Commit ca75cd94 authored by Milan Broz's avatar Milan Broz

Prepare supported PBKDF2 implementation autodetection for gcrypt.

parent 607fd2b9
......@@ -115,6 +115,8 @@ AC_DEFUN([CONFIGURE_GCRYPT], [
else
GCRYPT_REQ_VERSION=1.1.42
fi
dnl Check if we can use gcrypt PBKDF2 (1.6.0 supports empty password)
AM_PATH_LIBGCRYPT([1.6.0], [use_internal_pbkdf2=0], [use_internal_pbkdf2=1])
AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])])
if test x$enable_static_cryptsetup = xyes; then
......@@ -139,6 +141,7 @@ AC_DEFUN([CONFIGURE_OPENSSL], [
AC_MSG_ERROR([You need openssl library.]))
CRYPTO_CFLAGS=$OPENSSL_CFLAGS
CRYPTO_LIBS=$OPENSSL_LIBS
use_internal_pbkdf2=0
if test x$enable_static_cryptsetup = xyes; then
saved_PKG_CONFIG=$PKG_CONFIG
......@@ -167,6 +170,7 @@ AC_DEFUN([CONFIGURE_NSS], [
CRYPTO_CFLAGS=$NSS_CFLAGS
CRYPTO_LIBS=$NSS_LIBS
use_internal_pbkdf2=1
NO_FIPS([])
])
......@@ -176,6 +180,7 @@ AC_DEFUN([CONFIGURE_KERNEL], [
# AC_CHECK_DECLS([AF_ALG],,
# [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])],
# [#include <sys/socket.h>])
use_internal_pbkdf2=1
NO_FIPS([])
])
......@@ -190,6 +195,7 @@ AC_DEFUN([CONFIGURE_NETTLE], [
LIBS=$saved_LIBS
CRYPTO_STATIC_LIBS=$CRYPTO_LIBS
use_internal_pbkdf2=1
NO_FIPS([])
])
......@@ -280,6 +286,9 @@ AM_CONDITIONAL(CRYPTO_BACKEND_NSS, test $with_crypto_backend = nss)
AM_CONDITIONAL(CRYPTO_BACKEND_KERNEL, test $with_crypto_backend = kernel)
AM_CONDITIONAL(CRYPTO_BACKEND_NETTLE, test $with_crypto_backend = nettle)
AM_CONDITIONAL(CRYPTO_INTERNAL_PBKDF2, test $use_internal_pbkdf2 = 1)
AC_DEFINE_UNQUOTED(USE_INTERNAL_PBKDF2, [$use_internal_pbkdf2], [Use internal PBKDF2])
dnl Magic for cryptsetup.static build.
if test x$enable_static_cryptsetup = xyes; then
saved_PKG_CONFIG=$PKG_CONFIG
......
......@@ -9,21 +9,21 @@ libcrypto_backend_la_SOURCES = crypto_backend.h \
if CRYPTO_BACKEND_GCRYPT
libcrypto_backend_la_SOURCES += crypto_gcrypt.c
libcrypto_backend_la_SOURCES += pbkdf2_generic.c
endif
if CRYPTO_BACKEND_OPENSSL
libcrypto_backend_la_SOURCES += crypto_openssl.c
endif
if CRYPTO_BACKEND_NSS
libcrypto_backend_la_SOURCES += crypto_nss.c
libcrypto_backend_la_SOURCES += pbkdf2_generic.c
endif
if CRYPTO_BACKEND_KERNEL
libcrypto_backend_la_SOURCES += crypto_kernel.c
libcrypto_backend_la_SOURCES += pbkdf2_generic.c
endif
if CRYPTO_BACKEND_NETTLE
libcrypto_backend_la_SOURCES += crypto_nettle.c
endif
if CRYPTO_INTERNAL_PBKDF2
libcrypto_backend_la_SOURCES += pbkdf2_generic.c
endif
......
......@@ -261,21 +261,14 @@ int crypt_pbkdf(const char *kdf, const char *hash,
char *key, size_t key_length,
unsigned int iterations)
{
#if USE_INTERNAL_PBKDF2
if (!kdf || strncmp(kdf, "pbkdf2", 6))
return -EINVAL;
return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
iterations, key_length, key);
}
#if 0
/* Until bug in gcrypt related to empty password is fixed, cannot use this */
int crypt_pbkdf(const char *kdf, const char *hash,
const char *password, size_t password_length,
const char *salt, size_t salt_length,
char *key, size_t key_length,
unsigned int iterations)
{
#else /* USE_INTERNAL_PBKDF2 */
int hash_id = gcry_md_map_name(hash);
int kdf_id;
......@@ -292,5 +285,5 @@ int crypt_pbkdf(const char *kdf, const char *hash,
return -EINVAL;
return 0;
#endif /* USE_INTERNAL_PBKDF2 */
}
#endif
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment