summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--configure.ac9
-rw-r--r--lib/crypto_backend/Makefile.am6
-rw-r--r--lib/crypto_backend/crypto_gcrypt.c13
3 files changed, 15 insertions, 13 deletions
diff --git a/configure.ac b/configure.ac
index dba71fa..004efa5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -115,6 +115,8 @@ AC_DEFUN([CONFIGURE_GCRYPT], [
else
GCRYPT_REQ_VERSION=1.1.42
fi
+ dnl Check if we can use gcrypt PBKDF2 (1.6.0 supports empty password)
+ AM_PATH_LIBGCRYPT([1.6.0], [use_internal_pbkdf2=0], [use_internal_pbkdf2=1])
AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])])
if test x$enable_static_cryptsetup = xyes; then
@@ -139,6 +141,7 @@ AC_DEFUN([CONFIGURE_OPENSSL], [
AC_MSG_ERROR([You need openssl library.]))
CRYPTO_CFLAGS=$OPENSSL_CFLAGS
CRYPTO_LIBS=$OPENSSL_LIBS
+ use_internal_pbkdf2=0
if test x$enable_static_cryptsetup = xyes; then
saved_PKG_CONFIG=$PKG_CONFIG
@@ -167,6 +170,7 @@ AC_DEFUN([CONFIGURE_NSS], [
CRYPTO_CFLAGS=$NSS_CFLAGS
CRYPTO_LIBS=$NSS_LIBS
+ use_internal_pbkdf2=1
NO_FIPS([])
])
@@ -176,6 +180,7 @@ AC_DEFUN([CONFIGURE_KERNEL], [
# AC_CHECK_DECLS([AF_ALG],,
# [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])],
# [#include <sys/socket.h>])
+ use_internal_pbkdf2=1
NO_FIPS([])
])
@@ -190,6 +195,7 @@ AC_DEFUN([CONFIGURE_NETTLE], [
LIBS=$saved_LIBS
CRYPTO_STATIC_LIBS=$CRYPTO_LIBS
+ use_internal_pbkdf2=1
NO_FIPS([])
])
@@ -280,6 +286,9 @@ AM_CONDITIONAL(CRYPTO_BACKEND_NSS, test $with_crypto_backend = nss)
AM_CONDITIONAL(CRYPTO_BACKEND_KERNEL, test $with_crypto_backend = kernel)
AM_CONDITIONAL(CRYPTO_BACKEND_NETTLE, test $with_crypto_backend = nettle)
+AM_CONDITIONAL(CRYPTO_INTERNAL_PBKDF2, test $use_internal_pbkdf2 = 1)
+AC_DEFINE_UNQUOTED(USE_INTERNAL_PBKDF2, [$use_internal_pbkdf2], [Use internal PBKDF2])
+
dnl Magic for cryptsetup.static build.
if test x$enable_static_cryptsetup = xyes; then
saved_PKG_CONFIG=$PKG_CONFIG
diff --git a/lib/crypto_backend/Makefile.am b/lib/crypto_backend/Makefile.am
index ed3937c..b8c04bb 100644
--- a/lib/crypto_backend/Makefile.am
+++ b/lib/crypto_backend/Makefile.am
@@ -9,21 +9,21 @@ libcrypto_backend_la_SOURCES = crypto_backend.h \
if CRYPTO_BACKEND_GCRYPT
libcrypto_backend_la_SOURCES += crypto_gcrypt.c
-libcrypto_backend_la_SOURCES += pbkdf2_generic.c
endif
if CRYPTO_BACKEND_OPENSSL
libcrypto_backend_la_SOURCES += crypto_openssl.c
endif
if CRYPTO_BACKEND_NSS
libcrypto_backend_la_SOURCES += crypto_nss.c
-libcrypto_backend_la_SOURCES += pbkdf2_generic.c
endif
if CRYPTO_BACKEND_KERNEL
libcrypto_backend_la_SOURCES += crypto_kernel.c
-libcrypto_backend_la_SOURCES += pbkdf2_generic.c
endif
if CRYPTO_BACKEND_NETTLE
libcrypto_backend_la_SOURCES += crypto_nettle.c
+endif
+
+if CRYPTO_INTERNAL_PBKDF2
libcrypto_backend_la_SOURCES += pbkdf2_generic.c
endif
diff --git a/lib/crypto_backend/crypto_gcrypt.c b/lib/crypto_backend/crypto_gcrypt.c
index 821eff5..0916eb2 100644
--- a/lib/crypto_backend/crypto_gcrypt.c
+++ b/lib/crypto_backend/crypto_gcrypt.c
@@ -261,21 +261,14 @@ int crypt_pbkdf(const char *kdf, const char *hash,
char *key, size_t key_length,
unsigned int iterations)
{
+#if USE_INTERNAL_PBKDF2
if (!kdf || strncmp(kdf, "pbkdf2", 6))
return -EINVAL;
return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
iterations, key_length, key);
-}
-#if 0
-/* Until bug in gcrypt related to empty password is fixed, cannot use this */
-int crypt_pbkdf(const char *kdf, const char *hash,
- const char *password, size_t password_length,
- const char *salt, size_t salt_length,
- char *key, size_t key_length,
- unsigned int iterations)
-{
+#else /* USE_INTERNAL_PBKDF2 */
int hash_id = gcry_md_map_name(hash);
int kdf_id;
@@ -292,5 +285,5 @@ int crypt_pbkdf(const char *kdf, const char *hash,
return -EINVAL;
return 0;
+#endif /* USE_INTERNAL_PBKDF2 */
}
-#endif