Trim dead code from PKCS#5 PBE2 bits.

Many of these parameters are constants.

Change-Id: I148dbea0063e478a132253f4e9dc71d5d20320c2
Reviewed-on: https://boringssl-review.googlesource.com/13064
Reviewed-by: Adam Langley <alangley@gmail.com>
Commit-Queue: Adam Langley <alangley@gmail.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2016-12-27 11:32:12 -05:00 committed by CQ bot account: commit-bot@chromium.org
parent 9ba19b8e88
commit ac83bea85d
2 changed files with 13 additions and 40 deletions

View File

@ -111,7 +111,7 @@ static int param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
}
static X509_ALGOR *PKCS5_pbkdf2_set(int iter, const unsigned char *salt,
int saltlen, int prf_nid, int keylen)
int saltlen, int keylen)
{
X509_ALGOR *keyfunc = NULL;
PBKDF2PARAM *kdf = NULL;
@ -153,15 +153,7 @@ static X509_ALGOR *PKCS5_pbkdf2_set(int iter, const unsigned char *salt,
goto merr;
}
/* prf can stay NULL if we are using hmacWithSHA1 */
if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1)
{
kdf->prf = X509_ALGOR_new();
if (!kdf->prf)
goto merr;
X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
V_ASN1_NULL, NULL);
}
/* Leave prf NULL. We always use hmacWithSHA1, the default. */
/* Finally setup the keyfunc structure */
@ -192,13 +184,10 @@ static X509_ALGOR *PKCS5_pbkdf2_set(int iter, const unsigned char *salt,
}
/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
* yes I know this is horrible!
*
* Extended version to allow application supplied PRF NID and IV. */
* yes I know this is horrible! */
static X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
const unsigned char *salt, int saltlen,
unsigned char *aiv, int prf_nid)
X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
const unsigned char *salt, int saltlen)
{
X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
int alg_nid, keylen;
@ -223,11 +212,8 @@ static X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
/* Create random IV */
if (EVP_CIPHER_iv_length(cipher))
{
if (aiv)
OPENSSL_memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
else if (!RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)))
if (EVP_CIPHER_iv_length(cipher) &&
!RAND_bytes(iv, EVP_CIPHER_iv_length(cipher))) {
goto err;
}
@ -241,15 +227,6 @@ static X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
EVP_CIPHER_CTX_cleanup(&ctx);
goto err;
}
/* If prf NID unspecified see if cipher has a preference.
* An error is OK here: just means use default PRF.
*/
if ((prf_nid == -1) &&
EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0)
{
ERR_clear_error();
prf_nid = NID_hmacWithSHA1;
}
EVP_CIPHER_CTX_cleanup(&ctx);
/* If its RC2 then we'd better setup the key length */
@ -263,7 +240,7 @@ static X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
X509_ALGOR_free(pbe2->keyfunc);
pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);
pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, keylen);
if (!pbe2->keyfunc)
goto merr;
@ -299,12 +276,6 @@ static X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
}
X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
const unsigned char *salt, int saltlen)
{
return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
}
static int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx,
const uint8_t *pass_raw,
size_t pass_raw_len, const ASN1_TYPE *param,

View File

@ -216,6 +216,8 @@ static bool TestRoundTrip(int pbe_nid, const EVP_CIPHER *cipher,
}
int main(int argc, char **argv) {
CRYPTO_library_init();
if (!TestDecrypt(kDER, sizeof(kDER), "testing") ||
!TestDecrypt(kNullPassword, sizeof(kNullPassword), NULL) ||
!TestDecrypt(kNullPasswordNSS, sizeof(kNullPasswordNSS), NULL) ||