Skip to content

Commit

Permalink
Merge pull request #1900 from alex/kdfs-are-boring
Browse files Browse the repository at this point in the history 
Expose pbkdf2_hmac and scrypt on BoringSSL
  • Loading branch information
@alex
alex authored Apr 22, 2023
2 parents 7d1d9a3 + 0257e26 commit 35e5c54
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 12 deletions.
1 change: 0 additions & 1 deletion openssl/src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,6 @@ pub mod nid;
#[cfg(not(any(boringssl, osslconf = "OPENSSL_NO_OCSP")))]
pub mod ocsp;
pub mod pkcs12;
#[cfg(not(boringssl))]
pub mod pkcs5;
#[cfg(not(boringssl))]
pub mod pkcs7;
Expand Down
26 changes: 15 additions & 11 deletions openssl/src/pkcs5.rs
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,13 @@
#[cfg(not(boringssl))]
use libc::c_int;
use std::convert::TryInto;
#[cfg(not(boringssl))]
use std::ptr;

use crate::cvt;
use crate::error::ErrorStack;
use crate::hash::MessageDigest;
#[cfg(not(boringssl))]
use crate::symm::Cipher;
use openssl_macros::corresponds;

Expand All @@ -25,6 +29,7 @@ pub struct KeyIvPair {
/// `pbkdf2_hmac` or another more modern key derivation algorithm.
#[corresponds(EVP_BytesToKey)]
#[allow(clippy::useless_conversion)]
#[cfg(not(boringssl))]
pub fn bytes_to_key(
cipher: Cipher,
digest: MessageDigest,
Expand Down Expand Up @@ -91,19 +96,15 @@ pub fn pbkdf2_hmac(
key: &mut [u8],
) -> Result<(), ErrorStack> {
unsafe {
assert!(pass.len() <= c_int::max_value() as usize);
assert!(salt.len() <= c_int::max_value() as usize);
assert!(key.len() <= c_int::max_value() as usize);

ffi::init();
cvt(ffi::PKCS5_PBKDF2_HMAC(
pass.as_ptr() as *const _,
pass.len() as c_int,
pass.len().try_into().unwrap(),
salt.as_ptr(),
salt.len() as c_int,
iter as c_int,
salt.len().try_into().unwrap(),
iter.try_into().unwrap(),
hash.as_ptr(),
key.len() as c_int,
key.len().try_into().unwrap(),
key.as_mut_ptr(),
))
.map(|_| ())
Expand All @@ -114,7 +115,8 @@ pub fn pbkdf2_hmac(
///
/// Requires OpenSSL 1.1.0 or newer.
#[corresponds(EVP_PBE_scrypt)]
#[cfg(any(ossl110))]
#[cfg(any(ossl110, boringssl))]
#[allow(clippy::useless_conversion)]
pub fn scrypt(
pass: &[u8],
salt: &[u8],
Expand All @@ -134,7 +136,7 @@ pub fn scrypt(
n,
r,
p,
maxmem,
maxmem.try_into().unwrap(),
key.as_mut_ptr() as *mut _,
key.len(),
))
Expand All @@ -145,6 +147,7 @@ pub fn scrypt(
#[cfg(test)]
mod tests {
use crate::hash::MessageDigest;
#[cfg(not(boringssl))]
use crate::symm::Cipher;

// Test vectors from
Expand Down Expand Up @@ -246,6 +249,7 @@ mod tests {
}

#[test]
#[cfg(not(boringssl))]
fn bytes_to_key() {
let salt = [16_u8, 34_u8, 19_u8, 23_u8, 141_u8, 4_u8, 207_u8, 221_u8];

Expand Down Expand Up @@ -282,7 +286,7 @@ mod tests {
}

#[test]
#[cfg(any(ossl110))]
#[cfg(any(ossl110, boringssl))]
fn scrypt() {
let pass = "pleaseletmein";
let salt = "SodiumChloride";
Expand Down

0 comments on commit 35e5c54

Please sign in to comment.