git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Mon, 7 Dec 2015 16:16:06 +0000 (11:16 -0500)
committer	Greg Hudson <ghudson@mit.edu>
	Mon, 3 Oct 2016 19:38:10 +0000 (15:38 -0400)
commit	dc967ce5c4a03201b2a6ff477f6c4e33b07e90f0
tree	e859856130c7093474bcf7e1099ac647abe39f49	tree
parent	c438227afd763997c131339c1476f61d1628a20d	commit \| diff

Enable PBKDF2 with SHA-256 and SHA-384

Rename krb5int_pbkdf2_hmac_sha1() to krb5int_pbkdf2_hmac() and add a
hash parameter.  In the OpenSSL implementation, look up the
corresponding PBKDF2 parameter based on the hash pointer.  In
pbkdf2_string_to_key(), pass the hash function for the key type if one
is present, and use SHA-1 if it does not (as for the Camellia
enctypes).

In the builtin implementation, use the hash provider instead of
assuming SHA-1.  Remove the functional parameterization of the PRF and
turn it into an hmac() helper function.  Use krb5int_hmac_keyblock()
to remove the need for a krb5_key object containing the password.
Rename the internal function from krb5int_pbkdf2() to pbkdf2().

ticket: 8490

src/lib/crypto/builtin/pbkdf2.c		diff \| blob \| blame \| history
src/lib/crypto/krb/crypto_int.h		diff \| blob \| blame \| history
src/lib/crypto/krb/s2k_pbkdf2.c		diff \| blob \| blame \| history
src/lib/crypto/openssl/pbkdf2.c		diff \| blob \| blame \| history