From: Dr. Stephen Henson <steve@openssl.org>
Date: Sun, 11 Jul 1999 12:40:46 +0000 (+0000)
Subject: Add a debugging option to PKCS#5 v2.0 key generation function.
X-Git-Tag: OpenSSL_0_9_4~114
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=f513939ebba7e6461319f58254f072023763cde3

Add a debugging option to PKCS#5 v2.0 key generation function.
---

diff --git a/CHANGES b/CHANGES
index 94cae7d52e..fc8e884e29 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 0.9.3a and 0.9.4
 
+  *) Add a debugging option to PKCS#5 v2 key generation function: when
+     you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and
+     derived keys are printed to stderr.
+     [Steve Henson]
+
   *) Copy the flags in ASN1_STRING_dup().
      [Roman E. Pavlov <pre@mo.msk.ru>]
 
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index dd23bd24e4..2de3a2c9d2 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -55,7 +55,6 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
-#if !defined(NO_HMAC) && !defined(NO_SHA)
 #include <stdio.h>
 #include <stdlib.h>
 #include <openssl/x509.h>
@@ -63,6 +62,13 @@
 #include <openssl/hmac.h>
 #include "cryptlib.h"
 
+/* set this to print out info about the keygen algorithm */
+/* #define DEBUG_PKCS5V2 */
+
+#ifdef DEBUG_PKCS5V2
+	static void h__dump (const unsigned char *p, int len);
+#endif
+
 /* This is an implementation of PKCS#5 v2.0 password based encryption key
  * derivation function PBKDF2 using the only currently defined function HMAC
  * with SHA1. Verified against test vectors posted by Peter Gutmann
@@ -74,14 +80,15 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
 			   int keylen, unsigned char *out)
 {
 	unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4];
-	int cplen, j, k;
+	int cplen, j, k, tkeylen;
 	unsigned long i = 1;
 	HMAC_CTX hctx;
 	p = out;
+	tkeylen = keylen;
 	if(passlen == -1) passlen = strlen(pass);
-	while(keylen) {
-		if(keylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH;
-		else cplen = keylen;
+	while(tkeylen) {
+		if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH;
+		else cplen = tkeylen;
 		/* We are unlikely to ever use more than 256 blocks (5120 bits!)
 		 * but just in case...
 		 */
@@ -99,11 +106,20 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
 				 digtmp, SHA_DIGEST_LENGTH, digtmp, NULL);
 			for(k = 0; k < cplen; k++) p[k] ^= digtmp[k];
 		}
-		keylen-= cplen;
+		tkeylen-= cplen;
 		i++;
 		p+= cplen;
 	}
 	HMAC_cleanup(&hctx);
+#ifdef DEBUG_PKCS5V2
+	fprintf(stderr, "Password:\n");
+	h__dump (pass, passlen);
+	fprintf(stderr, "Salt:\n");
+	h__dump (salt, saltlen);
+	fprintf(stderr, "Iteration count %d\n", iter);
+	fprintf(stderr, "Key:\n");
+	h__dump (out, keylen);
+#endif
 	return 1;
 }
 
@@ -219,4 +235,12 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 	PBKDF2PARAM_free(kdf);
 	return 0;
 }
+
+#ifdef DEBUG_PKCS5V2
+static void h__dump (const unsigned char *p, int len)
+{
+        for (; len --; p++) fprintf(stderr, "%02X ", *p);
+        fprintf(stderr, "\n");
+}
 #endif
+