diff options
-rw-r--r-- | configure.ac | 9 | ||||
-rw-r--r-- | lib/crypto_backend/Makefile.am | 6 | ||||
-rw-r--r-- | lib/crypto_backend/crypto_gcrypt.c | 13 |
3 files changed, 15 insertions, 13 deletions
diff --git a/configure.ac b/configure.ac index dba71fa..004efa5 100644 --- a/configure.ac +++ b/configure.ac @@ -115,6 +115,8 @@ AC_DEFUN([CONFIGURE_GCRYPT], [ else GCRYPT_REQ_VERSION=1.1.42 fi + dnl Check if we can use gcrypt PBKDF2 (1.6.0 supports empty password) + AM_PATH_LIBGCRYPT([1.6.0], [use_internal_pbkdf2=0], [use_internal_pbkdf2=1]) AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])]) if test x$enable_static_cryptsetup = xyes; then @@ -139,6 +141,7 @@ AC_DEFUN([CONFIGURE_OPENSSL], [ AC_MSG_ERROR([You need openssl library.])) CRYPTO_CFLAGS=$OPENSSL_CFLAGS CRYPTO_LIBS=$OPENSSL_LIBS + use_internal_pbkdf2=0 if test x$enable_static_cryptsetup = xyes; then saved_PKG_CONFIG=$PKG_CONFIG @@ -167,6 +170,7 @@ AC_DEFUN([CONFIGURE_NSS], [ CRYPTO_CFLAGS=$NSS_CFLAGS CRYPTO_LIBS=$NSS_LIBS + use_internal_pbkdf2=1 NO_FIPS([]) ]) @@ -176,6 +180,7 @@ AC_DEFUN([CONFIGURE_KERNEL], [ # AC_CHECK_DECLS([AF_ALG],, # [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])], # [#include <sys/socket.h>]) + use_internal_pbkdf2=1 NO_FIPS([]) ]) @@ -190,6 +195,7 @@ AC_DEFUN([CONFIGURE_NETTLE], [ LIBS=$saved_LIBS CRYPTO_STATIC_LIBS=$CRYPTO_LIBS + use_internal_pbkdf2=1 NO_FIPS([]) ]) @@ -280,6 +286,9 @@ AM_CONDITIONAL(CRYPTO_BACKEND_NSS, test $with_crypto_backend = nss) AM_CONDITIONAL(CRYPTO_BACKEND_KERNEL, test $with_crypto_backend = kernel) AM_CONDITIONAL(CRYPTO_BACKEND_NETTLE, test $with_crypto_backend = nettle) +AM_CONDITIONAL(CRYPTO_INTERNAL_PBKDF2, test $use_internal_pbkdf2 = 1) +AC_DEFINE_UNQUOTED(USE_INTERNAL_PBKDF2, [$use_internal_pbkdf2], [Use internal PBKDF2]) + dnl Magic for cryptsetup.static build. if test x$enable_static_cryptsetup = xyes; then saved_PKG_CONFIG=$PKG_CONFIG diff --git a/lib/crypto_backend/Makefile.am b/lib/crypto_backend/Makefile.am index ed3937c..b8c04bb 100644 --- a/lib/crypto_backend/Makefile.am +++ b/lib/crypto_backend/Makefile.am @@ -9,21 +9,21 @@ libcrypto_backend_la_SOURCES = crypto_backend.h \ if CRYPTO_BACKEND_GCRYPT libcrypto_backend_la_SOURCES += crypto_gcrypt.c -libcrypto_backend_la_SOURCES += pbkdf2_generic.c endif if CRYPTO_BACKEND_OPENSSL libcrypto_backend_la_SOURCES += crypto_openssl.c endif if CRYPTO_BACKEND_NSS libcrypto_backend_la_SOURCES += crypto_nss.c -libcrypto_backend_la_SOURCES += pbkdf2_generic.c endif if CRYPTO_BACKEND_KERNEL libcrypto_backend_la_SOURCES += crypto_kernel.c -libcrypto_backend_la_SOURCES += pbkdf2_generic.c endif if CRYPTO_BACKEND_NETTLE libcrypto_backend_la_SOURCES += crypto_nettle.c +endif + +if CRYPTO_INTERNAL_PBKDF2 libcrypto_backend_la_SOURCES += pbkdf2_generic.c endif diff --git a/lib/crypto_backend/crypto_gcrypt.c b/lib/crypto_backend/crypto_gcrypt.c index 821eff5..0916eb2 100644 --- a/lib/crypto_backend/crypto_gcrypt.c +++ b/lib/crypto_backend/crypto_gcrypt.c @@ -261,21 +261,14 @@ int crypt_pbkdf(const char *kdf, const char *hash, char *key, size_t key_length, unsigned int iterations) { +#if USE_INTERNAL_PBKDF2 if (!kdf || strncmp(kdf, "pbkdf2", 6)) return -EINVAL; return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length, iterations, key_length, key); -} -#if 0 -/* Until bug in gcrypt related to empty password is fixed, cannot use this */ -int crypt_pbkdf(const char *kdf, const char *hash, - const char *password, size_t password_length, - const char *salt, size_t salt_length, - char *key, size_t key_length, - unsigned int iterations) -{ +#else /* USE_INTERNAL_PBKDF2 */ int hash_id = gcry_md_map_name(hash); int kdf_id; @@ -292,5 +285,5 @@ int crypt_pbkdf(const char *kdf, const char *hash, return -EINVAL; return 0; +#endif /* USE_INTERNAL_PBKDF2 */ } -#endif |