Support for alternative KDFs.

Don't hard code NID_id_pbkdf2 in PBES2: look it up in PBE table. Reviewed-by: N Andy Polyakov <appro@openssl.org>

Support for alternative KDFs.
Don't hard code NID_id_pbkdf2 in PBES2: look it up in PBE table. Reviewed-by: N Andy Polyakov <appro@openssl.org>
d6c5462e · Dr. Stephen Henson · 84903716 · d6c5462e · d6c5462e · d6c5462e
显示空白变更内容
内联并排

Showing with 7 addition and 4 deletion

crypto/evp/evp.h crypto/evp/evp.h +2 -0

crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c +1 -0

crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c +4 -4

未找到文件。
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -1073,6 +1073,8 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
 # define EVP_PBE_TYPE_OUTER      0x0
 /* Is an PRF type OID */
 # define EVP_PBE_TYPE_PRF        0x1
+/* Is a PKCS#5 v2.0 KDF */
+# define EVP_PBE_TYPE_KDF        0x2

 int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid,
                         int md_nid, EVP_PBE_KEYGEN *keygen);

--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -118,6 +118,7 @@ static const EVP_PBE_CTL builtin_pbe[] = {
    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
    {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
+    {EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}
 };

 #ifdef TEST

--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -194,6 +194,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
    int plen;
    PBE2PARAM *pbe2 = NULL;
    const EVP_CIPHER *cipher;
+    EVP_PBE_KEYGEN *kdf;

    int rv = 0;

@@ -211,8 +212,8 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
    }

    /* See if we recognise the key derivation function */
-
-    if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
+    if (!EVP_PBE_find(EVP_PBE_TYPE_KDF, OBJ_obj2nid(pbe2->keyfunc->algorithm),
+			NULL, NULL, &kdf)) {
        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
               EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
        goto err;
@@ -236,8 +237,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR);
        goto err;
    }
-    rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen,
-                                  pbe2->keyfunc->parameter, c, md, en_de);
+    rv = kdf(ctx, pass, passlen, pbe2->keyfunc->parameter, NULL, NULL, en_de);
 err:
    PBE2PARAM_free(pbe2);
    return rv;