X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fevp%2Fp5_crpt2.c;h=1c09879e899d34b644889d3fdad4661b26fa33eb;hp=27a2c518bedd3342a664ddeabdc422b2577ae4f5;hb=a620626a33b29abe7a3b142c0a2379ffa0028ca7;hpb=9a3bbbce9180c7fb9a5566dc5722b50f39aeaba1 diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 27a2c518be..1c09879e89 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -3,7 +3,7 @@ * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -55,13 +55,13 @@ * Hudson (tjh@cryptsoft.com). * */ -#if !defined(NO_HMAC) && !defined(NO_SHA) #include #include +#include "cryptlib.h" +#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) #include #include #include -#include "cryptlib.h" /* set this to print out info about the keygen algorithm */ /* #define DEBUG_PKCS5V2 */ @@ -71,25 +71,36 @@ #endif /* This is an implementation of PKCS#5 v2.0 password based encryption key - * derivation function PBKDF2 using the only currently defined function HMAC - * with SHA1. Verified against test vectors posted by Peter Gutmann + * derivation function PBKDF2. + * SHA1 version verified against test vectors posted by Peter Gutmann * to the PKCS-TNG mailing list. */ -int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, +int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + const EVP_MD *digest, int keylen, unsigned char *out) -{ - unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; - int cplen, j, k, tkeylen; + { + unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; + int cplen, j, k, tkeylen, mdlen; unsigned long i = 1; HMAC_CTX hctx; + + mdlen = EVP_MD_size(digest); + + HMAC_CTX_init(&hctx); p = out; tkeylen = keylen; - if(passlen == -1) passlen = strlen(pass); - while(tkeylen) { - if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH; - else cplen = tkeylen; + if(!pass) + passlen = 0; + else if(passlen == -1) + passlen = strlen(pass); + while(tkeylen) + { + if(tkeylen > mdlen) + cplen = mdlen; + else + cplen = tkeylen; /* We are unlikely to ever use more than 256 blocks (5120 bits!) * but just in case... */ @@ -97,21 +108,23 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, itmp[1] = (unsigned char)((i >> 16) & 0xff); itmp[2] = (unsigned char)((i >> 8) & 0xff); itmp[3] = (unsigned char)(i & 0xff); - HMAC_Init(&hctx, pass, passlen, EVP_sha1()); + HMAC_Init_ex(&hctx, pass, passlen, digest, NULL); HMAC_Update(&hctx, salt, saltlen); HMAC_Update(&hctx, itmp, 4); HMAC_Final(&hctx, digtmp, NULL); memcpy(p, digtmp, cplen); - for(j = 1; j < iter; j++) { - HMAC(EVP_sha1(), pass, passlen, - digtmp, SHA_DIGEST_LENGTH, digtmp, NULL); - for(k = 0; k < cplen; k++) p[k] ^= digtmp[k]; - } + for(j = 1; j < iter; j++) + { + HMAC(digest, pass, passlen, + digtmp, mdlen, digtmp, NULL); + for(k = 0; k < cplen; k++) + p[k] ^= digtmp[k]; + } tkeylen-= cplen; i++; p+= cplen; - } - HMAC_cleanup(&hctx); + } + HMAC_CTX_cleanup(&hctx); #ifdef DEBUG_PKCS5V2 fprintf(stderr, "Password:\n"); h__dump (pass, passlen); @@ -122,7 +135,15 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, h__dump (out, keylen); #endif return 1; -} + } + +int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + int keylen, unsigned char *out) + { + return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, EVP_sha1(), + keylen, out); + } #ifdef DO_TEST main() @@ -142,19 +163,28 @@ main() */ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER *c, EVP_MD *md, + ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) { - unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH]; - int saltlen, keylen, iter, plen; + unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; + const unsigned char *pbuf; + int saltlen, iter, plen; + unsigned int keylen; PBE2PARAM *pbe2 = NULL; const EVP_CIPHER *cipher; PBKDF2PARAM *kdf = NULL; + const EVP_MD *prfmd; + int prf_nid, hmac_md_nid; + + if (param == NULL || param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); + return 0; + } pbuf = param->value.sequence->data; plen = param->value.sequence->length; - if(!param || (param->type != V_ASN1_SEQUENCE) || - !(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { + if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); return 0; } @@ -170,8 +200,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, /* lets see if we recognise the encryption algorithm. */ - cipher = EVP_get_cipherbyname( - OBJ_nid2sn(OBJ_obj2nid(pbe2->encryption->algorithm))); + cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm); if(!cipher) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, @@ -180,21 +209,27 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, } /* Fixup cipher based on AlgorithmIdentifier */ - EVP_CipherInit(ctx, cipher, NULL, NULL, en_de); + EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de); if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR); goto err; } keylen = EVP_CIPHER_CTX_key_length(ctx); + OPENSSL_assert(keylen <= sizeof key); /* Now decode key derivation function */ + if(!pbe2->keyfunc->parameter || + (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE)) + { + EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); + goto err; + } + pbuf = pbe2->keyfunc->parameter->value.sequence->data; plen = pbe2->keyfunc->parameter->value.sequence->length; - if(!pbe2->keyfunc->parameter || - (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE) || - !(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { + if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); goto err; } @@ -204,16 +239,29 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, /* Now check the parameters of the kdf */ - if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != keylen)){ + if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_KEYLENGTH); goto err; } - if(kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) { + if (kdf->prf) + prf_nid = OBJ_obj2nid(kdf->prf->algorithm); + else + prf_nid = NID_hmacWithSHA1; + + if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) + { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); goto err; - } + } + + prfmd = EVP_get_digestbynid(hmac_md_nid); + if (prfmd == NULL) + { + EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); + goto err; + } if(kdf->salt->type != V_ASN1_OCTET_STRING) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, @@ -225,9 +273,10 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, salt = kdf->salt->value.octet_string->data; saltlen = kdf->salt->value.octet_string->length; iter = ASN1_INTEGER_get(kdf->iter); - PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key); - EVP_CipherInit(ctx, NULL, key, NULL, en_de); - memset(key, 0, keylen); + PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd, + keylen, key); + EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); + OPENSSL_cleanse(key, keylen); PBKDF2PARAM_free(kdf); return 1;