| OLD | NEW |
|---|
| 1 /* p12_key.c */ | 1 /* p12_key.c */ |
| 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 * project 1999. | 3 * project 1999. |
| 4 */ | 4 */ |
| 5 /* ==================================================================== | 5 /* ==================================================================== |
| 6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
| 7 * | 7 * |
| 8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
| 9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
| 10 * are met: | 10 * are met: |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 62 #include <openssl/bn.h> | 62 #include <openssl/bn.h> |
| 63 | 63 |
| 64 /* Uncomment out this line to get debugging info about key generation */ | 64 /* Uncomment out this line to get debugging info about key generation */ |
| 65 /*#define DEBUG_KEYGEN*/ | 65 /*#define DEBUG_KEYGEN*/ |
| 66 #ifdef DEBUG_KEYGEN | 66 #ifdef DEBUG_KEYGEN |
| 67 #include <openssl/bio.h> | 67 #include <openssl/bio.h> |
| 68 extern BIO *bio_err; | 68 extern BIO *bio_err; |
| 69 void h__dump (unsigned char *p, int len); | 69 void h__dump (unsigned char *p, int len); |
| 70 #endif | 70 #endif |
| 71 | 71 |
| 72 #ifdef OPENSSL_SYS_NETWARE | |
| 73 /* Rename these functions to avoid name clashes on NetWare OS */ | |
| 74 #define uni2asc OPENSSL_uni2asc | |
| 75 #define asc2uni OPENSSL_asc2uni | |
| 76 #endif | |
| 77 | |
| 78 /* PKCS12 compatible key/IV generation */ | 72 /* PKCS12 compatible key/IV generation */ |
| 79 #ifndef min | 73 #ifndef min |
| 80 #define min(a,b) ((a) < (b) ? (a) : (b)) | 74 #define min(a,b) ((a) < (b) ? (a) : (b)) |
| 81 #endif | 75 #endif |
| 82 | 76 |
| 83 int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, | 77 int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, |
| 84 int saltlen, int id, int iter, int n, unsigned char *out, | 78 int saltlen, int id, int iter, int n, unsigned char *out, |
| 85 const EVP_MD *md_type) | 79 const EVP_MD *md_type) |
| 86 { | 80 { |
| 87 int ret; | 81 int ret; |
| 88 unsigned char *unipass; | 82 unsigned char *unipass; |
| 89 int uniplen; | 83 int uniplen; |
| 84 |
| 90 if(!pass) { | 85 if(!pass) { |
| 91 unipass = NULL; | 86 unipass = NULL; |
| 92 uniplen = 0; | 87 uniplen = 0; |
| 93 » } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) { | 88 » } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) { |
| 94 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE); | 89 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE); |
| 95 return 0; | 90 return 0; |
| 96 } | 91 } |
| 97 ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, | 92 ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, |
| 98 id, iter, n, out, md_type); | 93 id, iter, n, out, md_type); |
| 94 if (ret <= 0) |
| 95 return 0; |
| 99 if(unipass) { | 96 if(unipass) { |
| 100 OPENSSL_cleanse(unipass, uniplen); /* Clear password from m
emory */ | 97 OPENSSL_cleanse(unipass, uniplen); /* Clear password from m
emory */ |
| 101 OPENSSL_free(unipass); | 98 OPENSSL_free(unipass); |
| 102 } | 99 } |
| 103 return ret; | 100 return ret; |
| 104 } | 101 } |
| 105 | 102 |
| 106 int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, | 103 int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, |
| 107 int saltlen, int id, int iter, int n, unsigned char *out, | 104 int saltlen, int id, int iter, int n, unsigned char *out, |
