Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Ledest:erlang:23
erlang
2572-Refactor-pbkdf2-eligible-hash-check.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 2572-Refactor-pbkdf2-eligible-hash-check.patch of Package erlang
From 60a15f0bb219a7b0aeb143036fd8434bcbe4211b Mon Sep 17 00:00:00 2001 From: gearnode <bryan@frimin.fr> Date: Thu, 25 Nov 2021 13:08:31 +0100 Subject: [PATCH 2/4] Refactor pbkdf2 eligible hash check --- lib/crypto/c_src/digest.c | 10 ++++----- lib/crypto/c_src/digest.h | 1 + lib/crypto/c_src/openssl_config.h | 1 + lib/crypto/c_src/pbkdf2_hmac.c | 34 +++---------------------------- lib/crypto/test/crypto_SUITE.erl | 2 +- 5 files changed, 11 insertions(+), 37 deletions(-) diff --git a/lib/crypto/c_src/digest.c b/lib/crypto/c_src/digest.c index d4b1813e11..125784ac42 100644 --- a/lib/crypto/c_src/digest.c +++ b/lib/crypto/c_src/digest.c @@ -46,9 +46,9 @@ static struct digest_type_t digest_types[] = #endif }, - {{"sha"}, 0, {&EVP_sha1}}, + {{"sha"}, PBKDF2_ELIGIBLE_DIGEST, {&EVP_sha1}}, - {{"sha224"}, 0, + {{"sha224"}, PBKDF2_ELIGIBLE_DIGEST, #ifdef HAVE_SHA224 {&EVP_sha224} #else @@ -56,7 +56,7 @@ static struct digest_type_t digest_types[] = #endif }, - {{"sha256"}, 0, + {{"sha256"}, PBKDF2_ELIGIBLE_DIGEST, #ifdef HAVE_SHA256 {&EVP_sha256} #else @@ -64,7 +64,7 @@ static struct digest_type_t digest_types[] = #endif }, - {{"sha384"}, 0, + {{"sha384"}, PBKDF2_ELIGIBLE_DIGEST, #ifdef HAVE_SHA384 {&EVP_sha384} #else @@ -72,7 +72,7 @@ static struct digest_type_t digest_types[] = #endif }, - {{"sha512"}, 0, + {{"sha512"}, PBKDF2_ELIGIBLE_DIGEST, #ifdef HAVE_SHA512 {&EVP_sha512} #else diff --git a/lib/crypto/c_src/digest.h b/lib/crypto/c_src/digest.h index a1cfb4d4cb..8d8cb243d1 100644 --- a/lib/crypto/c_src/digest.h +++ b/lib/crypto/c_src/digest.h @@ -37,6 +37,7 @@ struct digest_type_t { /* masks in the flags field if digest_type_t */ #define NO_FIPS_DIGEST 1 +#define PBKDF2_ELIGIBLE_DIGEST 2 #ifdef FIPS_SUPPORT /* May have FIPS support, must check dynamically if it is enabled */ diff --git a/lib/crypto/c_src/openssl_config.h b/lib/crypto/c_src/openssl_config.h index 63238105f7..ac089b6ba8 100644 --- a/lib/crypto/c_src/openssl_config.h +++ b/lib/crypto/c_src/openssl_config.h @@ -313,6 +313,7 @@ # ifdef RSA_PKCS1_PSS_PADDING # define HAVE_RSA_PKCS1_PSS_PADDING # endif +# define HAS_PKCS5_PBKDF2_HMAC #endif #if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION(0,9,8,'h') \ diff --git a/lib/crypto/c_src/pbkdf2_hmac.c b/lib/crypto/c_src/pbkdf2_hmac.c index aa9f27c93d..7eec603d9c 100644 --- a/lib/crypto/c_src/pbkdf2_hmac.c +++ b/lib/crypto/c_src/pbkdf2_hmac.c @@ -16,7 +16,6 @@ * limitations under the License. * * %CopyrightEnd% - */ #include "common.h" @@ -30,7 +29,6 @@ ERL_NIF_TERM pbkdf2_hmac_nif(ErlNifEnv* env, int argc, ErlNifBinary pass, salt, out; ErlNifUInt64 iter, keylen; struct digest_type_t* digp = NULL; - const EVP_MD* digest; ASSERT(argc == 5); @@ -38,34 +36,8 @@ ERL_NIF_TERM pbkdf2_hmac_nif(ErlNifEnv* env, int argc, goto bad_arg; if (digp->md.p == NULL) goto bad_arg; - - switch (EVP_MD_type(digp->md.p)) - { - case NID_sha1: - digest = EVP_sha1(); - break; -#ifdef HAVE_SHA224 - case NID_sha224: - digest = EVP_sha224(); - break; -#endif -#ifdef HAVE_SHA256 - case NID_sha256: - digest = EVP_sha256(); - break; -#endif -#ifdef HAVE_SHA384 - case NID_sha384: - digest = EVP_sha384(); - break; -#endif -#ifdef HAVE_SHA512 - case NID_sha512: - digest = EVP_sha512(); - break; -#endif - default: - goto err; + if ((digp->flags & PBKDF2_ELIGIBLE_DIGEST) == 0) { + goto bad_arg; } if (!enif_inspect_binary(env, argv[1], &pass)) @@ -87,7 +59,7 @@ ERL_NIF_TERM pbkdf2_hmac_nif(ErlNifEnv* env, int argc, if (!PKCS5_PBKDF2_HMAC((const char *)pass.data, pass.size, salt.data, salt.size, iter, - digest, + digp->md.p, keylen, out.data)) { enif_release_binary(&out); goto err; diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl index 182af02cb0..b8de45de8b 100644 --- a/lib/crypto/test/crypto_SUITE.erl +++ b/lib/crypto/test/crypto_SUITE.erl @@ -4407,7 +4407,7 @@ pbkdf2_hmac(Config) when is_list(Config) -> F(binary:encode_unsigned(16#f09d849e), <<"EXAMPLE.COMpianist">>, 50, 32) catch error:{notsup,{"pbkdf2_hmac.c", _}, "Unsupported CRYPTO_PKCS5_PBKDF2_HMAC"} -> - {skip, "No Unsupported CRYPTO_PKCS5_PBKDF2_HMAC"} + {skip, "No CRYPTO_PKCS5_PBKDF2_HMAC"} end. -- 2.31.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor