[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Wed May 20 11:23:12 UTC 2015
The branch master has been updated
via 3b53e18a4ff9ceddbcf3480afd1e787983038e2b (commit)
via a95fb9e35824b479ee208c504fc3824827b3fdcd (commit)
from 3a114e616424825689482398cc7f9eb8d146f591 (commit)
- Log -----------------------------------------------------------------
commit 3b53e18a4ff9ceddbcf3480afd1e787983038e2b
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue May 19 15:51:01 2015 +0100
Add scrypt tests.
Add scrypt test support to evp_test and add test values from
from draft-josefsson-scrypt-kdf-03.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit a95fb9e35824b479ee208c504fc3824827b3fdcd
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue May 19 12:43:12 2015 +0100
Add scrypt support.
Add scrypt algorithm as described in draft-josefsson-scrypt-kdf-03
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/Makefile | 4 +-
crypto/evp/scrypt.c | 295 ++++++++++++++++++++++++++++++++++++++++++++++++++
include/openssl/evp.h | 5 +
test/evp_test.c | 160 ++++++++++++++++++++++++++-
test/evptests.txt | 39 +++++++
5 files changed, 500 insertions(+), 3 deletions(-)
create mode 100644 crypto/evp/scrypt.c
diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile
index 6aa4d75..81ac1c2 100644
--- a/crypto/evp/Makefile
+++ b/crypto/evp/Makefile
@@ -24,7 +24,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \
p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
- evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
+ evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c scrypt.c \
e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c
@@ -37,7 +37,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
- evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
+ evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o scrypt.o \
e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \
e_aes_cbc_hmac_sha1.o e_aes_cbc_hmac_sha256.o e_rc4_hmac_md5.o
diff --git a/crypto/evp/scrypt.c b/crypto/evp/scrypt.c
new file mode 100644
index 0000000..971d53e
--- /dev/null
+++ b/crypto/evp/scrypt.c
@@ -0,0 +1,295 @@
+/* scrypt.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2015.
+ */
+/* ====================================================================
+ * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stddef.h>
+#include <stdio.h>
+#include <string.h>
+#include <openssl/evp.h>
+#include <internal/numbers.h>
+
+#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b))))
+static void salsa208_word_specification(uint32_t inout[16])
+{
+ int i;
+ uint32_t x[16];
+ memcpy(x, inout, sizeof(x));
+ for (i = 8; i > 0; i -= 2) {
+ x[4] ^= R(x[0] + x[12], 7);
+ x[8] ^= R(x[4] + x[0], 9);
+ x[12] ^= R(x[8] + x[4], 13);
+ x[0] ^= R(x[12] + x[8], 18);
+ x[9] ^= R(x[5] + x[1], 7);
+ x[13] ^= R(x[9] + x[5], 9);
+ x[1] ^= R(x[13] + x[9], 13);
+ x[5] ^= R(x[1] + x[13], 18);
