[krbdev.mit.edu #8490] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Mon Oct 3 16:02:42 EDT 2016
Enable PBKDF2 with SHA-256 and SHA-384
Rename krb5int_pbkdf2_hmac_sha1() to krb5int_pbkdf2_hmac() and add a
hash parameter. In the OpenSSL implementation, look up the
corresponding PBKDF2 parameter based on the hash pointer. In
pbkdf2_string_to_key(), pass the hash function for the key type if one
is present, and use SHA-1 if it does not (as for the Camellia
enctypes).
In the builtin implementation, use the hash provider instead of
assuming SHA-1. Remove the functional parameterization of the PRF and
turn it into an hmac() helper function. Use krb5int_hmac_keyblock()
to remove the need for a krb5_key object containing the password.
Rename the internal function from krb5int_pbkdf2() to pbkdf2().
https://github.com/krb5/krb5/commit/dc967ce5c4a03201b2a6ff477f6c4e33b07e90f0
Author: Greg Hudson <ghudson at mit.edu>
Commit: dc967ce5c4a03201b2a6ff477f6c4e33b07e90f0
Branch: master
src/lib/crypto/builtin/pbkdf2.c | 93 +++++++++++++++++----------------------
src/lib/crypto/krb/crypto_int.h | 12 +++---
src/lib/crypto/krb/s2k_pbkdf2.c | 4 +-
src/lib/crypto/openssl/pbkdf2.c | 27 ++++++++----
4 files changed, 68 insertions(+), 68 deletions(-)
More information about the krb5-bugs
mailing list