Index: openssl/crypto/evp/p5_crpt2.c |
diff --git a/openssl/crypto/evp/p5_crpt2.c b/openssl/crypto/evp/p5_crpt2.c |
deleted file mode 100644 |
index 975d004df4732d1eefa091cc64b76f1b2ef2a984..0000000000000000000000000000000000000000 |
--- a/openssl/crypto/evp/p5_crpt2.c |
+++ /dev/null |
@@ -1,322 +0,0 @@ |
-/* p5_crpt2.c */ |
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
- * project 1999. |
- */ |
-/* ==================================================================== |
- * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. |
- * |
- * Redistribution and use in source and binary forms, with or without |
- * modification, are permitted provided that the following conditions |
- * are met: |
- * |
- * 1. Redistributions of source code must retain the above copyright |
- * notice, this list of conditions and the following disclaimer. |
- * |
- * 2. Redistributions in binary form must reproduce the above copyright |
- * notice, this list of conditions and the following disclaimer in |
- * the documentation and/or other materials provided with the |
- * distribution. |
- * |
- * 3. All advertising materials mentioning features or use of this |
- * software must display the following acknowledgment: |
- * "This product includes software developed by the OpenSSL Project |
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
- * |
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
- * endorse or promote products derived from this software without |
- * prior written permission. For written permission, please contact |
- * licensing@OpenSSL.org. |
- * |
- * 5. Products derived from this software may not be called "OpenSSL" |
- * nor may "OpenSSL" appear in their names without prior written |
- * permission of the OpenSSL Project. |
- * |
- * 6. Redistributions of any form whatsoever must retain the following |
- * acknowledgment: |
- * "This product includes software developed by the OpenSSL Project |
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
- * |
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
- * OF THE POSSIBILITY OF SUCH DAMAGE. |
- * ==================================================================== |
- * |
- * This product includes cryptographic software written by Eric Young |
- * (eay@cryptsoft.com). This product includes software written by Tim |
- * Hudson (tjh@cryptsoft.com). |
- * |
- */ |
-#include <stdio.h> |
-#include <stdlib.h> |
-#include "cryptlib.h" |
-#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) |
-#include <openssl/x509.h> |
-#include <openssl/evp.h> |
-#include <openssl/hmac.h> |
-#include "evp_locl.h" |
- |
-/* set this to print out info about the keygen algorithm */ |
-/* #define DEBUG_PKCS5V2 */ |
- |
-#ifdef DEBUG_PKCS5V2 |
- static void h__dump (const unsigned char *p, int len); |
-#endif |
- |
-/* This is an implementation of PKCS#5 v2.0 password based encryption key |
- * derivation function PBKDF2. |
- * SHA1 version verified against test vectors posted by Peter Gutmann |
- * <pgut001@cs.auckland.ac.nz> to the PKCS-TNG <pkcs-tng@rsa.com> mailing list. |
- */ |
- |
-int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, |
- const unsigned char *salt, int saltlen, int iter, |
- const EVP_MD *digest, |
- int keylen, unsigned char *out) |
- { |
- unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; |
- int cplen, j, k, tkeylen, mdlen; |
- unsigned long i = 1; |
- HMAC_CTX hctx; |
- |
- mdlen = EVP_MD_size(digest); |
- if (mdlen < 0) |
- return 0; |
- |
- HMAC_CTX_init(&hctx); |
- p = out; |
- tkeylen = keylen; |
- if(!pass) |
- passlen = 0; |
- else if(passlen == -1) |
- passlen = strlen(pass); |
- while(tkeylen) |
- { |
- if(tkeylen > mdlen) |
- cplen = mdlen; |
- else |
- cplen = tkeylen; |
- /* We are unlikely to ever use more than 256 blocks (5120 bits!) |
- * but just in case... |
- */ |
- itmp[0] = (unsigned char)((i >> 24) & 0xff); |
- itmp[1] = (unsigned char)((i >> 16) & 0xff); |
- itmp[2] = (unsigned char)((i >> 8) & 0xff); |
- itmp[3] = (unsigned char)(i & 0xff); |
- if (!HMAC_Init_ex(&hctx, pass, passlen, digest, NULL) |
- || !HMAC_Update(&hctx, salt, saltlen) |
- || !HMAC_Update(&hctx, itmp, 4) |
- || !HMAC_Final(&hctx, digtmp, NULL)) |
- { |
- HMAC_CTX_cleanup(&hctx); |
- return 0; |
- } |
- memcpy(p, digtmp, cplen); |
- for(j = 1; j < iter; j++) |
- { |
- HMAC(digest, pass, passlen, |
- digtmp, mdlen, digtmp, NULL); |
- for(k = 0; k < cplen; k++) |
- p[k] ^= digtmp[k]; |
- } |
- tkeylen-= cplen; |
- i++; |
- p+= cplen; |
- } |
- HMAC_CTX_cleanup(&hctx); |
-#ifdef DEBUG_PKCS5V2 |
- fprintf(stderr, "Password:\n"); |
- h__dump (pass, passlen); |
- fprintf(stderr, "Salt:\n"); |
- h__dump (salt, saltlen); |
- fprintf(stderr, "Iteration count %d\n", iter); |
- fprintf(stderr, "Key:\n"); |
- h__dump (out, keylen); |
-#endif |
- return 1; |
- } |
- |
-int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, |
