_free(pbe);
 		return 0;
 	}
 	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
 				iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
 		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR);
+		PBEPARAM_free(pbe);
 		return 0;
 	}
+	PBEPARAM_free(pbe);
 	return 1;
 }