+ x[14] ^= R(x[10] + x[6], 7);
+ x[2] ^= R(x[14] + x[10], 9);
+ x[6] ^= R(x[2] + x[14], 13);
+ x[10] ^= R(x[6] + x[2], 18);
+ x[3] ^= R(x[15] + x[11], 7);
+ x[7] ^= R(x[3] + x[15], 9);
+ x[11] ^= R(x[7] + x[3], 13);
+ x[15] ^= R(x[11] + x[7], 18);
+ x[1] ^= R(x[0] + x[3], 7);
+ x[2] ^= R(x[1] + x[0], 9);
+ x[3] ^= R(x[2] + x[1], 13);
+ x[0] ^= R(x[3] + x[2], 18);
+ x[6] ^= R(x[5] + x[4], 7);
+ x[7] ^= R(x[6] + x[5], 9);
+ x[4] ^= R(x[7] + x[6], 13);
+ x[5] ^= R(x[4] + x[7], 18);
+ x[11] ^= R(x[10] + x[9], 7);
+ x[8] ^= R(x[11] + x[10], 9);
+ x[9] ^= R(x[8] + x[11], 13);
+ x[10] ^= R(x[9] + x[8], 18);
+ x[12] ^= R(x[15] + x[14], 7);
+ x[13] ^= R(x[12] + x[15], 9);
+ x[14] ^= R(x[13] + x[12], 13);
+ x[15] ^= R(x[14] + x[13], 18);
+ }
+ for (i = 0; i < 16; ++i)
+ inout[i] += x[i];
+ OPENSSL_cleanse(x, sizeof(x));
+}
+
+static void scryptBlockMix(uint32_t *B_, uint32_t *B, uint64_t r)
+{
+ uint64_t i, j;
+ uint32_t X[16], *pB;
+
+ memcpy(X, B + (r * 2 - 1) * 16, sizeof(X));
+ pB = B;
+ for (i = 0; i < r * 2; i++) {
+ for (j = 0; j < 16; j++)
+ X[j] ^= *pB++;
+ salsa208_word_specification(X);
+ memcpy(B_ + (i / 2 + (i & 1) * r) * 16, X, sizeof(X));
+ }
+ OPENSSL_cleanse(X, sizeof(X));
+}
+
+static void scryptROMix(unsigned char *B, uint64_t r, uint64_t N,
+ uint32_t *X, uint32_t *T, uint32_t *V)
+{
+ unsigned char *pB;
+ uint32_t *pV;
+ uint64_t i, k;
+
+ /* Convert from little endian input */
+ for (pV = V, i = 0, pB = B; i < 32 * r; i++, pV++) {
+ *pV = *pB++;
+ *pV |= *pB++ << 8;
+ *pV |= *pB++ << 16;
+ *pV |= *pB++ << 24;
+ }
+
+ for (i = 1; i < N; i++, pV += 32 * r)
+ scryptBlockMix(pV, pV - 32 * r, r);
+
+ scryptBlockMix(X, V + (N - 1) * 32 * r, r);
+
+ for (i = 0; i < N; i++) {
+ uint32_t j;
+ j = X[16 * (2 * r - 1)] % N;
+ pV = V + 32 * r * j;
+ for (k = 0; k < 32 * r; k++)
+ T[k] = X[k] ^ *pV++;
+ scryptBlockMix(X, T, r);
+ }
+ /* Convert output to little endian */
+ for (i = 0, pB = B; i < 32 * r; i++) {
+ uint32_t xtmp = X[i];
+ *pB++ = xtmp & 0xff;
+ *pB++ = (xtmp >> 8) & 0xff;
+ *pB++ = (xtmp >> 16) & 0xff;
+ *pB++ = (xtmp >> 24) & 0xff;
+ }
+}
+
+#ifndef SIZE_MAX
+# define SIZE_MAX ((size_t)-1)
+#endif
+
+/*
+ * Maximum power of two that will fit in uint64_t: this should work on
+ * most (all?) platforms.
+ */
+
+#define LOG2_UINT64_MAX (sizeof(uint64_t) * 8 - 1)
+
+/*
+ * Maximum value of p * r:
+ * p <= ((2^32-1) * hLen) / MFLen =>
+ * p <= ((2^32-1) * 32) / (128 * r) =>
+ * p * r <= (2^30-1)
+ *
+ */
+
+#define SCRYPT_PR_MAX ((1 << 30) - 1)
+
+/*
+ * Maximum permitted memory allow this to be overridden with Configuration
+ * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible.
+ */
+
+#ifdef SCRYPT_MAX_MEM
+# if SCRYPT_MAX_MEM == 0
+# undef SCRYPT_MAX_MEM
+/*
+ * Although we could theoretically allocate SIZE_MAX memory that would leave
+ * no memory available for anything else so set limit as half that.
