pkcs12: refactor using gnutls_pbkdf2

Signed-off-by: Daiki Ueno <dueno@redhat.com>

diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 6324fb25a360f23b45a71c4effda0f6018711d4e..cdb284026a355d9161ab8866722e870e8813a839 100644 (file)
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -37,10 +37,6 @@
 #include "x509_int.h"
 #include "pkcs7_int.h"
 #include <random.h>
-#include <nettle/pbkdf2.h>
-#if ENABLE_GOST
-#include "../nettle/gost/pbkdf2-gost.h"
-#endif
 
 
 /* Decodes the PKCS #12 auth_safe, and returns the allocated raw data,
@@ -865,32 +861,22 @@ _gnutls_pkcs12_gost_string_to_key(gnutls_mac_algorithm_t algo,
 {
        uint8_t temp[96];
        size_t temp_len = sizeof(temp);
-       unsigned int pass_len = 0;
+       gnutls_datum_t key;
+       gnutls_datum_t _salt;
+       int ret;
 
        if (iter == 0)
                return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
-       if (pass)
-               pass_len = strlen(pass);
-
-       if (algo == GNUTLS_MAC_GOSTR_94)
-               pbkdf2_hmac_gosthash94cp(pass_len, (uint8_t *) pass,
-                               iter,
-                               salt_size,
-                               salt, temp_len, temp);
-       else if (algo == GNUTLS_MAC_STREEBOG_256)
-               pbkdf2_hmac_streebog256(pass_len, (uint8_t *) pass,
-                               iter,
-                               salt_size,
-                               salt, temp_len, temp);
-       else if (algo == GNUTLS_MAC_STREEBOG_512)
-               pbkdf2_hmac_streebog512(pass_len, (uint8_t *) pass,
-                               iter,
-                               salt_size,
-                               salt, temp_len, temp);
-       else
-               /* Should not reach here */
-               return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+       key.data = (void *)pass;
+       key.size = pass ? strlen(pass) : 0;
+
+       _salt.data = (void *)salt;
+       _salt.size = salt_size;
+
+       ret = gnutls_pbkdf2(algo, &key, &_salt, iter, temp, temp_len);
+       if (ret < 0)
+               return gnutls_assert_val(ret);
 
        memcpy(keybuf, temp + temp_len - req_keylen, req_keylen);