如何将 OpenSSL 加密转换为 Perl?
我有一些 C 代码来加密文本:
ngx_int_t
ngx_http_encrypted_session_3des_mac_encrypt (ngx_pool_t * pool,
ngx_log_t * log,
const u_char * iv, size_t iv_len,
const u_char * key,
size_t key_len,
const u_char * in, size_t in_len,
ngx_uint_t expires,
u_char ** dst, size_t * dst_len)
{
EVP_CIPHER_CTX ctx;
const EVP_CIPHER *cipher;
u_char *p, *data;
int ret;
size_t block_size, buf_size, data_size;
int len;
uint64_t expires_time;
time_t now;
if (key_len != ngx_http_encrypted_session_key_length) {
return NGX_ERROR;
}
EVP_CIPHER_CTX_init (&ctx);
cipher = EVP_aes_256_cbc ();
block_size = EVP_CIPHER_block_size (cipher);
data_size = in_len + sizeof (expires_time);
buf_size = MD5_DIGEST_LENGTH /* for the digest */
+ (data_size + block_size - 1) /* for EVP_EncryptUpdate */
+block_size /* for EVP_EncryptFinal */
;
p = ngx_palloc (pool, buf_size + data_size);
if (p == NULL) {
return NGX_ERROR;
}
*dst = p;
data = p + buf_size;
ngx_memcpy (data, in, in_len);
if (expires == 0) {
expires_time = 0;
} else {
now = time (NULL);
if (now == -1) {
goto evp_error;
}
expires_time = (uint64_t) now + (uint64_t) expires;
}
expires_time = ngx_http_encrypted_session_htonll (expires_time);
ngx_memcpy (data + in_len, (u_char *) & expires_time,
sizeof (expires_time));
MD5 (data, data_size, p);
p += MD5_DIGEST_LENGTH;
ret = EVP_EncryptInit (&ctx, cipher, key, iv);
if (!ret) {
goto evp_error;
}
/* encrypt the raw input data */
ret = EVP_EncryptUpdate (&ctx, p, &len, data, data_size);
if (!ret) {
goto evp_error;
}
p += len;
ret = EVP_EncryptFinal (&ctx, p, &len);
if (!ret) {
return NGX_ERROR;
}
/* XXX we should still explicitly release the ctx
* or we'll leak memory here */
EVP_CIPHER_CTX_cleanup (&ctx);
p += len;
*dst_len = p - *dst;
if (*dst_len > buf_size) {
ngx_log_error (NGX_LOG_ERR, log, 0,
"encrypted_session: 3des_mac_encrypt: buffer error");
return NGX_ERROR;
}
return NGX_OK;
evp_error:
EVP_CIPHER_CTX_cleanup (&ctx);
return NGX_ERROR;
}
但我想将此逻辑转换为 Perl。为什么这段代码中使用 MD5 哈希?我应该使用什么 Perl 模块?
I have some C code to encrypt text:
ngx_int_t
ngx_http_encrypted_session_3des_mac_encrypt (ngx_pool_t * pool,
ngx_log_t * log,
const u_char * iv, size_t iv_len,
const u_char * key,
size_t key_len,
const u_char * in, size_t in_len,
ngx_uint_t expires,
u_char ** dst, size_t * dst_len)
{
EVP_CIPHER_CTX ctx;
const EVP_CIPHER *cipher;
u_char *p, *data;
int ret;
size_t block_size, buf_size, data_size;
int len;
uint64_t expires_time;
time_t now;
if (key_len != ngx_http_encrypted_session_key_length) {
return NGX_ERROR;
}
EVP_CIPHER_CTX_init (&ctx);
cipher = EVP_aes_256_cbc ();
block_size = EVP_CIPHER_block_size (cipher);
data_size = in_len + sizeof (expires_time);
buf_size = MD5_DIGEST_LENGTH /* for the digest */
+ (data_size + block_size - 1) /* for EVP_EncryptUpdate */
+block_size /* for EVP_EncryptFinal */
;
p = ngx_palloc (pool, buf_size + data_size);
if (p == NULL) {
return NGX_ERROR;
}
*dst = p;
data = p + buf_size;
ngx_memcpy (data, in, in_len);
if (expires == 0) {
expires_time = 0;
} else {
now = time (NULL);
if (now == -1) {
goto evp_error;
}
expires_time = (uint64_t) now + (uint64_t) expires;
}
expires_time = ngx_http_encrypted_session_htonll (expires_time);
ngx_memcpy (data + in_len, (u_char *) & expires_time,
sizeof (expires_time));
MD5 (data, data_size, p);
p += MD5_DIGEST_LENGTH;
ret = EVP_EncryptInit (&ctx, cipher, key, iv);
if (!ret) {
goto evp_error;
}
/* encrypt the raw input data */
ret = EVP_EncryptUpdate (&ctx, p, &len, data, data_size);
if (!ret) {
goto evp_error;
}
p += len;
ret = EVP_EncryptFinal (&ctx, p, &len);
if (!ret) {
return NGX_ERROR;
}
/* XXX we should still explicitly release the ctx
* or we'll leak memory here */
EVP_CIPHER_CTX_cleanup (&ctx);
p += len;
*dst_len = p - *dst;
if (*dst_len > buf_size) {
ngx_log_error (NGX_LOG_ERR, log, 0,
"encrypted_session: 3des_mac_encrypt: buffer error");
return NGX_ERROR;
}
return NGX_OK;
evp_error:
EVP_CIPHER_CTX_cleanup (&ctx);
return NGX_ERROR;
}
But I want to translate this logic to Perl. Why is MD5 hashing used in this code? What Perl module should I use?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
这里使用MD5作为消息摘要。
由于这看起来是简单的 SSL,因此您应该能够使用 perl 的 SSL 模块之一(例如
Net::SSLEay或IO::Socket::SSL)MD5 is used as a message digest here.
Since this appears to be straightforward SSL, you should be able to use one of the SSL modules for perl (such as
Net::SSLEayorIO::Socket::SSL)你应该看看
和
模块。
我猜你正在混合这两种算法来提高安全性,因为 MD5 只有 128 位,因此并不真正安全。
You should look at
and
modules.
I guess you are mixing both algorithms to increase safety as MD5 is only 128 bits and thus not really safe.