+ */
+# define SCRYPT_MAX_MEM (SIZE_MAX/2)
+# endif
+#else
+/* Default memory limit: 32 MB */
+# define SCRYPT_MAX_MEM (1024 * 1024 * 32)
+#endif
+
+int EVP_PBE_scrypt(const char *pass, size_t passlen,
+ const unsigned char *salt, size_t saltlen,
+ uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
+ unsigned char *key, size_t keylen)
+{
+ int rv = 0;
+ unsigned char *B;
+ uint32_t *X, *V, *T;
+ uint64_t i, Blen, Vlen;
+
+ /* Sanity check parameters */
+ /* initial check, r,p must be non zero, N >= 2 and a power of 2 */
+ if (r == 0 || p == 0 || N < 2 || (N & (N - 1)))
+ return 0;
+ /* Check p * r < SCRYPT_PR_MAX avoiding overflow */
+ if (p > SCRYPT_PR_MAX / r)
+ return 0;
+
+ /*
+ * Need to check N: if 2^(128 * r / 8) overflows limit this is
+ * automatically satisfied since N <= UINT64_MAX.
+ */
+
+ if (16 * r <= LOG2_UINT64_MAX) {
+ if (N >= (1UL << (16 * r)))
+ return 0;
+ }
+
+ /* Memory checks: check total allocated buffer size fits in uint64_t */
+
+ /*
+ * B size in section 5 step 1.S
+ * Note: we know p * 128 * r < UINT64_MAX because we already checked
+ * p * r < SCRYPT_PR_MAX
+ */
+ Blen = p * 128 * r;
+
+ /*
+ * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in uint64_t.
+ * This is combined size V, X and T (section 4)
+ */
+ i = UINT64_MAX / (32 * sizeof(uint32_t));
+ if (N + 2 > i / r)
+ return 0;
+ Vlen = 32 * r * (N + 2) * sizeof(uint32_t);
+
+ /* check total allocated size fits in uint64_t */
+ if (Blen > UINT64_MAX - Vlen)
+ return 0;
+
+ if (maxmem == 0)
+ maxmem = SCRYPT_MAX_MEM;
+
+ if (Blen + Vlen > maxmem)
+ return 0;
+
+ /* If no key return to indicate parameters are OK */
+ if (key == NULL)
+ return 1;
+
+ B = OPENSSL_malloc(Blen + Vlen);
+ if (B == 0)
+ return 0;
+ X = (uint32_t *)(B + Blen);
+ T = X + 32 * r;
+ V = T + 32 * r;
+ if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, EVP_sha256(),
+ Blen, B) == 0)
+ goto err;
+
+ for (i = 0; i < p; i++)
+ scryptROMix(B + 128 * r * i, r, N, X, T, V);
+
+ if (PKCS5_PBKDF2_HMAC(pass, passlen, B, Blen, 1, EVP_sha256(),
+ keylen, key) == 0)
+ goto err;
+ rv = 1;
+#ifdef SCRYPT_DEBUG
+ fprintf(stderr, "scrypt parameters:\n");
+ fprintf(stderr, "N=%lu, p=%lu, r=%lu\n", N, p, r);
+ fprintf(stderr, "Salt:\n");
+ BIO_dump_fp(stderr, (char *)salt, saltlen);
+ fprintf(stderr, "Password:\n");
+ BIO_dump_fp(stderr, (char *)pass, passlen);
+ fprintf(stderr, "Key:\n");
+ BIO_dump_fp(stderr, (char *)key, keylen);
+#endif
+ err:
+ OPENSSL_clear_free(B, Blen + Vlen);
+ return rv;
+}
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 4df3ce7..2af823f 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1068,6 +1068,11 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
ASN1_TYPE *param, const EVP_CIPHER *cipher,
const EVP_MD *md, int en_de);
+int EVP_PBE_scrypt(const char *pass, size_t passlen,
+ const unsigned char *salt, size_t saltlen,
+ uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
+ unsigned char *key, size_t keylen);
+
void PKCS5_PBE_add(void);
int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
