Reimplement PKCS#12 key derivation. This is avoids pulling in BIGNUM for doing a straight-forward addition on a block-sized value, and avoids a ton of mallocs. It's also -Wconversion-clean, unlike the old one. In doing so, this replaces the HMAC_MAX_MD_CBLOCK with EVP_MAX_MD_BLOCK_SIZE. By having the maximum block size available, most of the temporary values in the key derivation don't need to be malloc'd. BUG=22 Change-Id: I940a62bba4ea32bf82b1190098f3bf185d4cc7fe Reviewed-on: https://boringssl-review.googlesource.com/7688 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>

commit: 582d2847eda65671883649347f60f6916838a3d1 [log] [tgz]
author: David Benjamin <davidben@google.com> Sat Apr 16 17:10:01 2016 -0400
committer: David Benjamin <davidben@google.com> Tue Apr 19 18:16:38 2016 +0000
tree: d314bd548681430ec52497ddf68b001680e843a7
parent: 0e21f41fe884bedf708d3d4d6ab2ce9f53712bb8 [diff] [blame]
diff --git a/include/openssl/digest.h b/include/openssl/digest.h
index 9a5ec51..db3ead7 100644
--- a/include/openssl/digest.h
+++ b/include/openssl/digest.h

@@ -143,6 +143,9 @@
  * at least this much space. */
 #define EVP_MAX_MD_SIZE 64 /* SHA-512 is the longest so far. */
 
+/* EVP_MAX_MD_BLOCK_SIZE is the largest digest block size supported, in bytes. */
+#define EVP_MAX_MD_BLOCK_SIZE 128 /* SHA-512 is the longest so far. */
+
 /* EVP_DigestFinal_ex finishes the digest in |ctx| and writes the output to
  * |md_out|. At most |EVP_MAX_MD_SIZE| bytes are written. If |out_size| is not
  * NULL then |*out_size| is set to the number of bytes written. It returns one.
commit	582d2847eda65671883649347f60f6916838a3d1	[log] [tgz]
author	David Benjamin <davidben@google.com>	Sat Apr 16 17:10:01 2016 -0400
committer	David Benjamin <davidben@google.com>	Tue Apr 19 18:16:38 2016 +0000
tree	d314bd548681430ec52497ddf68b001680e843a7
parent	0e21f41fe884bedf708d3d4d6ab2ce9f53712bb8 [diff] [blame]