- const unsigned char *salt, int saltlen, int iter, |
- int keylen, unsigned char *out) |
- { |
- return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, EVP_sha1(), |
- keylen, out); |
- } |
- |
-#ifdef DO_TEST |
-main() |
-{ |
- unsigned char out[4]; |
- unsigned char salt[] = {0x12, 0x34, 0x56, 0x78}; |
- PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out); |
- fprintf(stderr, "Out %02X %02X %02X %02X\n", |
- out[0], out[1], out[2], out[3]); |
-} |
- |
-#endif |
- |
-/* Now the key derivation function itself. This is a bit evil because |
- * it has to check the ASN1 parameters are valid: and there are quite a |
- * few of them... |
- */ |
- |
-int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, |
- ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, |
- int en_de) |
-{ |
- const unsigned char *pbuf; |
- int plen; |
- PBE2PARAM *pbe2 = NULL; |
- const EVP_CIPHER *cipher; |
- |
- int rv = 0; |
- |
- if (param == NULL || param->type != V_ASN1_SEQUENCE || |
- param->value.sequence == NULL) { |
- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); |
- goto err; |
- } |
- |
- pbuf = param->value.sequence->data; |
- plen = param->value.sequence->length; |
- if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { |
- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); |
- goto err; |
- } |
- |
- /* See if we recognise the key derivation function */ |
- |
- if(OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) { |
- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, |
- EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); |
- goto err; |
- } |
- |
- /* lets see if we recognise the encryption algorithm. |
- */ |
- |
- cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm); |
- |
- if(!cipher) { |
- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, |
- EVP_R_UNSUPPORTED_CIPHER); |
- goto err; |
- } |
- |
- /* Fixup cipher based on AlgorithmIdentifier */ |
- if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de)) |
- goto err; |
- if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { |
- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, |
- EVP_R_CIPHER_PARAMETER_ERROR); |
- goto err; |
- } |
- rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen, |
- pbe2->keyfunc->parameter, c, md, en_de); |
- err: |
- PBE2PARAM_free(pbe2); |
- return rv; |
-} |
- |
-int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, |
- ASN1_TYPE *param, |
- const EVP_CIPHER *c, const EVP_MD *md, int en_de) |
-{ |
- unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; |
- const unsigned char *pbuf; |
- int saltlen, iter, plen; |
- int rv = 0; |
- unsigned int keylen = 0; |
- int prf_nid, hmac_md_nid; |
- PBKDF2PARAM *kdf = NULL; |
- const EVP_MD *prfmd; |
- |
- if (EVP_CIPHER_CTX_cipher(ctx) == NULL) |
- { |
- EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,EVP_R_NO_CIPHER_SET); |
- goto err; |
- } |
- keylen = EVP_CIPHER_CTX_key_length(ctx); |
- OPENSSL_assert(keylen <= sizeof key); |
- |
- /* Decode parameter */ |
- |
- if(!param || (param->type != V_ASN1_SEQUENCE)) |
- { |
- EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,EVP_R_DECODE_ERROR); |
- goto err; |
- } |
- |
- pbuf = param->value.sequence->data; |
- plen = param->value.sequence->length; |
- |
- if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { |
- EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,EVP_R_DECODE_ERROR); |
- goto err; |
- } |
- |
- keylen = EVP_CIPHER_CTX_key_length(ctx); |
- |
- /* Now check the parameters of the kdf */ |
- |
- if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ |
- EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, |
- EVP_R_UNSUPPORTED_KEYLENGTH); |
- goto err; |
- } |
- |
- if (kdf->prf) |
- prf_nid = OBJ_obj2nid(kdf->prf->algorithm); |
- else |
- prf_nid = NID_hmacWithSHA1; |
- |
- if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) |
- { |
- EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); |
- goto err; |
- } |
- |
- prfmd = EVP_get_digestbynid(hmac_md_nid); |
- if (prfmd == NULL) |
- { |
- EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); |
- goto err; |
- } |
- |
- if(kdf->salt->type != V_ASN1_OCTET_STRING) { |
- EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, |
- EVP_R_UNSUPPORTED_SALT_TYPE); |
- goto err; |
- } |
- |
- /* it seems that its all OK */ |
- salt = kdf->salt->value.octet_string->data; |
- saltlen = kdf->salt->value.octet_string->length; |
- iter = ASN1_INTEGER_get(kdf->iter); |
- if(!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd, |
- keylen, key)) |
- goto err; |
- rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); |
- err: |
- OPENSSL_cleanse(key, keylen); |
- PBKDF2PARAM_free(kdf); |
- return rv; |
-} |
- |
-#ifdef DEBUG_PKCS5V2 |
-static void h__dump (const unsigned char *p, int len) |
-{ |
- for (; len --; p++) fprintf(stderr, "%02X ", *p); |
- fprintf(stderr, "\n"); |
-} |
-#endif |
-#endif |