History log of /openssl/doc/man7/EVP_KDF-SSHKDF.pod (Results 1 – 25 of 30)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 6f08353a 04-Oct-2024 Dimitri John Ledkov

doc: EVP_KDF document the semantic meaning of output

Explicitely document what semantic meaning do various EVP_KDF
algorithms produce.

PBKDF2 produces cryptographic keys that ar

doc: EVP_KDF document the semantic meaning of output

Explicitely document what semantic meaning do various EVP_KDF
algorithms produce.

PBKDF2 produces cryptographic keys that are subject to cryptographic
security measures, for example as defined in NIST SP 800-132.

All other algorithms produce keying material, not subject to explicit
output length checks in any known standards.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25610)

show more ...


# 7ed6de99 05-Sep-2024 Tomas Mraz

Copyright year updates


Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes


# 8e7f39e8 15-Aug-2024 slontis

Cleanups for FIPS indicator documentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/

Cleanups for FIPS indicator documentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25195)

show more ...


# 6fa9a843 30-Jul-2024 pohsingwu

Update documentation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23900)


# 1b838621 02-Jun-2024 pohsingwu

Restrict the length of key-derivation key used in KDFs

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/o

Restrict the length of key-derivation key used in KDFs

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23900)

show more ...


# 14e46600 17-Jul-2024 pohsingwu

Restrict digest in set_ctx_params

In this commit, we also return different error if the digest is XOF.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale

Restrict digest in set_ctx_params

In this commit, we also return different error if the digest is XOF.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23889)

show more ...


# 6d47e819 02-Jun-2024 pohsingwu

Restrict digest algorithm used in KDFs

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/

Restrict digest algorithm used in KDFs

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23889)

show more ...


# 4741c80c 16-Nov-2022 slontis

Add missing HISTORY sections for OpenSSL 3.0 related documents.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com

Add missing HISTORY sections for OpenSSL 3.0 related documents.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19690)

show more ...


# fecb3aae 03-May-2022 Matt Caswell

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes


# 67f48eb9 25-Mar-2022 Pauli

doc: fix example in ssh KDF man page.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17

doc: fix example in ssh KDF man page.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17972)

show more ...


# 81280137 07-Sep-2021 Pauli

Fix the example SSH KDF code.

A salt was being set instead of a session ID.

Fixes #16525

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/ope

Fix the example SSH KDF code.

A salt was being set instead of a session ID.

Fixes #16525

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16550)

show more ...


Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13
# 6980e36a 26-Feb-2021 Pauli

doc: document additional argument to KDF derive calls

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14310)


Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j
# a8eb71ad 01-Feb-2021 Richard Levitte

Allow the sshkdf type to be passed as a single character

This partially reverts commit 270a5ce1d9ea579a2f1d45887971582b1ef2b6a1.

This also slightly modifies the way diverse paramete

Allow the sshkdf type to be passed as a single character

This partially reverts commit 270a5ce1d9ea579a2f1d45887971582b1ef2b6a1.

This also slightly modifies the way diverse parameters in are
specified in providers/fips/self_test_data.inc for better consistency.

Fixes #14027

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14035)

show more ...


# 247a1786 12-Feb-2021 Richard Levitte

OSSL_PARAM: Correct the assumptions on the UTF8 string length

When the string "ABCDEFGH" is passed, what's considered its data, this?

{ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H' }

OSSL_PARAM: Correct the assumptions on the UTF8 string length

When the string "ABCDEFGH" is passed, what's considered its data, this?

{ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H' }

or this?

{ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', '\0' }

If it's passed as a pass phrase, should the terminating NUL byte be
considered part of the pass phrase, or not?

Our treatment of OSSL_PARAMs with the data type OSSL_PARAM_UTF8_STRING
set the length of the string to include the terminating NUL byte,
which is quite confusing. What should the recipient of such a string
believe?

Instead of perpetuating this confusion, we change the assumption to
set the OSSL_PARAM to the length of the string, not including the
terminating NUL byte, thereby giving it the same value as a strlen()
call would give.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14168)

show more ...


