[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Tue Nov 15 01:24:30 UTC 2016
The branch master has been updated
via 54c68d35c6b7e7650856beb949b45363ce40ca93 (commit)
from 8aa9cf7e655ae1e41f283fbf16dcc810970058a0 (commit)
- Log -----------------------------------------------------------------
commit 54c68d35c6b7e7650856beb949b45363ce40ca93
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Oct 1 21:19:41 2016 +0100
Simplify PKCS#12 PBE algorithm.
Simplify PKCS#12 PBE algorithm by working out Ij + B + 1 directly
instead of using BIGNUMs.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/pkcs12/p12_key.c | 46 ++++++++++++----------------------------------
1 file changed, 12 insertions(+), 34 deletions(-)
diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c
index 9c13a45..ab31a61 100644
--- a/crypto/pkcs12/p12_key.c
+++ b/crypto/pkcs12/p12_key.c
@@ -78,10 +78,9 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
unsigned char *out, const EVP_MD *md_type)
{
unsigned char *B = NULL, *D = NULL, *I = NULL, *p = NULL, *Ai = NULL;
- int Slen, Plen, Ilen, Ijlen;
+ int Slen, Plen, Ilen;
int i, j, u, v;
int ret = 0;
- BIGNUM *Ij = NULL, *Bpl1 = NULL; /* These hold Ij and B + 1 */
EVP_MD_CTX *ctx = NULL;
#ifdef OPENSSL_DEBUG_KEYGEN
unsigned char *tmpout = out;
@@ -114,10 +113,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
Plen = 0;
Ilen = Slen + Plen;
I = OPENSSL_malloc(Ilen);
- Ij = BN_new();
- Bpl1 = BN_new();
- if (D == NULL || Ai == NULL || B == NULL || I == NULL || Ij == NULL
- || Bpl1 == NULL)
+ if (D == NULL || Ai == NULL || B == NULL || I == NULL)
goto err;
for (i = 0; i < v; i++)
D[i] = id;
@@ -151,33 +147,17 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
out += u;
for (j = 0; j < v; j++)
B[j] = Ai[j % u];
- /* Work out B + 1 first then can use B as tmp space */
- if (!BN_bin2bn(B, v, Bpl1))
- goto err;
- if (!BN_add_word(Bpl1, 1))
- goto err;
for (j = 0; j < Ilen; j += v) {
- if (!BN_bin2bn(I + j, v, Ij))
- goto err;
- if (!BN_add(Ij, Ij, Bpl1))
- goto err;
- if (!BN_bn2bin(Ij, B))
- goto err;
- Ijlen = BN_num_bytes(Ij);
- /* If more than 2^(v*8) - 1 cut off MSB */
- if (Ijlen > v) {
- if (!BN_bn2bin(Ij, B))
- goto err;
- memcpy(I + j, B + 1, v);
-#ifndef PKCS12_BROKEN_KEYGEN
- /* If less than v bytes pad with zeroes */
- } else if (Ijlen < v) {
- memset(I + j, 0, v - Ijlen);
- if (!BN_bn2bin(Ij, I + j + v - Ijlen))
- goto err;
-#endif
- } else if (!BN_bn2bin(Ij, I + j))
- goto err;
+ int k;
+ unsigned char *Ij = I + j;
+ uint16_t c = 1;
+
+ /* Work out Ij = Ij + B + 1 */
+ for (k = v - 1; k >= 0; k--) {
+ c += Ij[k] + B[k];
+ Ij[k] = (unsigned char)c;
+ c >>= 8;
+ }
}
}
@@ -189,8 +169,6 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
OPENSSL_free(B);
OPENSSL_free(D);
OPENSSL_free(I);
- BN_free(Ij);
- BN_free(Bpl1);
EVP_MD_CTX_free(ctx);
return ret;
}
More information about the openssl-commits
mailing list