diff options
| -rw-r--r-- | checks/validate.dat | 4 | ||||
| -rw-r--r-- | doc/log.txt | 1 | ||||
| -rw-r--r-- | src/mac/hmac/hmac.cpp | 2 | ||||
| -rw-r--r-- | src/pbkdf/pbkdf2/pbkdf2.cpp | 15 |
4 files changed, 16 insertions, 6 deletions
diff --git a/checks/validate.dat b/checks/validate.dat index cea1f18fc..594f7ed2f 100644 --- a/checks/validate.dat +++ b/checks/validate.dat @@ -60624,6 +60624,10 @@ CCFC44C09339040E55D3F7F76CA6EF838FDE928717241DEB9AC1A4EF45A27711:20:2001 BC8BC53D4604977C3ADB1D19C15E87B77A84C2F6:14:10000 [PBKDF2(SHA-1)] +:\ +59B2B1143B4CB1059EC58D9722FB1C72471E0D85C6F7543BA5228526375B0127:\ +0001020304050607:32:10000 + 6A79756571677872736367676C707864796B6366:\ DF6D9D72872404BF73E708CF3B7D:\ 9B56E55328A4C97A250738F8DBA1B992E8A1B508:14:10000 diff --git a/doc/log.txt b/doc/log.txt index 7f7076a4b..f0982039d 100644 --- a/doc/log.txt +++ b/doc/log.txt @@ -2,6 +2,7 @@ * 1.9.11-dev, ????-??-?? - Switch default PKCS #8 encryption algorithm from AES-128 to AES-256 - Use smaller tables in the first round of AES + - Allow using PBKDF2 with empty passphrases * 1.9.10, 2010-08-12 - Add a constant time AES implementation using SSSE3 diff --git a/src/mac/hmac/hmac.cpp b/src/mac/hmac/hmac.cpp index f69504c82..0d5c99702 100644 --- a/src/mac/hmac/hmac.cpp +++ b/src/mac/hmac/hmac.cpp @@ -86,7 +86,7 @@ MessageAuthenticationCode* HMAC::clone() const */ HMAC::HMAC(HashFunction* hash_in) : MessageAuthenticationCode(hash_in->OUTPUT_LENGTH, - 1, 2*hash_in->HASH_BLOCK_SIZE), + 0, 2*hash_in->HASH_BLOCK_SIZE), hash(hash_in) { if(hash->HASH_BLOCK_SIZE == 0) diff --git a/src/pbkdf/pbkdf2/pbkdf2.cpp b/src/pbkdf/pbkdf2/pbkdf2.cpp index e88a5749a..6f6a514f8 100644 --- a/src/pbkdf/pbkdf2/pbkdf2.cpp +++ b/src/pbkdf/pbkdf2/pbkdf2.cpp @@ -22,11 +22,16 @@ OctetString PKCS5_PBKDF2::derive_key(u32bit key_len, if(iterations == 0) throw Invalid_Argument("PKCS#5 PBKDF2: Invalid iteration count"); - if(passphrase.length() == 0) - throw Invalid_Argument("PKCS#5 PBKDF2: Empty passphrase is invalid"); - - mac->set_key(reinterpret_cast<const byte*>(passphrase.data()), - passphrase.length()); + try + { + mac->set_key(reinterpret_cast<const byte*>(passphrase.data()), + passphrase.length()); + } + catch(Invalid_Key_Length) + { + throw Exception(name() + " cannot accept passphrases of length " + + to_string(passphrase.length())); + } SecureVector<byte> key(key_len); |