diff --git a/.travis.yml b/.travis.yml index 8c394415..ede3f573 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,7 +9,7 @@ os: - linux env: global: - - FEATURES="tlsv1_2 tlsv1_1 dtlsv1 dtlsv1_2 sslv2 sslv3 aes_xts aes_ctr npn alpn rfc5114 ecdh_auto" + - FEATURES="tlsv1_2 tlsv1_1 dtlsv1 dtlsv1_2 sslv2 sslv3 aes_xts aes_ctr npn alpn rfc5114 ecdh_auto pkcs5_pbkdf2_hmac" before_install: - (test $TRAVIS_OS_NAME == "osx" || ./openssl/test/build.sh) script: diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml index 17e4647f..1e025d84 100644 --- a/openssl-sys/Cargo.toml +++ b/openssl-sys/Cargo.toml @@ -23,6 +23,7 @@ aes_ctr = [] npn = [] alpn = [] rfc5114 = [] +pkcs5_pbkdf2_hmac = [] [dependencies] libc = "0.2" diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index f9f47d5e..2a9e9e4f 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -478,6 +478,7 @@ extern "C" { salt: *const u8, saltlen: c_int, iter: c_int, keylen: c_int, out: *mut u8) -> c_int; + #[cfg(feature = "pkcs5_pbkdf2_hmac")] pub fn PKCS5_PBKDF2_HMAC(pass: *const u8, passlen: c_int, salt: *const u8, saltlen: c_int, iter: c_int, digest: *const EVP_MD, keylen: c_int, diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml index 7b616f18..5397f06e 100644 --- a/openssl/Cargo.toml +++ b/openssl/Cargo.toml @@ -22,6 +22,7 @@ npn = ["openssl-sys/npn"] alpn = ["openssl-sys/alpn"] rfc5114 = ["openssl-sys/rfc5114"] ecdh_auto = ["openssl-sys-extras/ecdh_auto"] +pkcs5_pbkdf2_hmac = ["openssl-sys/pkcs5_pbkdf2_hmac"] [dependencies] bitflags = ">= 0.2, < 0.4" diff --git a/openssl/src/crypto/pkcs5.rs b/openssl/src/crypto/pkcs5.rs index 42966adf..07e86fb1 100644 --- a/openssl/src/crypto/pkcs5.rs +++ b/openssl/src/crypto/pkcs5.rs @@ -89,16 +89,19 @@ pub fn pbkdf2_hmac_sha1(pass: &str, salt: &[u8], iter: usize, keylen: usize) -> } /// Derives a key from a password and salt using the PBKDF2-HMAC-SHA256 algorithm. +#[cfg(feature = "pkcs5_pbkdf2_hmac")] pub fn pbkdf2_hmac_sha256(pass: &str, salt: &[u8], iter: usize, keylen: usize) -> Vec { pbkdf2_hmac_sha(pass, salt, iter, unsafe { ffi::EVP_sha256() }, keylen) } /// Derives a key from a password and salt using the PBKDF2-HMAC-SHA512 algorithm. +#[cfg(feature = "pkcs5_pbkdf2_hmac")] pub fn pbkdf2_hmac_sha512(pass: &str, salt: &[u8], iter: usize, keylen: usize) -> Vec { pbkdf2_hmac_sha(pass, salt, iter, unsafe { ffi::EVP_sha512() }, keylen) } /// Derives a key from a password and salt using the PBKDF2-HMAC algorithm with a digest function. +#[cfg(feature = "pkcs5_pbkdf2_hmac")] fn pbkdf2_hmac_sha(pass: &str, salt: &[u8], iter: usize, digest: *const ffi::EVP_MD, keylen: usize) -> Vec { unsafe { assert!(iter >= 1); @@ -220,6 +223,7 @@ mod tests { // Test vectors from // https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c #[test] + #[cfg(feature = "pkcs5_pbkdf2_hmac")] fn test_pbkdf2_hmac_sha256() { assert_eq!( super::pbkdf2_hmac_sha256( @@ -253,6 +257,7 @@ mod tests { // Test vectors from // https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c #[test] + #[cfg(feature = "pkcs5_pbkdf2_hmac")] fn test_pbkdf2_hmac_sha512() { assert_eq!( super::pbkdf2_hmac_sha512(