diff --git a/test/evp_test.c b/test/evp_test.c
index e682f43..e0e4857 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -60,6 +60,7 @@
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/x509v3.h>
+#include "internal/numbers.h"
/* Remove spaces from beginning and end of a string */
@@ -143,7 +144,16 @@ static int test_bin(const char *value, unsigned char **buf, size_t *buflen)
if (value[vlen - 1] != '"')
return 0;
vlen--;
- *buf = BUF_memdup(value, vlen);
+ if (vlen == 0) {
+ *buf = OPENSSL_malloc(1);
+ if (*buf == NULL)
+ return 0;
+ **buf = 0;
+ } else {
+ *buf = BUF_memdup(value, vlen);
+ if (*buf == NULL)
+ return 0;
+ }
*buflen = vlen;
return 1;
}
@@ -157,6 +167,30 @@ static int test_bin(const char *value, unsigned char **buf, size_t *buflen)
*buflen = len;
return 1;
}
+/* Parse unsigned decimal 64 bit integer value */
+static int test_uint64(const char *value, uint64_t *pr)
+{
+ const char *p = value;
+ if (!*p) {
+ fprintf(stderr, "Invalid empty integer value\n");
+ return -1;
+ }
+ *pr = 0;
+ while (*p) {
+ if (*pr > UINT64_MAX/10) {
+ fprintf(stderr, "Integer string overflow value=%s\n", value);
+ return -1;
+ }
+ *pr *= 10;
+ if (*p < '0' || *p > '9') {
+ fprintf(stderr, "Invalid integer string value=%s\n", value);
+ return -1;
+ }
+ *pr += *p - '0';
+ p++;
+ }
+ return 1;
+}
/* Structure holding test information */
struct evp_test {
@@ -216,6 +250,7 @@ static const struct evp_test_method mac_test_method;
static const struct evp_test_method psign_test_method, pverify_test_method;
static const struct evp_test_method pdecrypt_test_method;
static const struct evp_test_method pverify_recover_test_method;
+static const struct evp_test_method pbe_test_method;
static const struct evp_test_method *evp_test_list[] = {
&digest_test_method,
@@ -225,6 +260,7 @@ static const struct evp_test_method *evp_test_list[] = {
&pverify_test_method,
&pdecrypt_test_method,
&pverify_recover_test_method,
+ &pbe_test_method,
NULL
};
@@ -1243,3 +1279,125 @@ static const struct evp_test_method pverify_test_method = {
pkey_test_parse,
verify_test_run
};
+
+/* PBE tests */
+
+#define PBE_TYPE_SCRYPT 1
+
+struct pbe_data {
+
+ int pbe_type;
+
+ /* scrypt parameters */
+ uint64_t N, r, p, maxmem;
+
+ /* password */
+ unsigned char *pass;
+ size_t pass_len;
+
+ /* salt */
+ unsigned char *salt;
+ size_t salt_len;
+
+ /* Expected output */
+ unsigned char *key;
+ size_t key_len;
+};
+
+static int scrypt_test_parse(struct evp_test *t,
+ const char *keyword, const char *value)
+{
+ struct pbe_data *pdata = t->data;
+ if (strcmp(keyword, "N") == 0)
+ return test_uint64(value, &pdata->N);
+ if (strcmp(keyword, "p") == 0)
+ return test_uint64(value, &pdata->p);
+ if (strcmp(keyword, "r") == 0)
+ return test_uint64(value, &pdata->r);
+ if (strcmp(keyword, "maxmem") == 0)
+ return test_uint64(value, &pdata->maxmem);
+ return 0;
+}
+
+static int scrypt_test_run(struct evp_test *t)
+{
+ struct pbe_data *pdata = t->data;
+ const char *err = "INTERNAL_ERROR";
+ unsigned char *key;
+ key = OPENSSL_malloc(pdata->key_len);
+ if (!key)
+ goto err;
+ err = "SCRYPT_ERROR";
+ if (EVP_PBE_scrypt((const char *)pdata->pass, pdata->pass_len,
+ pdata->salt, pdata->salt_len,
+ pdata->N, pdata->r, pdata->p, pdata->maxmem,
+ key, pdata->key_len) == 0)
+ goto err;
+ err = "KEY_MISMATCH";
+ if (check_output(t, pdata->key, key, pdata->key_len))
+ goto err;
+ err = NULL;
+ err:
+ OPENSSL_free(key);
+ t->err = err;
+ return 1;
+}
+
+static int pbe_test_init(struct evp_test *t, const char *alg)
+{
+ struct pbe_data *pdat;
+ int pbe_type = 0;
+ if (strcmp(alg, "scrypt") == 0)
+ pbe_type = PBE_TYPE_SCRYPT;
+ else
+ fprintf(stderr, "Unknown pbe algorithm %s\n", alg);
+ pdat = OPENSSL_malloc(sizeof(*pdat));
+ pdat->pbe_type = pbe_type;
+ pdat->pass = NULL;
+ pdat->salt = NULL;
+ pdat->N = 0;
+ pdat->r = 0;
+ pdat->p = 0;
+ pdat->maxmem = 0;
+ t->data = pdat;
+ return 1;
+}
+
+static void pbe_test_cleanup(struct evp_test *t)
+{
+ struct pbe_data *pdat = t->data;
+ test_free(pdat->pass);
+ test_free(pdat->salt);
+ test_free(pdat->key);
+}
+
+static int pbe_test_parse(struct evp_test *t,
+ const char *keyword, const char *value)
+{
+ struct pbe_data *pdata = t->data;
+ if (strcmp(keyword, "Password") == 0)
+ return test_bin(value, &pdata->pass, &pdata->pass_len);
+ if (strcmp(keyword, "Salt") == 0)
+ return test_bin(value, &pdata->salt, &pdata->salt_len);
+ if (strcmp(keyword, "Key") == 0)
+ return test_bin(value, &pdata->key, &pdata->key_len);
+ if (pdata->pbe_type == PBE_TYPE_SCRYPT)
+ return scrypt_test_parse(t, keyword, value);
+ return 0;
+}
+
+static int pbe_test_run(struct evp_test *t)
+{
+ struct pbe_data *pdata = t->data;
+ if (pdata->pbe_type == PBE_TYPE_SCRYPT)
+ return scrypt_test_run(t);
+ return 0;
+}
+
+static const struct evp_test_method pbe_test_method = {
+ "PBE",
+ pbe_test_init,
+ pbe_test_cleanup,
+ pbe_test_parse,
+ pbe_test_run
+};
diff --git a/test/evptests.txt b/test/evptests.txt
index 26d371c..25b9ef6 100644
--- a/test/evptests.txt
+++ b/test/evptests.txt
@@ -2314,3 +2314,42 @@ Ctrl = digest:SHA1
Input = "0123456789ABCDEF1234"
Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000
Result = VERIFY_ERROR
+
+# scrypt tests from draft-josefsson-scrypt-kdf-03
+PBE = scrypt
+Password = ""
+Salt = ""
+N = 16
+r = 1
+p = 1
+Key = 77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906
+
+PBE = scrypt
+Password = "password"
+Salt = "NaCl"
+N = 1024
+r = 8
+p = 16
+Key = fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640
+
+PBE = scrypt
+Password = "pleaseletmein"
+Salt = "SodiumChloride"
+N = 16384
+r = 8
+p = 1
+Key = 7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887
+
+# NB: this test requires more than 2GB of memory to run so it will hit the
+# scrypt memory limit and return an error. To run this test without error
+# uncomment out the "maxmem" line and comment out the "Result"
+# line
+PBE = scrypt
+Password = "pleaseletmein"
+Salt = "SodiumChloride"
+N = 1048576
+r = 8
+p = 1
+Key = 2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4
+#maxmem = 10000000000
+Result = SCRYPT_ERROR
More information about the openssl-commits
mailing list