Allow arbitrary ciphers and hashes with PKCS #5 v2.0. The only

requirement is that OIDS for "<cipher>/CBC" and "HMAC(<hash>)" are
defined. This does assume the normal parameter set of just the IV, so
doesn't work right for (IIRC) RC5, but we don't have an OID set for
RC5/CBC anyway. Continue to default to SHA-1 plus AES-256 as prior
versions of the library can't handle any hashes other than SHA-1 or
any ciphers other than AES or DES. OpenSSL 1.0.0j seems to understand
SHA-256 + AES-256, though.

BER_Decoder::decode_optional was assuming optional values were
explicitly tagged. Now, only take that behavior if the input class tag
was for a context specific tagging.

Remove abort call for debugging from BER_Decoder

Add a new version of DER_Encoder::encode_if for single objects.

1 files changed, 2 insertions, 1 deletions

diff --git a/src/pbe/get_pbe.cpp b/src/pbe/get_pbe.cpp
index 9ce830639..65c73eb31 100644
--- a/src/pbe/get_pbe.cpp
+++ b/src/pbe/get_pbe.cpp
@@ -17,6 +17,7 @@
 
 #if defined(BOTAN_HAS_PBE_PKCS_V20)
   #include <botan/pbes2.h>
+  #include <botan/hmac.h>
 #endif
 
 namespace Botan {
@@ -70,7 +71,7 @@ PBE* get_pbe(const std::string& algo_spec,
 #if defined(BOTAN_HAS_PBE_PKCS_V20)
    if(pbe == "PBE-PKCS5v20")
       return new PBE_PKCS5v20(block_cipher->clone(),
-                              hash_function->clone(),
+                              new HMAC(hash_function->clone()),
                               passphrase,
                               msec,
                               rng);