# a28d06f3 18-Feb-2021 Matt Caswell

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)


Revision tags: openssl-3.0.0-alpha11, openssl-3.0.0-alpha10
# 270a5ce1 14-Dec-2020 Juergen Christ

Fix parameter types in sshkdf

Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string
parameters. This caused endianness problems on big-endian machines. As a
res

Fix parameter types in sshkdf

Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string
parameters. This caused endianness problems on big-endian machines. As a
result, it is not possible to pass FIPS tests since the parameter was stored
with an integer value but read via a cast to char pointer. While this works
on little endian machines, big endian s390 read the most significant bits
instead of the least significant (as done by, e.g., x86). Change the
parameter to char array and fix the usages.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13781)

show more ...


Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7
# 1ba21239 13-Oct-2020 Shane Lontis

Rename EVP_KDF_size() to EVP_KDF_CTX_get_kdf_size().

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13116)


Revision tags: OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4
# 660c5344 18-Jun-2020 Matt Caswell

Revert "kdf: make function naming consistent."

The commit claimed to make things more consistent. In fact it makes it
less so. Revert back to the previous namig convention.

This

Revert "kdf: make function naming consistent."

The commit claimed to make things more consistent. In fact it makes it
less so. Revert back to the previous namig convention.

This reverts commit 765d04c9460a304c8119f57941341a149498b9db.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12186)

show more ...


# 765d04c9 08-Jun-2020 Pauli

kdf: make function naming consistent.

The EVP_KDF_CTX_* functions have been relocated to the EVP_KDF_* namespace
for consistency.

Reviewed-by: Richard Levitte <levitte@openssl.o

kdf: make function naming consistent.

The EVP_KDF_CTX_* functions have been relocated to the EVP_KDF_* namespace
for consistency.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11996)

show more ...


Revision tags: openssl-3.0.0-alpha3, openssl-3.0.0-alpha2
# 454afd98 15-May-2020 Matt Caswell

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11839)


# a6ed19dc 27-Apr-2020 Shourya Shukla

Amend references to "OpenSSL license"

A small number of files contain references to the "OpenSSL license"
which has been deprecated and replaced by the "Apache License 2.0".
Amend th

Amend references to "OpenSSL license"

A small number of files contain references to the "OpenSSL license"
which has been deprecated and replaced by the "Apache License 2.0".
Amend the occurences.

Fixes #11649

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11663)

show more ...


Revision tags: openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u
# 6e4618a0 04-Oct-2019 Rich Salz

Fix L<> entries without sections

Add sections (almost always "(3)" to L<> references that were missing
them. Among other things, this
Fixes: #10226

Also remove two reference

Fix L<> entries without sections

Add sections (almost always "(3)" to L<> references that were missing
them. Among other things, this
Fixes: #10226

Also remove two references to non-existant manpages that have never
existed, and with the 3.0 structure, are unlikely to do so.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10240)

show more ...


# 86913ef7 04-Oct-2019 Rich Salz

Fix L<EVP_KDF-derive> to L<EVP_DEF_derive>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://git

Fix L<EVP_KDF-derive> to L<EVP_DEF_derive>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10096)

show more ...


# dfabee82 27-Sep-2019 Richard Levitte

Make doc/man7/ and doc/internal/man3/ conform with man-pages(7)

It's all in the details, from man-pages(7):

Formatting conventions for manual pages describing functions

Make doc/man7/ and doc/internal/man3/ conform with man-pages(7)

It's all in the details, from man-pages(7):

Formatting conventions for manual pages describing functions

...
Variable names should, like argument names, be specified in italics.
...

Formatting conventions (general)

...
Special macros, which are usually in uppercase, are in bold.
Exception: don't boldface NULL.
...

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10034)

show more ...


Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d
# 0c452a51 10-Sep-2019 Pauli

Reformat param description lines

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10024)


12