Commit b6647cc6 authored by Tomoki Aonuma's avatar Tomoki Aonuma
Browse files

Put pbkdf2_hmac_{256,512}() behind feature gate 

PKCS5_PBKDF2_HMAC is not available with openssl-0.9.8 on os x
parent e9b8627a

.travis.yml

+1 −1
Original line number Diff line number Diff line
@@ -9,7 +9,7 @@ os: 
- linux

env:

  global:

    - FEATURES="tlsv1_2 tlsv1_1 dtlsv1 dtlsv1_2 sslv2 sslv3 aes_xts aes_ctr npn alpn rfc5114 ecdh_auto"

    - FEATURES="tlsv1_2 tlsv1_1 dtlsv1 dtlsv1_2 sslv2 sslv3 aes_xts aes_ctr npn alpn rfc5114 ecdh_auto pkcs5_pbkdf2_hmac"

before_install:

- (test $TRAVIS_OS_NAME == "osx" || ./openssl/test/build.sh)

script:

openssl-sys/Cargo.toml

+1 −0
Original line number Diff line number Diff line
@@ -23,6 +23,7 @@ aes_ctr = [] 
npn = []

alpn = []

rfc5114 = []

pkcs5_pbkdf2_hmac = []



[dependencies]

libc = "0.2"

openssl-sys/src/lib.rs

+1 −0
Original line number Diff line number Diff line
@@ -478,6 +478,7 @@ extern "C" { 
                                  salt: *const u8, saltlen: c_int,

                                  iter: c_int, keylen: c_int,

                                  out: *mut u8) -> c_int;

    #[cfg(feature = "pkcs5_pbkdf2_hmac")]

    pub fn PKCS5_PBKDF2_HMAC(pass: *const u8, passlen: c_int,

                             salt: *const u8, saltlen: c_int,

                             iter: c_int, digest: *const EVP_MD, keylen: c_int,

openssl/Cargo.toml

+1 −0
Original line number Diff line number Diff line
@@ -22,6 +22,7 @@ npn = ["openssl-sys/npn"] 
alpn = ["openssl-sys/alpn"]

rfc5114 = ["openssl-sys/rfc5114"]

ecdh_auto = ["openssl-sys-extras/ecdh_auto"]

pkcs5_pbkdf2_hmac = ["openssl-sys/pkcs5_pbkdf2_hmac"]



[dependencies]

bitflags = ">= 0.2, < 0.4"

openssl/src/crypto/pkcs5.rs

+5 −0
Original line number Diff line number Diff line
@@ -89,16 +89,19 @@ pub fn pbkdf2_hmac_sha1(pass: &str, salt: &[u8], iter: usize, keylen: usize) -> 
}



/// Derives a key from a password and salt using the PBKDF2-HMAC-SHA256 algorithm.

#[cfg(feature = "pkcs5_pbkdf2_hmac")]

pub fn pbkdf2_hmac_sha256(pass: &str, salt: &[u8], iter: usize, keylen: usize) -> Vec<u8> {

    pbkdf2_hmac_sha(pass, salt, iter, unsafe { ffi::EVP_sha256() }, keylen)

}



/// Derives a key from a password and salt using the PBKDF2-HMAC-SHA512 algorithm.

#[cfg(feature = "pkcs5_pbkdf2_hmac")]

pub fn pbkdf2_hmac_sha512(pass: &str, salt: &[u8], iter: usize, keylen: usize) -> Vec<u8> {

    pbkdf2_hmac_sha(pass, salt, iter, unsafe { ffi::EVP_sha512() }, keylen)

}



/// Derives a key from a password and salt using the PBKDF2-HMAC algorithm with a digest function.

#[cfg(feature = "pkcs5_pbkdf2_hmac")]

fn pbkdf2_hmac_sha(pass: &str, salt: &[u8], iter: usize, digest: *const ffi::EVP_MD, keylen: usize) -> Vec<u8> {

    unsafe {

        assert!(iter >= 1);
@@ -220,6 +223,7 @@ mod tests { 
    // Test vectors from

    // https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c

    #[test]

    #[cfg(feature = "pkcs5_pbkdf2_hmac")]

    fn test_pbkdf2_hmac_sha256() {

        assert_eq!(

            super::pbkdf2_hmac_sha256(
@@ -253,6 +257,7 @@ mod tests { 
    // Test vectors from

    // https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c

    #[test]

    #[cfg(feature = "pkcs5_pbkdf2_hmac")]

    fn test_pbkdf2_hmac_sha512() {

        assert_eq!(

            super::pbkdf2_hmac_sha512(