Revision tags: OpenSSL_1_0_2u |
|
#
905b097f |
| 10-Nov-2019 |
Richard Levitte |
Deprecate ERR_load_KDF_strings() Not only deprecate, but also remove the reason strings and make ERR_load_KDF_strings() do nothing. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.
Deprecate ERR_load_KDF_strings() Not only deprecate, but also remove the reason strings and make ERR_load_KDF_strings() do nothing. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10368)
show more ...
|
#
7c6a0d90 |
| 10-Nov-2019 |
Richard Levitte |
Reinstate the KDF error macros For minimum breakage with existing applications that might use them. This reverts commit fe6ec26b204a056aee2a24b79df09a45b2308603 and 37ed62107112
Reinstate the KDF error macros For minimum breakage with existing applications that might use them. This reverts commit fe6ec26b204a056aee2a24b79df09a45b2308603 and 37ed62107112d95f7b7c9bf75602a6ac40883a89. Fixes #10340 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10368)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
#
37ed6210 |
| 24-Aug-2019 |
Pauli |
Cleanse crypto/kdf directory Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9662)
|
#
f05b53a3 |
| 21-Aug-2019 |
Pauli |
KDF provider conversion error updates - generated Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9662)
|
#
cbfa5b03 |
| 11-Jul-2019 |
Rich Salz |
Regenerate mkerr files Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9058)
|
#
1aec7716 |
| 08-Jul-2019 |
Shane Lontis |
Add X9.42 KDF. Move the KDF code for CMS DH key agreement into an EVP_KDF object. There are 2 specifications for X9.42 KDF. This implementation uses DER for otherinfo which embeds th
Add X9.42 KDF. Move the KDF code for CMS DH key agreement into an EVP_KDF object. There are 2 specifications for X9.42 KDF. This implementation uses DER for otherinfo which embeds the KDF loop counter inside the DER object. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8898)
show more ...
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s |
|
#
f0efeea2 |
| 03-May-2019 |
Shane Lontis |
PBKDF2 updates to conform to SP800-132 The existing code used PKCS5 specifications. SP800-132 adds the following additional constraints for: - the range of the key length. -
PBKDF2 updates to conform to SP800-132 The existing code used PKCS5 specifications. SP800-132 adds the following additional constraints for: - the range of the key length. - the minimum iteration count (1000 recommended). - salt length (at least 128 bits). These additional constraints may cause errors (in scrypt, and some PKCS5 related test vectors). To disable the new constraints use the new ctrl string "pkcs5". For backwards compatability, the checks are only enabled by default for fips mode. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8868)
show more ...
|
#
8bbeaaa4 |
| 16-May-2019 |
Shane Lontis |
Added X963KDF API X963 KDF is used for CMS ec keyagree Recipient Info. The X963 KDF that is used by CMS EC Key Agreement has been moved into a EVP_KDF object. This KDF is almost iden
Added X963KDF API X963 KDF is used for CMS ec keyagree Recipient Info. The X963 KDF that is used by CMS EC Key Agreement has been moved into a EVP_KDF object. This KDF is almost identical to the the SSKDF hash variant, so it has been implemented inside the SSKDF code with its own method table. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8902)
show more ...
|
Revision tags: OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
9537fe57 |
| 04-Jan-2019 |
Shane Lontis |
Single step kdf implementation Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8230)
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a |
|
#
8d76481b |
| 19-Sep-2018 |
Simo Sorce |
Implement SSH KDF SSH's KDF is defined in RFC 4253 in Section 7.2 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by:
Implement SSH KDF SSH's KDF is defined in RFC 4253 in Section 7.2 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7290)
show more ...
|
Revision tags: OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i |
|
#
5a285add |
| 21-Jun-2018 |
David Makepeace |
Added new EVP/KDF API. Changed PKEY/KDF API to call the new API. Added wrappers for PKCS5_PBKDF2_HMAC() and EVP_PBE_scrypt() to call the new EVP KDF APIs. Documentation updated.
Added new EVP/KDF API. Changed PKEY/KDF API to call the new API. Added wrappers for PKCS5_PBKDF2_HMAC() and EVP_PBE_scrypt() to call the new EVP KDF APIs. Documentation updated. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6674)
show more ...
|
#
7bb803e8 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in crypto/kdf/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/
Following the license change, modify the boilerplates in crypto/kdf/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7796)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5 |
|
#
cdb10bae |
| 03-Apr-2018 |
Rich Salz |
Set error code on alloc failures Almost all *alloc failures now set an error code. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.co
Set error code on alloc failures Almost all *alloc failures now set an error code. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5842)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre4 |
|
#
3484236d |
| 29-Mar-2018 |
FdaSilvaYY |
EVP,KDF: Add more error code along some return 0 in ... methods : - EVP_PBE_scrypt - EVP_PKEY_meth_add0 - EVP_PKEY_meth_new - EVP_PKEY_CTX_dup Reviewed-by: Rich Salz
EVP,KDF: Add more error code along some return 0 in ... methods : - EVP_PBE_scrypt - EVP_PKEY_meth_add0 - EVP_PKEY_meth_new - EVP_PKEY_CTX_dup Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5783)
show more ...
