SOURCE[$PBKDF1_GOAL]=pbkdf1.c
SOURCE[$PBKDF2_GOAL]=pbkdf2.c
-# Extra code to satisfy the FIPS and non-FIPS separation.
-# When the PBKDF2 moves to legacy, this can be removed.
-SOURCE[$PBKDF2_GOAL]=pbkdf2_fips.c
SOURCE[$PBKDF1_GOAL]=pvkkdf.c
{
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
OSSL_LIB_CTX *provctx = PROV_LIBCTX_OF(ctx->provctx);
- extern const int ossl_kdf_pbkdf2_default_checks;
params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
SN_sha1, 0);
/* This is an error, but there is no way to indicate such directly */
ossl_prov_digest_reset(&ctx->digest);
ctx->iter = PKCS5_DEFAULT_ITER;
- ctx->lower_bound_checks = ossl_kdf_pbkdf2_default_checks;
+#ifdef FIPS_MODULE
+ ctx->lower_bound_checks = 1;
+#else
+ ctx->lower_bound_checks = 0;
+#endif
}
static int pbkdf2_set_membuf(unsigned char **buffer, size_t *buflen,
+++ /dev/null
-/*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/*
- * For backwards compatibility reasons,
- * Extra checks are done by default in fips mode only.
- */
-extern const int ossl_kdf_pbkdf2_default_checks;
-#ifdef FIPS_MODULE
-const int ossl_kdf_pbkdf2_default_checks = 1;
-#else
-const int ossl_kdf_pbkdf2_default_checks = 0;
-#endif /* FIPS_MODULE */
projects / thirdparty / openssl.git / commitdiff