| 108 const EVP_MD *md_type) | 105 const EVP_MD *md_type) |
| 109 { | 106 { |
| 110 unsigned char *B, *D, *I, *p, *Ai; | 107 unsigned char *B, *D, *I, *p, *Ai; |
| 111 int Slen, Plen, Ilen, Ijlen; | 108 int Slen, Plen, Ilen, Ijlen; |
| 112 int i, j, u, v; | 109 int i, j, u, v; |
| 110 int ret = 0; |
| 113 BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ | 111 BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ |
| 114 EVP_MD_CTX ctx; | 112 EVP_MD_CTX ctx; |
| 115 #ifdef DEBUG_KEYGEN | 113 #ifdef DEBUG_KEYGEN |
| 116 unsigned char *tmpout = out; | 114 unsigned char *tmpout = out; |
| 117 int tmpn = n; | 115 int tmpn = n; |
| 118 #endif | 116 #endif |
| 119 | 117 |
| 120 #if 0 | 118 #if 0 |
| 121 if (!pass) { | 119 if (!pass) { |
| 122 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETE
R); | 120 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETE
R); |
| 123 return 0; | 121 return 0; |
| 124 } | 122 } |
| 125 #endif | 123 #endif |
| 126 | 124 |
| 127 EVP_MD_CTX_init(&ctx); | 125 EVP_MD_CTX_init(&ctx); |
| 128 #ifdef DEBUG_KEYGEN | 126 #ifdef DEBUG_KEYGEN |
| 129 fprintf(stderr, "KEYGEN DEBUG\n"); | 127 fprintf(stderr, "KEYGEN DEBUG\n"); |
| 130 fprintf(stderr, "ID %d, ITER %d\n", id, iter); | 128 fprintf(stderr, "ID %d, ITER %d\n", id, iter); |
| 131 fprintf(stderr, "Password (length %d):\n", passlen); | 129 fprintf(stderr, "Password (length %d):\n", passlen); |
| 132 h__dump(pass, passlen); | 130 h__dump(pass, passlen); |
| 133 fprintf(stderr, "Salt (length %d):\n", saltlen); | 131 fprintf(stderr, "Salt (length %d):\n", saltlen); |
| 134 h__dump(salt, saltlen); | 132 h__dump(salt, saltlen); |
| 135 #endif | 133 #endif |
| 136 v = EVP_MD_block_size (md_type); | 134 v = EVP_MD_block_size (md_type); |
| 137 u = EVP_MD_size (md_type); | 135 u = EVP_MD_size (md_type); |
| 136 if (u < 0) |
| 137 return 0; |
| 138 D = OPENSSL_malloc (v); | 138 D = OPENSSL_malloc (v); |
| 139 Ai = OPENSSL_malloc (u); | 139 Ai = OPENSSL_malloc (u); |
| 140 B = OPENSSL_malloc (v + 1); | 140 B = OPENSSL_malloc (v + 1); |
| 141 Slen = v * ((saltlen+v-1)/v); | 141 Slen = v * ((saltlen+v-1)/v); |
| 142 if(passlen) Plen = v * ((passlen+v-1)/v); | 142 if(passlen) Plen = v * ((passlen+v-1)/v); |
| 143 else Plen = 0; | 143 else Plen = 0; |
| 144 Ilen = Slen + Plen; | 144 Ilen = Slen + Plen; |
| 145 I = OPENSSL_malloc (Ilen); | 145 I = OPENSSL_malloc (Ilen); |
| 146 Ij = BN_new(); | 146 Ij = BN_new(); |
| 147 Bpl1 = BN_new(); | 147 Bpl1 = BN_new(); |
| 148 » if (!D || !Ai || !B || !I || !Ij || !Bpl1) { | 148 » if (!D || !Ai || !B || !I || !Ij || !Bpl1) |
| 149 » » PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE); | 149 » » goto err; |
| 150 » » return 0; | |
| 151 » } | |
| 152 for (i = 0; i < v; i++) D[i] = id; | 150 for (i = 0; i < v; i++) D[i] = id; |
| 153 p = I; | 151 p = I; |
| 154 for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen]; | 152 for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen]; |
| 155 for (i = 0; i < Plen; i++) *p++ = pass[i % passlen]; | 153 for (i = 0; i < Plen; i++) *p++ = pass[i % passlen]; |
| 156 for (;;) { | 154 for (;;) { |
| 157 EVP_DigestInit_ex(&ctx, md_type, NULL); | 155 EVP_DigestInit_ex(&ctx, md_type, NULL); |
| 158 EVP_DigestUpdate(&ctx, D, v); | 156 EVP_DigestUpdate(&ctx, D, v); |
| 159 EVP_DigestUpdate(&ctx, I, Ilen); | 157 EVP_DigestUpdate(&ctx, I, Ilen); |
| 160 EVP_DigestFinal_ex(&ctx, Ai, NULL); | 158 EVP_DigestFinal_ex(&ctx, Ai, NULL); |
