Support for alternative KDFs. (d6c5462e) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/evp/evp.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -1073,6 +1073,8 @@ int EVP_PBE_CipherInit(ASN1_OBJECT pbe_obj, const char pass, int passlen,
		# define EVP_PBE_TYPE_OUTER 0x0
		/* Is an PRF type OID */
		# define EVP_PBE_TYPE_PRF 0x1
		/* Is a PKCS#5 v2.0 KDF */
		# define EVP_PBE_TYPE_KDF 0x2

		int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid,
		int md_nid, EVP_PBE_KEYGEN *keygen);

+1 −0

Original line number	Diff line number	Diff line
		@@ -118,6 +118,7 @@ static const EVP_PBE_CTL builtin_pbe[] = {
		{EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
		{EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
		{EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
		{EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}
		};

		#ifdef TEST

+4 −4

Original line number	Diff line number	Diff line
		@@ -194,6 +194,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX ctx, const char pass, int passlen,
		int plen;
		PBE2PARAM *pbe2 = NULL;
		const EVP_CIPHER *cipher;
		EVP_PBE_KEYGEN *kdf;

		int rv = 0;

		@@ -211,8 +212,8 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX ctx, const char pass, int passlen,
		}

		/* See if we recognise the key derivation function */

		if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
		if (!EVP_PBE_find(EVP_PBE_TYPE_KDF, OBJ_obj2nid(pbe2->keyfunc->algorithm),
		NULL, NULL, &kdf)) {
		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
		EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
		goto err;
		@@ -236,8 +237,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX ctx, const char pass, int passlen,
		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR);
		goto err;
		}
		rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen,
		pbe2->keyfunc->parameter, c, md, en_de);
		rv = kdf(ctx, pass, passlen, pbe2->keyfunc->parameter, NULL, NULL, en_de);
		err:
		PBE2PARAM_free(pbe2);
		return rv;