Support for alternative KDFs.
Don't hard code NID_id_pbkdf2 in PBES2: look it up in PBE table. Reviewed-by: Andy Polyakov <appro@openssl.org>
This commit is contained in:
Dr. Stephen Henson
parent
849037169d
commit
d6c5462ef8
@ -1073,6 +1073,8 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
|
|||||||
# define EVP_PBE_TYPE_OUTER 0x0
|
# define EVP_PBE_TYPE_OUTER 0x0
|
||||||
/* Is an PRF type OID */
|
/* Is an PRF type OID */
|
||||||
# define EVP_PBE_TYPE_PRF 0x1
|
# define EVP_PBE_TYPE_PRF 0x1
|
||||||
|
/* Is a PKCS#5 v2.0 KDF */
|
||||||
|
# define EVP_PBE_TYPE_KDF 0x2
|
||||||
|
|
||||||
int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid,
|
int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid,
|
||||||
int md_nid, EVP_PBE_KEYGEN *keygen);
|
int md_nid, EVP_PBE_KEYGEN *keygen);
|
||||||
|
|||||||
@ -118,6 +118,7 @@ static const EVP_PBE_CTL builtin_pbe[] = {
|
|||||||
{EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
|
{EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
|
||||||
{EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
|
{EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
|
||||||
{EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
|
{EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
|
||||||
|
{EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}
|
||||||
};
|
};
|
||||||
|
|
||||||
#ifdef TEST
|
#ifdef TEST
|
||||||
|
|||||||
@ -194,6 +194,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
|
|||||||
int plen;
|
int plen;
|
||||||
PBE2PARAM *pbe2 = NULL;
|
PBE2PARAM *pbe2 = NULL;
|
||||||
const EVP_CIPHER *cipher;
|
const EVP_CIPHER *cipher;
|
||||||
|
EVP_PBE_KEYGEN *kdf;
|
||||||
|
|
||||||
int rv = 0;
|
int rv = 0;
|
||||||
|
|
||||||
@ -211,8 +212,8 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* See if we recognise the key derivation function */
|
/* See if we recognise the key derivation function */
|
||||||
|
if (!EVP_PBE_find(EVP_PBE_TYPE_KDF, OBJ_obj2nid(pbe2->keyfunc->algorithm),
|
||||||
if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
|
NULL, NULL, &kdf)) {
|
||||||
EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
|
EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
|
||||||
EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
|
EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
|
||||||
goto err;
|
goto err;
|
||||||
@ -236,8 +237,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
|
|||||||
EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR);
|
EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen,
|
rv = kdf(ctx, pass, passlen, pbe2->keyfunc->parameter, NULL, NULL, en_de);
|
||||||
pbe2->keyfunc->parameter, c, md, en_de);
|
|
||||||
err:
|
err:
|
||||||
PBE2PARAM_free(pbe2);
|
PBE2PARAM_free(pbe2);
|
||||||
return rv;
|
return rv;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user