Loading CHANGES +5 −0 Original line number Original line Diff line number Diff line Loading @@ -4,6 +4,11 @@ Changes between 0.9.3a and 0.9.4 Changes between 0.9.3a and 0.9.4 *) Add a debugging option to PKCS#5 v2 key generation function: when you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and derived keys are printed to stderr. [Steve Henson] *) Copy the flags in ASN1_STRING_dup(). *) Copy the flags in ASN1_STRING_dup(). [Roman E. Pavlov <pre@mo.msk.ru>] [Roman E. Pavlov <pre@mo.msk.ru>] Loading crypto/evp/p5_crpt2.c +30 −6 Original line number Original line Diff line number Diff line Loading @@ -55,7 +55,6 @@ * Hudson (tjh@cryptsoft.com). * Hudson (tjh@cryptsoft.com). * * */ */ #if !defined(NO_HMAC) && !defined(NO_SHA) #include <stdio.h> #include <stdio.h> #include <stdlib.h> #include <stdlib.h> #include <openssl/x509.h> #include <openssl/x509.h> Loading @@ -63,6 +62,13 @@ #include <openssl/hmac.h> #include <openssl/hmac.h> #include "cryptlib.h" #include "cryptlib.h" /* set this to print out info about the keygen algorithm */ /* #define DEBUG_PKCS5V2 */ #ifdef DEBUG_PKCS5V2 static void h__dump (const unsigned char *p, int len); #endif /* This is an implementation of PKCS#5 v2.0 password based encryption key /* This is an implementation of PKCS#5 v2.0 password based encryption key * derivation function PBKDF2 using the only currently defined function HMAC * derivation function PBKDF2 using the only currently defined function HMAC * with SHA1. Verified against test vectors posted by Peter Gutmann * with SHA1. Verified against test vectors posted by Peter Gutmann Loading @@ -74,14 +80,15 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, int keylen, unsigned char *out) int keylen, unsigned char *out) { { unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; int cplen, j, k; int cplen, j, k, tkeylen; unsigned long i = 1; unsigned long i = 1; HMAC_CTX hctx; HMAC_CTX hctx; p = out; p = out; tkeylen = keylen; if(passlen == -1) passlen = strlen(pass); if(passlen == -1) passlen = strlen(pass); while(keylen) { while(tkeylen) { if(keylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH; if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH; else cplen = keylen; else cplen = tkeylen; /* We are unlikely to ever use more than 256 blocks (5120 bits!) /* We are unlikely to ever use more than 256 blocks (5120 bits!) * but just in case... * but just in case... */ */ Loading @@ -99,11 +106,20 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, digtmp, SHA_DIGEST_LENGTH, digtmp, NULL); digtmp, SHA_DIGEST_LENGTH, digtmp, NULL); for(k = 0; k < cplen; k++) p[k] ^= digtmp[k]; for(k = 0; k < cplen; k++) p[k] ^= digtmp[k]; } } keylen-= cplen; tkeylen-= cplen; i++; i++; p+= cplen; p+= cplen; } } HMAC_cleanup(&hctx); HMAC_cleanup(&hctx); #ifdef DEBUG_PKCS5V2 fprintf(stderr, "Password:\n"); h__dump (pass, passlen); fprintf(stderr, "Salt:\n"); h__dump (salt, saltlen); fprintf(stderr, "Iteration count %d\n", iter); fprintf(stderr, "Key:\n"); h__dump (out, keylen); #endif return 1; return 1; } } Loading Loading @@ -219,4 +235,12 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, PBKDF2PARAM_free(kdf); PBKDF2PARAM_free(kdf); return 0; return 0; } } #ifdef DEBUG_PKCS5V2 static void h__dump (const unsigned char *p, int len) { for (; len --; p++) fprintf(stderr, "%02X ", *p); fprintf(stderr, "\n"); } #endif #endif Loading
CHANGES +5 −0 Original line number Original line Diff line number Diff line Loading @@ -4,6 +4,11 @@ Changes between 0.9.3a and 0.9.4 Changes between 0.9.3a and 0.9.4 *) Add a debugging option to PKCS#5 v2 key generation function: when you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and derived keys are printed to stderr. [Steve Henson] *) Copy the flags in ASN1_STRING_dup(). *) Copy the flags in ASN1_STRING_dup(). [Roman E. Pavlov <pre@mo.msk.ru>] [Roman E. Pavlov <pre@mo.msk.ru>] Loading
crypto/evp/p5_crpt2.c +30 −6 Original line number Original line Diff line number Diff line Loading @@ -55,7 +55,6 @@ * Hudson (tjh@cryptsoft.com). * Hudson (tjh@cryptsoft.com). * * */ */ #if !defined(NO_HMAC) && !defined(NO_SHA) #include <stdio.h> #include <stdio.h> #include <stdlib.h> #include <stdlib.h> #include <openssl/x509.h> #include <openssl/x509.h> Loading @@ -63,6 +62,13 @@ #include <openssl/hmac.h> #include <openssl/hmac.h> #include "cryptlib.h" #include "cryptlib.h" /* set this to print out info about the keygen algorithm */ /* #define DEBUG_PKCS5V2 */ #ifdef DEBUG_PKCS5V2 static void h__dump (const unsigned char *p, int len); #endif /* This is an implementation of PKCS#5 v2.0 password based encryption key /* This is an implementation of PKCS#5 v2.0 password based encryption key * derivation function PBKDF2 using the only currently defined function HMAC * derivation function PBKDF2 using the only currently defined function HMAC * with SHA1. Verified against test vectors posted by Peter Gutmann * with SHA1. Verified against test vectors posted by Peter Gutmann Loading @@ -74,14 +80,15 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, int keylen, unsigned char *out) int keylen, unsigned char *out) { { unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; int cplen, j, k; int cplen, j, k, tkeylen; unsigned long i = 1; unsigned long i = 1; HMAC_CTX hctx; HMAC_CTX hctx; p = out; p = out; tkeylen = keylen; if(passlen == -1) passlen = strlen(pass); if(passlen == -1) passlen = strlen(pass); while(keylen) { while(tkeylen) { if(keylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH; if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH; else cplen = keylen; else cplen = tkeylen; /* We are unlikely to ever use more than 256 blocks (5120 bits!) /* We are unlikely to ever use more than 256 blocks (5120 bits!) * but just in case... * but just in case... */ */ Loading @@ -99,11 +106,20 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, digtmp, SHA_DIGEST_LENGTH, digtmp, NULL); digtmp, SHA_DIGEST_LENGTH, digtmp, NULL); for(k = 0; k < cplen; k++) p[k] ^= digtmp[k]; for(k = 0; k < cplen; k++) p[k] ^= digtmp[k]; } } keylen-= cplen; tkeylen-= cplen; i++; i++; p+= cplen; p+= cplen; } } HMAC_cleanup(&hctx); HMAC_cleanup(&hctx); #ifdef DEBUG_PKCS5V2 fprintf(stderr, "Password:\n"); h__dump (pass, passlen); fprintf(stderr, "Salt:\n"); h__dump (salt, saltlen); fprintf(stderr, "Iteration count %d\n", iter); fprintf(stderr, "Key:\n"); h__dump (out, keylen); #endif return 1; return 1; } } Loading Loading @@ -219,4 +235,12 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, PBKDF2PARAM_free(kdf); PBKDF2PARAM_free(kdf); return 0; return 0; } } #ifdef DEBUG_PKCS5V2 static void h__dump (const unsigned char *p, int len) { for (; len --; p++) fprintf(stderr, "%02X ", *p); fprintf(stderr, "\n"); } #endif #endif
