| 1 | /* |
|---|---|
| 2 | * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. |
| 3 | * |
| 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
| 5 | * this file except in compliance with the License. You can obtain a copy |
| 6 | * in the file LICENSE in the source distribution or at |
| 7 | * https://www.openssl.org/source/license.html |
| 8 | */ |
| 9 | |
| 10 | #include <openssl/evp.h> |
| 11 | #include <openssl/err.h> |
| 12 | #include <openssl/kdf.h> |
| 13 | #include <openssl/core_names.h> |
| 14 | #include "internal/numbers.h" |
| 15 | |
| 16 | #ifndef OPENSSL_NO_SCRYPT |
| 17 | |
| 18 | /* |
| 19 | * Maximum permitted memory allow this to be overridden with Configuration |
| 20 | * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible. |
| 21 | */ |
| 22 | |
| 23 | #ifdef SCRYPT_MAX_MEM |
| 24 | # if SCRYPT_MAX_MEM == 0 |
| 25 | # undef SCRYPT_MAX_MEM |
| 26 | /* |
| 27 | * Although we could theoretically allocate SIZE_MAX memory that would leave |
| 28 | * no memory available for anything else so set limit as half that. |
| 29 | */ |
| 30 | # define SCRYPT_MAX_MEM (SIZE_MAX/2) |
| 31 | # endif |
| 32 | #else |
| 33 | /* Default memory limit: 32 MB */ |
| 34 | # define SCRYPT_MAX_MEM (1024 * 1024 * 32) |
| 35 | #endif |
| 36 | |
| 37 | int EVP_PBE_scrypt(const char *pass, size_t passlen, |
| 38 | const unsigned char *salt, size_t saltlen, |
| 39 | uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, |
| 40 | unsigned char *key, size_t keylen) |
| 41 | { |
| 42 | const char *empty = ""; |
| 43 | int rv = 1; |
| 44 | EVP_KDF *kdf; |
| 45 | EVP_KDF_CTX *kctx; |
| 46 | OSSL_PARAM params[7], *z = params; |
| 47 | |
| 48 | if (r > UINT32_MAX || p > UINT32_MAX) { |
| 49 | EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE); |
| 50 | return 0; |
| 51 | } |
| 52 | |
| 53 | /* Maintain existing behaviour. */ |
| 54 | if (pass == NULL) { |
| 55 | pass = empty; |
| 56 | passlen = 0; |
| 57 | } |
| 58 | if (salt == NULL) { |
| 59 | salt = (const unsigned char *)empty; |
| 60 | saltlen = 0; |
| 61 | } |
| 62 | if (maxmem == 0) |
| 63 | maxmem = SCRYPT_MAX_MEM; |
| 64 | |
| 65 | kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_SCRYPT, NULL); |
| 66 | kctx = EVP_KDF_CTX_new(kdf); |
| 67 | EVP_KDF_free(kdf); |
| 68 | if (kctx == NULL) |
| 69 | return 0; |
| 70 | |
| 71 | *z++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, |
| 72 | (unsigned char *)pass, |
| 73 | passlen); |
| 74 | *z++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, |
| 75 | (unsigned char *)salt, saltlen); |
| 76 | *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_N, &N); |
| 77 | *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_R, &r); |
| 78 | *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_P, &p); |
| 79 | *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem); |
| 80 | *z = OSSL_PARAM_construct_end(); |
| 81 | if (EVP_KDF_CTX_set_params(kctx, params) != 1 |
| 82 | || EVP_KDF_derive(kctx, key, keylen) != 1) |
| 83 | rv = 0; |
| 84 | |
| 85 | EVP_KDF_CTX_free(kctx); |
| 86 | return rv; |
| 87 | } |
| 88 | |
| 89 | #endif |
| 90 |
Generated on 2020-Jan-04 from project ClickHouse revision 19.17.6
Powered by 
Code Browser 2.1
Generator usage only permitted with license.