Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 f513939e 编写于 作者: D Dr. Stephen Henson
浏览文件
操作

Add a debugging option to PKCS#5 v2.0 key generation function.

上级 0ab8beb4
隐藏空白更改
内联 并排
Showing with 35 addition and 6 deletion
CHANGES
浏览文件 @ f513939e
...@@ -4,6 +4,11 @@ ...@@ -4,6 +4,11 @@
Changes between 0.9.3a and 0.9.4 Changes between 0.9.3a and 0.9.4
*) Add a debugging option to PKCS#5 v2 key generation function: when
you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and
derived keys are printed to stderr.
[Steve Henson]
*) Copy the flags in ASN1_STRING_dup(). *) Copy the flags in ASN1_STRING_dup().
[Roman E. Pavlov <pre@mo.msk.ru>] [Roman E. Pavlov <pre@mo.msk.ru>]
......
crypto/evp/p5_crpt2.c
浏览文件 @ f513939e
...@@ -55,7 +55,6 @@ ...@@ -55,7 +55,6 @@
* Hudson (tjh@cryptsoft.com). * Hudson (tjh@cryptsoft.com).
* *
*/ */
#if !defined(NO_HMAC) && !defined(NO_SHA)
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <openssl/x509.h> #include <openssl/x509.h>
...@@ -63,6 +62,13 @@ ...@@ -63,6 +62,13 @@
#include <openssl/hmac.h> #include <openssl/hmac.h>
#include "cryptlib.h" #include "cryptlib.h"
/* set this to print out info about the keygen algorithm */
/* #define DEBUG_PKCS5V2 */
#ifdef DEBUG_PKCS5V2
static void h__dump (const unsigned char *p, int len);
#endif
/* This is an implementation of PKCS#5 v2.0 password based encryption key /* This is an implementation of PKCS#5 v2.0 password based encryption key
* derivation function PBKDF2 using the only currently defined function HMAC * derivation function PBKDF2 using the only currently defined function HMAC
* with SHA1. Verified against test vectors posted by Peter Gutmann * with SHA1. Verified against test vectors posted by Peter Gutmann
...@@ -74,14 +80,15 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, ...@@ -74,14 +80,15 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
int keylen, unsigned char *out) int keylen, unsigned char *out)
{ {
unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4];
int cplen, j, k; int cplen, j, k, tkeylen;
unsigned long i = 1; unsigned long i = 1;
HMAC_CTX hctx; HMAC_CTX hctx;
p = out; p = out;
tkeylen = keylen;
if(passlen == -1) passlen = strlen(pass); if(passlen == -1) passlen = strlen(pass);
while(keylen) { while(tkeylen) {
if(keylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH; if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH;
else cplen = keylen; else cplen = tkeylen;
/* We are unlikely to ever use more than 256 blocks (5120 bits!) /* We are unlikely to ever use more than 256 blocks (5120 bits!)
* but just in case... * but just in case...
*/ */
...@@ -99,11 +106,20 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, ...@@ -99,11 +106,20 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
digtmp, SHA_DIGEST_LENGTH, digtmp, NULL); digtmp, SHA_DIGEST_LENGTH, digtmp, NULL);
for(k = 0; k < cplen; k++) p[k] ^= digtmp[k]; for(k = 0; k < cplen; k++) p[k] ^= digtmp[k];
} }
keylen-= cplen; tkeylen-= cplen;
i++; i++;
p+= cplen; p+= cplen;
} }
HMAC_cleanup(&hctx); HMAC_cleanup(&hctx);
#ifdef DEBUG_PKCS5V2
fprintf(stderr, "Password:\n");
h__dump (pass, passlen);
fprintf(stderr, "Salt:\n");
h__dump (salt, saltlen);
fprintf(stderr, "Iteration count %d\n", iter);
fprintf(stderr, "Key:\n");
h__dump (out, keylen);
#endif
return 1; return 1;
} }
...@@ -219,4 +235,12 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ...@@ -219,4 +235,12 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
PBKDF2PARAM_free(kdf); PBKDF2PARAM_free(kdf);
return 0; return 0;
} }
#ifdef DEBUG_PKCS5V2
static void h__dump (const unsigned char *p, int len)
{
for (; len --; p++) fprintf(stderr, "%02X ", *p);
fprintf(stderr, "\n");
}
#endif #endif
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册