| #
6f08353a |
| 04-Oct-2024 |
Dimitri John Ledkov |
doc: EVP_KDF document the semantic meaning of output
Explicitely document what semantic meaning do various EVP_KDF
algorithms produce.
PBKDF2 produces cryptographic keys that ar
doc: EVP_KDF document the semantic meaning of output
Explicitely document what semantic meaning do various EVP_KDF
algorithms produce.
PBKDF2 produces cryptographic keys that are subject to cryptographic
security measures, for example as defined in NIST SP 800-132.
All other algorithms produce keying material, not subject to explicit
output length checks in any known standards.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25610)
show more ...
|
| #
7ed6de99 |
| 05-Sep-2024 |
Tomas Mraz |
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
|
| #
8e7f39e8 |
| 15-Aug-2024 |
slontis |
Cleanups for FIPS indicator documentation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/
Cleanups for FIPS indicator documentation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25195)
show more ...
|
| #
6fa9a843 |
| 30-Jul-2024 |
pohsingwu |
Update documentation
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23900)
|
| #
1b838621 |
| 02-Jun-2024 |
pohsingwu |
Restrict the length of key-derivation key used in KDFs
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/o
Restrict the length of key-derivation key used in KDFs
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23900)
show more ...
|
| #
14e46600 |
| 17-Jul-2024 |
pohsingwu |
Restrict digest in set_ctx_params
In this commit, we also return different error if the digest is XOF.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale
Restrict digest in set_ctx_params
In this commit, we also return different error if the digest is XOF.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23889)
show more ...
|
| #
6d47e819 |
| 02-Jun-2024 |
pohsingwu |
Restrict digest algorithm used in KDFs
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/
Restrict digest algorithm used in KDFs
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23889)
show more ...
|
| #
4741c80c |
| 16-Nov-2022 |
slontis |
Add missing HISTORY sections for OpenSSL 3.0 related documents.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com
Add missing HISTORY sections for OpenSSL 3.0 related documents.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19690)
show more ...
|
| #
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
| #
67f48eb9 |
| 25-Mar-2022 |
Pauli |
doc: fix example in ssh KDF man page.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17
doc: fix example in ssh KDF man page.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17972)
show more ...
|
| #
81280137 |
| 07-Sep-2021 |
Pauli |
Fix the example SSH KDF code.
A salt was being set instead of a session ID.
Fixes #16525
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/ope
Fix the example SSH KDF code.
A salt was being set instead of a session ID.
Fixes #16525
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16550)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
| #
6980e36a |
| 26-Feb-2021 |
Pauli |
doc: document additional argument to KDF derive calls
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)
|
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j |
|
| #
a8eb71ad |
| 01-Feb-2021 |
Richard Levitte |
Allow the sshkdf type to be passed as a single character
This partially reverts commit 270a5ce1d9ea579a2f1d45887971582b1ef2b6a1.
This also slightly modifies the way diverse paramete
Allow the sshkdf type to be passed as a single character
This partially reverts commit 270a5ce1d9ea579a2f1d45887971582b1ef2b6a1.
This also slightly modifies the way diverse parameters in are
specified in providers/fips/self_test_data.inc for better consistency.
Fixes #14027
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14035)
show more ...
|
| #
247a1786 |
| 12-Feb-2021 |
Richard Levitte |
OSSL_PARAM: Correct the assumptions on the UTF8 string length
When the string "ABCDEFGH" is passed, what's considered its data, this?
{ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H' }
OSSL_PARAM: Correct the assumptions on the UTF8 string length
When the string "ABCDEFGH" is passed, what's considered its data, this?
{ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H' }
or this?
{ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', '\0' }
If it's passed as a pass phrase, should the terminating NUL byte be
considered part of the pass phrase, or not?
Our treatment of OSSL_PARAMs with the data type OSSL_PARAM_UTF8_STRING
set the length of the string to include the terminating NUL byte,
which is quite confusing. What should the recipient of such a string
believe?
