diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2018-06-04 09:59:21 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2018-06-04 09:59:21 +0200 |
| commit | 51a71ee15c1bcf0e82f363a16898f571e211f9c3 (patch) | |
| tree | 2a03e117d072c55cfe2863d26b73e64d933e7ad8 /src/libstrongswan/crypto/pkcs5.c | |
| parent | 7793611ee71b576dd9c66dee327349fa64e38740 (diff) | |
| download | vyos-strongswan-51a71ee15c1bcf0e82f363a16898f571e211f9c3.tar.gz vyos-strongswan-51a71ee15c1bcf0e82f363a16898f571e211f9c3.zip | |
New upstream version 5.6.3
Diffstat (limited to 'src/libstrongswan/crypto/pkcs5.c')
| -rw-r--r-- | src/libstrongswan/crypto/pkcs5.c | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/src/libstrongswan/crypto/pkcs5.c b/src/libstrongswan/crypto/pkcs5.c index 8a1452425..e7677a9c1 100644 --- a/src/libstrongswan/crypto/pkcs5.c +++ b/src/libstrongswan/crypto/pkcs5.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -422,7 +422,9 @@ static bool parse_pbes1_params(private_pkcs5_t *this, chunk_t blob, int level0) /** * ASN.1 definition of a PBKDF2-params structure * The salt is actually a CHOICE and could be an AlgorithmIdentifier from - * PBKDF2-SaltSources (but as per RFC 2898 that's for future versions). + * PBKDF2-SaltSources (but as per RFC 8018 that's for future versions). + * The PRF algorithm is actually defined as DEFAULT and not OPTIONAL, but the + * parser can't handle ASN1_DEF with SEQUENCEs. */ static const asn1Object_t pbkdf2ParamsObjects[] = { { 0, "PBKDF2-params", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ @@ -430,7 +432,8 @@ static const asn1Object_t pbkdf2ParamsObjects[] = { { 1, "iterationCount",ASN1_INTEGER, ASN1_BODY }, /* 2 */ { 1, "keyLength", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 3 */ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */ - { 1, "prf", ASN1_EOC, ASN1_DEF|ASN1_RAW }, /* 5 */ + { 1, "prf", ASN1_SEQUENCE, ASN1_OPT|ASN1_RAW }, /* 5 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 6 */ { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define PBKDF2_SALT 1 @@ -446,13 +449,15 @@ static bool parse_pbkdf2_params(private_pkcs5_t *this, chunk_t blob, int level0) asn1_parser_t *parser; chunk_t object; int objectID; - bool success; + bool success = FALSE; parser = asn1_parser_create(pbkdf2ParamsObjects, blob); parser->set_top_level(parser, level0); /* keylen is optional */ this->keylen = 0; + /* defaults to id-hmacWithSHA1 */ + this->data.pbes2.prf_alg = PRF_HMAC_SHA1; while (parser->iterate(parser, &objectID, &object)) { @@ -474,13 +479,22 @@ static bool parse_pbkdf2_params(private_pkcs5_t *this, chunk_t blob, int level0) break; } case PBKDF2_PRF: - { /* defaults to id-hmacWithSHA1, no other is currently defined */ - this->data.pbes2.prf_alg = PRF_HMAC_SHA1; + { + int oid; + + oid = asn1_parse_algorithmIdentifier(object, + parser->get_level(parser) + 1, NULL); + this->data.pbes2.prf_alg = pseudo_random_function_from_oid(oid); + if (this->data.pbes2.prf_alg == PRF_UNDEFINED) + { /* unsupported PRF algorithm */ + goto end; + } break; } } } success = parser->success(parser); +end: parser->destroy(parser); return success; } |