|
Revision tags: OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
#
cefa762e |
| 22-Jul-2017 |
Johannes Bauer |
Add interface to the scrypt KDF by means of PKEY_METHOD Add an interface that allows accessing the scrypt KDF as a PKEY_METHOD. This fixes #4021 (at least for the scrypt portion of the i
Add interface to the scrypt KDF by means of PKEY_METHOD Add an interface that allows accessing the scrypt KDF as a PKEY_METHOD. This fixes #4021 (at least for the scrypt portion of the issue). Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4026)
show more ...
|
#
5b277519 |
| 01-Aug-2017 |
Johannes Bauer |
Added differentiation between missing secret and missing seed This was previously mistakenly handled as a single error code. Reviewed-by: Paul Dale <paul.dale@oracle.com> Review
Added differentiation between missing secret and missing seed This was previously mistakenly handled as a single error code. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
show more ...
|
#
f55129c7 |
| 26-Jul-2017 |
Johannes Bauer |
Changed use of EVP_PKEY_CTX_md() and more specific error codes Changed HKDF to use EVP_PKEY_CTX_md() (review comment of @snhenson) and introduced more specific error codes (not only indi
Changed use of EVP_PKEY_CTX_md() and more specific error codes Changed HKDF to use EVP_PKEY_CTX_md() (review comment of @snhenson) and introduced more specific error codes (not only indicating *that* some parameter is missing, but actually *which* one it is). Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
show more ...
|
#
a24a5b8c |
| 22-Jul-2017 |
Johannes Bauer |
More error handling to HKDF and one more case in TLS1-PRF HKDF now handles an invalid digest like TLS1-PRF does (i.e., returns KDF_R_INVALID_DIGEST if the passed digest is not known). Bo
More error handling to HKDF and one more case in TLS1-PRF HKDF now handles an invalid digest like TLS1-PRF does (i.e., returns KDF_R_INVALID_DIGEST if the passed digest is not known). Both KDFs now set the error code KDF_R_UNKNOWN_PARAMETER_TYPE if a type was passed that is not recognized. This will have the effect of improving debugging output in case a user uses "openssl pkeyutl -kdf ..." in a wrong way and result in an actual error code (instead of just "failure" and an empty error stack). Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
show more ...
|
#
e65f6509 |
| 21-Jul-2017 |
Johannes Bauer |
Set error when HKDF used without parameters Introduce KDF_F_PKEY_HKDF_DERIVE and return the KDF_R_MISSING_PARAMETER error code when required parameters have not been set. This will make
Set error when HKDF used without parameters Introduce KDF_F_PKEY_HKDF_DERIVE and return the KDF_R_MISSING_PARAMETER error code when required parameters have not been set. This will make "openssl pkeyutl -kdf HKDF" return a meaningful error message instead of simply "Public Key operation error". Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
show more ...
|
#
52df25cf |
| 07-Jun-2017 |
Rich Salz |
make error tables const and separate header file Run perltidy on util/mkerr Change some mkerr flags, write some doc comments Make generated tables "const" when genearting lib-interna
make error tables const and separate header file Run perltidy on util/mkerr Change some mkerr flags, write some doc comments Make generated tables "const" when genearting lib-internal ones. Add "state" file for mkerr Renerate error tables and headers Rationalize declaration of ERR_load_XXX_strings Fix out-of-tree build Add -static; sort flags/vars for options. Also tweak code output Moved engines/afalg to engines (from master) Use -static flag Standard engine #include's of errors Don't linewrap err string tables unless necessary Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3392)
show more ...
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16, OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a, OpenSSL_1_1_0, OpenSSL_1_1_0-pre6 |
|
#
69588edb |
| 12-Jul-2016 |
Kurt Roeckx |
Check for errors allocating the error strings. Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #1330
|
Revision tags: OpenSSL-fips-2_0_13 |
|
#
0cd0a820 |
| 23-May-2016 |
Rich Salz |
Remove unused error/function codes. Add script to find unused err/reason codes Remove unused reason codes. Remove entries for unused functions Reviewed-by: Matt Caswell <mat
Remove unused error/function codes. Add script to find unused err/reason codes Remove unused reason codes. Remove entries for unused functions Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
#
b6cff313 |
| 17-May-2016 |
Rich Salz |
Manual fixes after copyright consolidation Reviewed-by: Richard Levitte <levitte@openssl.org>
|
Revision tags: OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5, OpenSSL_1_1_0-pre4 |
|
#
3e30fa0a |
| 02-Mar-2016 |
Dr. Stephen Henson |
Add KDF error codes Reviewed-by: Rich Salz <rsalz@openssl.org>
|