| 161 for (j = 1; j < iter; j++) { | 159 for (j = 1; j < iter; j++) { |
| 162 EVP_DigestInit_ex(&ctx, md_type, NULL); | 160 EVP_DigestInit_ex(&ctx, md_type, NULL); |
| 163 EVP_DigestUpdate(&ctx, Ai, u); | 161 EVP_DigestUpdate(&ctx, Ai, u); |
| 164 EVP_DigestFinal_ex(&ctx, Ai, NULL); | 162 EVP_DigestFinal_ex(&ctx, Ai, NULL); |
| 165 } | 163 } |
| 166 memcpy (out, Ai, min (n, u)); | 164 memcpy (out, Ai, min (n, u)); |
| 167 if (u >= n) { | 165 if (u >= n) { |
| 168 OPENSSL_free (Ai); | |
| 169 OPENSSL_free (B); | |
| 170 OPENSSL_free (D); | |
| 171 OPENSSL_free (I); | |
| 172 BN_free (Ij); | |
| 173 BN_free (Bpl1); | |
| 174 EVP_MD_CTX_cleanup(&ctx); | |
| 175 #ifdef DEBUG_KEYGEN | 166 #ifdef DEBUG_KEYGEN |
| 176 fprintf(stderr, "Output KEY (length %d)\n", tmpn); | 167 fprintf(stderr, "Output KEY (length %d)\n", tmpn); |
| 177 h__dump(tmpout, tmpn); | 168 h__dump(tmpout, tmpn); |
| 178 #endif | 169 #endif |
| 179 » » » return 1;» | 170 » » » ret = 1; |
| 171 » » » goto end; |
| 180 } | 172 } |
| 181 n -= u; | 173 n -= u; |
| 182 out += u; | 174 out += u; |
| 183 for (j = 0; j < v; j++) B[j] = Ai[j % u]; | 175 for (j = 0; j < v; j++) B[j] = Ai[j % u]; |
| 184 /* Work out B + 1 first then can use B as tmp space */ | 176 /* Work out B + 1 first then can use B as tmp space */ |
| 185 » » BN_bin2bn (B, v, Bpl1); | 177 » » if (!BN_bin2bn (B, v, Bpl1)) goto err; |
| 186 » » BN_add_word (Bpl1, 1); | 178 » » if (!BN_add_word (Bpl1, 1)) goto err; |
| 187 for (j = 0; j < Ilen ; j+=v) { | 179 for (j = 0; j < Ilen ; j+=v) { |
| 188 » » » BN_bin2bn (I + j, v, Ij); | 180 » » » if (!BN_bin2bn (I + j, v, Ij)) goto err; |
| 189 » » » BN_add (Ij, Ij, Bpl1); | 181 » » » if (!BN_add (Ij, Ij, Bpl1)) goto err; |
| 190 BN_bn2bin (Ij, B); | 182 BN_bn2bin (Ij, B); |
| 191 Ijlen = BN_num_bytes (Ij); | 183 Ijlen = BN_num_bytes (Ij); |
| 192 /* If more than 2^(v*8) - 1 cut off MSB */ | 184 /* If more than 2^(v*8) - 1 cut off MSB */ |
| 193 if (Ijlen > v) { | 185 if (Ijlen > v) { |
| 194 BN_bn2bin (Ij, B); | 186 BN_bn2bin (Ij, B); |
| 195 memcpy (I + j, B + 1, v); | 187 memcpy (I + j, B + 1, v); |
| 196 #ifndef PKCS12_BROKEN_KEYGEN | 188 #ifndef PKCS12_BROKEN_KEYGEN |
| 197 /* If less than v bytes pad with zeroes */ | 189 /* If less than v bytes pad with zeroes */ |
| 198 } else if (Ijlen < v) { | 190 } else if (Ijlen < v) { |
| 199 memset(I + j, 0, v - Ijlen); | 191 memset(I + j, 0, v - Ijlen); |
| 200 BN_bn2bin(Ij, I + j + v - Ijlen); | 192 BN_bn2bin(Ij, I + j + v - Ijlen); |
| 201 #endif | 193 #endif |
| 202 } else BN_bn2bin (Ij, I + j); | 194 } else BN_bn2bin (Ij, I + j); |
| 203 } | 195 } |
| 204 } | 196 } |
| 197 |
| 198 err: |
| 199 PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE); |
| 200 |
| 201 end: |
| 202 OPENSSL_free (Ai); |
| 203 OPENSSL_free (B); |
| 204 OPENSSL_free (D); |
| 205 OPENSSL_free (I); |
| 206 BN_free (Ij); |
| 207 BN_free (Bpl1); |
| 208 EVP_MD_CTX_cleanup(&ctx); |
| 209 return ret; |
| 205 } | 210 } |
| 206 #ifdef DEBUG_KEYGEN | 211 #ifdef DEBUG_KEYGEN |
| 207 void h__dump (unsigned char *p, int len) | 212 void h__dump (unsigned char *p, int len) |
| 208 { | 213 { |
| 209 for (; len --; p++) fprintf(stderr, "%02X", *p); | 214 for (; len --; p++) fprintf(stderr, "%02X", *p); |
| 210 fprintf(stderr, "\n"); | 215 fprintf(stderr, "\n"); |
| 211 } | 216 } |
| 212 #endif | 217 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/