Instead of perpetuating this confusion, we change the assumption to
set the OSSL_PARAM to the length of the string, not including the
terminating NUL byte, thereby giving it the same value as a strlen()
call would give.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14168)
show more ...
|
| #
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)
|
|
Revision tags: openssl-3.0.0-alpha11, openssl-3.0.0-alpha10 |
|
| #
270a5ce1 |
| 14-Dec-2020 |
Juergen Christ |
Fix parameter types in sshkdf
Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string
parameters. This caused endianness problems on big-endian machines. As a
res
Fix parameter types in sshkdf
Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string
parameters. This caused endianness problems on big-endian machines. As a
result, it is not possible to pass FIPS tests since the parameter was stored
with an integer value but read via a cast to char pointer. While this works
on little endian machines, big endian s390 read the most significant bits
instead of the least significant (as done by, e.g., x86). Change the
parameter to char array and fix the usages.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13781)
show more ...
|
|
Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
| #
1ba21239 |
| 13-Oct-2020 |
Shane Lontis |
Rename EVP_KDF_size() to EVP_KDF_CTX_get_kdf_size().
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13116)
|
|
Revision tags: OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4 |
|
| #
660c5344 |
| 18-Jun-2020 |
Matt Caswell |
Revert "kdf: make function naming consistent."
The commit claimed to make things more consistent. In fact it makes it
less so. Revert back to the previous namig convention.
This
Revert "kdf: make function naming consistent."
The commit claimed to make things more consistent. In fact it makes it
less so. Revert back to the previous namig convention.
This reverts commit 765d04c9460a304c8119f57941341a149498b9db.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12186)
show more ...
|
| #
765d04c9 |
| 08-Jun-2020 |
Pauli |
kdf: make function naming consistent.
The EVP_KDF_CTX_* functions have been relocated to the EVP_KDF_* namespace
for consistency.
Reviewed-by: Richard Levitte <levitte@openssl.o
kdf: make function naming consistent.
The EVP_KDF_CTX_* functions have been relocated to the EVP_KDF_* namespace
for consistency.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11996)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha3, openssl-3.0.0-alpha2 |
|
| #
454afd98 |
| 15-May-2020 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11839)
|
| #
a6ed19dc |
| 27-Apr-2020 |
Shourya Shukla |
Amend references to "OpenSSL license"
A small number of files contain references to the "OpenSSL license"
which has been deprecated and replaced by the "Apache License 2.0".
Amend th
Amend references to "OpenSSL license"
A small number of files contain references to the "OpenSSL license"
which has been deprecated and replaced by the "Apache License 2.0".
Amend the occurences.
Fixes #11649
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11663)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u |
|
| #
6e4618a0 |
| 04-Oct-2019 |
Rich Salz |
Fix L<> entries without sections
Add sections (almost always "(3)" to L<> references that were missing
them. Among other things, this
Fixes: #10226
Also remove two reference
Fix L<> entries without sections
Add sections (almost always "(3)" to L<> references that were missing
them. Among other things, this
Fixes: #10226
Also remove two references to non-existant manpages that have never
existed, and with the 3.0 structure, are unlikely to do so.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10240)
show more ...
|
| #
86913ef7 |
| 04-Oct-2019 |
Rich Salz |
Fix L<EVP_KDF-derive> to L<EVP_DEF_derive>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://git
Fix L<EVP_KDF-derive> to L<EVP_DEF_derive>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10096)
show more ...
|
| #
dfabee82 |
| 27-Sep-2019 |
Richard Levitte |
Make doc/man7/ and doc/internal/man3/ conform with man-pages(7)
It's all in the details, from man-pages(7):
Formatting conventions for manual pages describing functions
Make doc/man7/ and doc/internal/man3/ conform with man-pages(7)
It's all in the details, from man-pages(7):
Formatting conventions for manual pages describing functions
...
Variable names should, like argument names, be specified in italics.
...
Formatting conventions (general)
...
Special macros, which are usually in uppercase, are in bold.
Exception: don't boldface NULL.
...
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10034)
show more ...
|
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
| #
0c452a51 |
| 10-Sep-2019 |
Pauli |
Reformat param description lines
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10024)
|
