Put pbkdf2_hmac_{256,512}() behind feature gate

PKCS5_PBKDF2_HMAC is not available with openssl-0.9.8 on os x
2015-12-10 21:24:58 +09:00 · 2015-12-10 21:24:58 +09:00 · b6647cc610
parent e9b8627af2
commit b6647cc610
5 changed files with 9 additions and 1 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -9,7 +9,7 @@ os:
 - linux
 env:
  global:
-    - FEATURES="tlsv1_2 tlsv1_1 dtlsv1 dtlsv1_2 sslv2 sslv3 aes_xts aes_ctr npn alpn rfc5114 ecdh_auto"
+    - FEATURES="tlsv1_2 tlsv1_1 dtlsv1 dtlsv1_2 sslv2 sslv3 aes_xts aes_ctr npn alpn rfc5114 ecdh_auto pkcs5_pbkdf2_hmac"
 before_install:
 - (test $TRAVIS_OS_NAME == "osx" || ./openssl/test/build.sh)
 script:
--- a/openssl-sys/Cargo.toml
+++ b/openssl-sys/Cargo.toml
@ -23,6 +23,7 @@ aes_ctr = []
 npn = []
 alpn = []
 rfc5114 = []
+pkcs5_pbkdf2_hmac = []

 [dependencies]
 libc = "0.2"
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@ -478,6 +478,7 @@ extern "C" {
                                  salt: *const u8, saltlen: c_int,
                                  iter: c_int, keylen: c_int,
                                  out: *mut u8) -> c_int;
+    #[cfg(feature = "pkcs5_pbkdf2_hmac")]
    pub fn PKCS5_PBKDF2_HMAC(pass: *const u8, passlen: c_int,
                             salt: *const u8, saltlen: c_int,
                             iter: c_int, digest: *const EVP_MD, keylen: c_int,
--- a/openssl/Cargo.toml
+++ b/openssl/Cargo.toml
@ -22,6 +22,7 @@ npn = ["openssl-sys/npn"]
 alpn = ["openssl-sys/alpn"]
 rfc5114 = ["openssl-sys/rfc5114"]
 ecdh_auto = ["openssl-sys-extras/ecdh_auto"]
+pkcs5_pbkdf2_hmac = ["openssl-sys/pkcs5_pbkdf2_hmac"]

 [dependencies]
 bitflags = ">= 0.2, < 0.4"
--- a/openssl/src/crypto/pkcs5.rs
+++ b/openssl/src/crypto/pkcs5.rs
@ -89,16 +89,19 @@ pub fn pbkdf2_hmac_sha1(pass: &str, salt: &[u8], iter: usize, keylen: usize) ->
 }

 /// Derives a key from a password and salt using the PBKDF2-HMAC-SHA256 algorithm.
+#[cfg(feature = "pkcs5_pbkdf2_hmac")]
 pub fn pbkdf2_hmac_sha256(pass: &str, salt: &[u8], iter: usize, keylen: usize) -> Vec<u8> {
    pbkdf2_hmac_sha(pass, salt, iter, unsafe { ffi::EVP_sha256() }, keylen)
 }

 /// Derives a key from a password and salt using the PBKDF2-HMAC-SHA512 algorithm.
+#[cfg(feature = "pkcs5_pbkdf2_hmac")]
 pub fn pbkdf2_hmac_sha512(pass: &str, salt: &[u8], iter: usize, keylen: usize) -> Vec<u8> {
    pbkdf2_hmac_sha(pass, salt, iter, unsafe { ffi::EVP_sha512() }, keylen)
 }

 /// Derives a key from a password and salt using the PBKDF2-HMAC algorithm with a digest function.
+#[cfg(feature = "pkcs5_pbkdf2_hmac")]
 fn pbkdf2_hmac_sha(pass: &str, salt: &[u8], iter: usize, digest: *const ffi::EVP_MD, keylen: usize) -> Vec<u8> {
    unsafe {
        assert!(iter >= 1);
@ -220,6 +223,7 @@ mod tests {
    // Test vectors from
    // https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c
    #[test]
+    #[cfg(feature = "pkcs5_pbkdf2_hmac")]
    fn test_pbkdf2_hmac_sha256() {
        assert_eq!(
            super::pbkdf2_hmac_sha256(
@ -253,6 +257,7 @@ mod tests {
    // Test vectors from
    // https://git.lysator.liu.se/nettle/nettle/blob/nettle_3.1.1_release_20150424/testsuite/pbkdf2-test.c
    #[test]
+    #[cfg(feature = "pkcs5_pbkdf2_hmac")]
    fn test_pbkdf2_hmac_sha512() {
        assert_eq!(
            super::pbkdf2_hmac_sha512(