Trim dead code from PKCS#5 PBE2 bits.
Many of these parameters are constants. Change-Id: I148dbea0063e478a132253f4e9dc71d5d20320c2 Reviewed-on: https://boringssl-review.googlesource.com/13064 Reviewed-by: Adam Langley <alangley@gmail.com> Commit-Queue: Adam Langley <alangley@gmail.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
parent
9ba19b8e88
commit
ac83bea85d
@ -111,7 +111,7 @@ static int param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
|
||||
}
|
||||
|
||||
static X509_ALGOR *PKCS5_pbkdf2_set(int iter, const unsigned char *salt,
|
||||
int saltlen, int prf_nid, int keylen)
|
||||
int saltlen, int keylen)
|
||||
{
|
||||
X509_ALGOR *keyfunc = NULL;
|
||||
PBKDF2PARAM *kdf = NULL;
|
||||
@ -153,15 +153,7 @@ static X509_ALGOR *PKCS5_pbkdf2_set(int iter, const unsigned char *salt,
|
||||
goto merr;
|
||||
}
|
||||
|
||||
/* prf can stay NULL if we are using hmacWithSHA1 */
|
||||
if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1)
|
||||
{
|
||||
kdf->prf = X509_ALGOR_new();
|
||||
if (!kdf->prf)
|
||||
goto merr;
|
||||
X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
|
||||
V_ASN1_NULL, NULL);
|
||||
}
|
||||
/* Leave prf NULL. We always use hmacWithSHA1, the default. */
|
||||
|
||||
/* Finally setup the keyfunc structure */
|
||||
|
||||
@ -192,13 +184,10 @@ static X509_ALGOR *PKCS5_pbkdf2_set(int iter, const unsigned char *salt,
|
||||
}
|
||||
|
||||
/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
|
||||
* yes I know this is horrible!
|
||||
*
|
||||
* Extended version to allow application supplied PRF NID and IV. */
|
||||
* yes I know this is horrible! */
|
||||
|
||||
static X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
|
||||
const unsigned char *salt, int saltlen,
|
||||
unsigned char *aiv, int prf_nid)
|
||||
X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
|
||||
const unsigned char *salt, int saltlen)
|
||||
{
|
||||
X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
|
||||
int alg_nid, keylen;
|
||||
@ -223,11 +212,8 @@ static X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
|
||||
if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
|
||||
|
||||
/* Create random IV */
|
||||
if (EVP_CIPHER_iv_length(cipher))
|
||||
{
|
||||
if (aiv)
|
||||
OPENSSL_memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
|
||||
else if (!RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)))
|
||||
if (EVP_CIPHER_iv_length(cipher) &&
|
||||
!RAND_bytes(iv, EVP_CIPHER_iv_length(cipher))) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
@ -241,15 +227,6 @@ static X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
goto err;
|
||||
}
|
||||
/* If prf NID unspecified see if cipher has a preference.
|
||||
* An error is OK here: just means use default PRF.
|
||||
*/
|
||||
if ((prf_nid == -1) &&
|
||||
EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0)
|
||||
{
|
||||
ERR_clear_error();
|
||||
prf_nid = NID_hmacWithSHA1;
|
||||
}
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
|
||||
/* If its RC2 then we'd better setup the key length */
|
||||
@ -263,7 +240,7 @@ static X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
|
||||
|
||||
X509_ALGOR_free(pbe2->keyfunc);
|
||||
|
||||
pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);
|
||||
pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, keylen);
|
||||
|
||||
if (!pbe2->keyfunc)
|
||||
goto merr;
|
||||
@ -299,12 +276,6 @@ static X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
|
||||
|
||||
}
|
||||
|
||||
X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
|
||||
const unsigned char *salt, int saltlen)
|
||||
{
|
||||
return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
|
||||
}
|
||||
|
||||
static int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx,
|
||||
const uint8_t *pass_raw,
|
||||
size_t pass_raw_len, const ASN1_TYPE *param,
|
||||
|
@ -216,6 +216,8 @@ static bool TestRoundTrip(int pbe_nid, const EVP_CIPHER *cipher,
|
||||
}
|
||||
|
||||
int main(int argc, char **argv) {
|
||||
CRYPTO_library_init();
|
||||
|
||||
if (!TestDecrypt(kDER, sizeof(kDER), "testing") ||
|
||||
!TestDecrypt(kNullPassword, sizeof(kNullPassword), NULL) ||
|
||||
!TestDecrypt(kNullPasswordNSS, sizeof(kNullPasswordNSS), NULL) ||
|
||||
|
Loading…
Reference in New Issue
Block a user