Trim dead code from PKCS#5 PBE2 bits.
Many of these parameters are constants.
Change-Id: I148dbea0063e478a132253f4e9dc71d5d20320c2
Reviewed-on: https://boringssl-review.googlesource.com/13064
Reviewed-by: Adam Langley <alangley@gmail.com>
Commit-Queue: Adam Langley <alangley@gmail.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/crypto/pkcs8/p5_pbev2.c b/crypto/pkcs8/p5_pbev2.c
index 1a901a6..5e27ceb 100644
--- a/crypto/pkcs8/p5_pbev2.c
+++ b/crypto/pkcs8/p5_pbev2.c
@@ -111,7 +111,7 @@
}
static X509_ALGOR *PKCS5_pbkdf2_set(int iter, const unsigned char *salt,
- int saltlen, int prf_nid, int keylen)
+ int saltlen, int keylen)
{
X509_ALGOR *keyfunc = NULL;
PBKDF2PARAM *kdf = NULL;
@@ -145,7 +145,7 @@
/* If have a key len set it up */
- if(keylen > 0)
+ if(keylen > 0)
{
if(!(kdf->keylength = M_ASN1_INTEGER_new()))
goto merr;
@@ -153,15 +153,7 @@
goto merr;
}
- /* prf can stay NULL if we are using hmacWithSHA1 */
- if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1)
- {
- kdf->prf = X509_ALGOR_new();
- if (!kdf->prf)
- goto merr;
- X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
- V_ASN1_NULL, NULL);
- }
+ /* Leave prf NULL. We always use hmacWithSHA1, the default. */
/* Finally setup the keyfunc structure */
@@ -192,13 +184,10 @@
}
/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
- * yes I know this is horrible!
- *
- * Extended version to allow application supplied PRF NID and IV. */
+ * yes I know this is horrible! */
-static X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
- const unsigned char *salt, int saltlen,
- unsigned char *aiv, int prf_nid)
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+ const unsigned char *salt, int saltlen)
{
X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
int alg_nid, keylen;
@@ -223,13 +212,10 @@
if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
/* Create random IV */
- if (EVP_CIPHER_iv_length(cipher))
- {
- if (aiv)
- OPENSSL_memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
- else if (!RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)))
- goto err;
- }
+ if (EVP_CIPHER_iv_length(cipher) &&
+ !RAND_bytes(iv, EVP_CIPHER_iv_length(cipher))) {
+ goto err;
+ }
EVP_CIPHER_CTX_init(&ctx);
@@ -241,15 +227,6 @@
EVP_CIPHER_CTX_cleanup(&ctx);
goto err;
}
- /* If prf NID unspecified see if cipher has a preference.
- * An error is OK here: just means use default PRF.
- */
- if ((prf_nid == -1) &&
- EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0)
- {
- ERR_clear_error();
- prf_nid = NID_hmacWithSHA1;
- }
EVP_CIPHER_CTX_cleanup(&ctx);
/* If its RC2 then we'd better setup the key length */
@@ -263,7 +240,7 @@
X509_ALGOR_free(pbe2->keyfunc);
- pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);
+ pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, keylen);
if (!pbe2->keyfunc)
goto merr;
@@ -299,12 +276,6 @@
}
-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
- const unsigned char *salt, int saltlen)
- {
- return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
- }
-
static int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx,
const uint8_t *pass_raw,
size_t pass_raw_len, const ASN1_TYPE *param,
diff --git a/crypto/pkcs8/pkcs8_test.cc b/crypto/pkcs8/pkcs8_test.cc
index 877884d..1196f9f 100644
--- a/crypto/pkcs8/pkcs8_test.cc
+++ b/crypto/pkcs8/pkcs8_test.cc
@@ -216,6 +216,8 @@
}
int main(int argc, char **argv) {
+ CRYPTO_library_init();
+
if (!TestDecrypt(kDER, sizeof(kDER), "testing") ||
!TestDecrypt(kNullPassword, sizeof(kNullPassword), NULL) ||
!TestDecrypt(kNullPasswordNSS, sizeof(kNullPasswordNSS), NULL) ||
