[openssl] master update

Dr. Paul Dale pauli at openssl.org
Mon Jul 5 01:51:17 UTC 2021 

The branch master has been updated
       via  f7546162d406be1f93bb39fb5a968521162b9acf (commit)
       via  97419ce97da89f5b6f51121e2562b7d2c788dd25 (commit)
       via  56cd5dc78b3cecd2c6cf98b0d235b126e82f0dd2 (commit)
      from  f40c5f2c53b9d5eec98993653c3d741b0226b697 (commit)


- Log -----------------------------------------------------------------
commit f7546162d406be1f93bb39fb5a968521162b9acf
Author: Pauli <pauli at openssl.org>
Date:   Thu Jul 1 14:47:38 2021 +1000

    doc: include PBKDF1 documentation in build.info
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15967)

commit 97419ce97da89f5b6f51121e2562b7d2c788dd25
Author: Pauli <pauli at openssl.org>
Date:   Thu Jul 1 14:46:39 2021 +1000

    doc: add PBKDF1 provider documentation
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15967)

commit 56cd5dc78b3cecd2c6cf98b0d235b126e82f0dd2
Author: Pauli <pauli at openssl.org>
Date:   Thu Jul 1 14:00:03 2021 +1000

    provider: use #define for PBKDF1 algorithm name
    
    This seems to be standard practice so bringing PBKDF1 into line.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15967)

-----------------------------------------------------------------------

Summary of changes:
 doc/build.info                                     |  6 ++++++
 .../{EVP_KDF-PKCS12KDF.pod => EVP_KDF-PBKDF1.pod}  | 24 +++++++++-------------
 providers/implementations/include/prov/names.h     |  1 +
 providers/legacyprov.c                             |  2 +-
 4 files changed, 18 insertions(+), 15 deletions(-)
 copy doc/man7/{EVP_KDF-PKCS12KDF.pod => EVP_KDF-PBKDF1.pod} (68%)

diff --git a/doc/build.info b/doc/build.info
index 4529e3c72f..475034cb9f 100644
--- a/doc/build.info
+++ b/doc/build.info
@@ -4107,6 +4107,10 @@ DEPEND[html/man7/EVP_KDF-KRB5KDF.html]=man7/EVP_KDF-KRB5KDF.pod
 GENERATE[html/man7/EVP_KDF-KRB5KDF.html]=man7/EVP_KDF-KRB5KDF.pod
 DEPEND[man/man7/EVP_KDF-KRB5KDF.7]=man7/EVP_KDF-KRB5KDF.pod
 GENERATE[man/man7/EVP_KDF-KRB5KDF.7]=man7/EVP_KDF-KRB5KDF.pod
+DEPEND[html/man7/EVP_KDF-PBKDF1.html]=man7/EVP_KDF-PBKDF1.pod
+GENERATE[html/man7/EVP_KDF-PBKDF1.html]=man7/EVP_KDF-PBKDF1.pod
+DEPEND[man/man7/EVP_KDF-PBKDF1.7]=man7/EVP_KDF-PBKDF1.pod
+GENERATE[man/man7/EVP_KDF-PBKDF1.7]=man7/EVP_KDF-PBKDF1.pod
 DEPEND[html/man7/EVP_KDF-PBKDF2.html]=man7/EVP_KDF-PBKDF2.pod
 GENERATE[html/man7/EVP_KDF-PBKDF2.html]=man7/EVP_KDF-PBKDF2.pod
 DEPEND[man/man7/EVP_KDF-PBKDF2.7]=man7/EVP_KDF-PBKDF2.pod
@@ -4548,6 +4552,7 @@ html/man7/EVP_CIPHER-SM4.html \
 html/man7/EVP_KDF-HKDF.html \
 html/man7/EVP_KDF-KB.html \
 html/man7/EVP_KDF-KRB5KDF.html \
+html/man7/EVP_KDF-PBKDF1.html \
 html/man7/EVP_KDF-PBKDF2.html \
 html/man7/EVP_KDF-PKCS12KDF.html \
 html/man7/EVP_KDF-SCRYPT.html \
@@ -4669,6 +4674,7 @@ man/man7/EVP_CIPHER-SM4.7 \
 man/man7/EVP_KDF-HKDF.7 \
 man/man7/EVP_KDF-KB.7 \
 man/man7/EVP_KDF-KRB5KDF.7 \
+man/man7/EVP_KDF-PBKDF1.7 \
 man/man7/EVP_KDF-PBKDF2.7 \
 man/man7/EVP_KDF-PKCS12KDF.7 \
 man/man7/EVP_KDF-SCRYPT.7 \
diff --git a/doc/man7/EVP_KDF-PKCS12KDF.pod b/doc/man7/EVP_KDF-PBKDF1.pod
similarity index 68%
copy from doc/man7/EVP_KDF-PKCS12KDF.pod
copy to doc/man7/EVP_KDF-PBKDF1.pod
index 68f987b050..ae13765211 100644
--- a/doc/man7/EVP_KDF-PKCS12KDF.pod
+++ b/doc/man7/EVP_KDF-PBKDF1.pod
@@ -2,21 +2,20 @@
 
 =head1 NAME
 
-EVP_KDF-PKCS12KDF - The PKCS#12 EVP_KDF implementation
+EVP_KDF-PBKDF1 - The PBKDF1 EVP_KDF implementation
 
 =head1 DESCRIPTION
 
-Support for computing the B<PKCS#12> password-based KDF through the B<EVP_KDF>
+Support for computing the B<PBKDF1> password-based KDF through the B<EVP_KDF>
 API.
 
-The EVP_KDF-PKCS12KDF algorithm implements the PKCS#12 password-based key
-derivation function, as described in appendix B of RFC 7292 (PKCS #12:
-Personal Information Exchange Syntax); it derives a key from a password
-using a salt, iteration count and the intended usage.
+The EVP_KDF-PBKDF1 algorithm implements the PBKDF1 password-based key
+derivation function, as described in RFC 8018; it derives a key from a password
+using a salt and iteration count.
 
 =head2 Identity
 
-"PKCS12KDF" is the name for this implementation; it
+"PBKDF1" is the name for this implementation; it
 can be used with the EVP_KDF_fetch() function.
 
 =head2 Supported parameters
@@ -31,17 +30,14 @@ The supported parameters are:
 
 =item "iter" (B<OSSL_KDF_PARAM_ITER>) <unsigned integer>
 
+This parameter has a default value of 0 and should be set.
+
 =item "properties" (B<OSSL_KDF_PARAM_PROPERTIES>) <UTF8 string>
 
 =item "digest" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string>
 
 These parameters work as described in L<EVP_KDF(3)/PARAMETERS>.
 
-=item "id" (B<OSSL_KDF_PARAM_PKCS12_ID>) <integer>
-
-This parameter is used to specify the intended usage of the output bits, as per
-RFC 7292 section B.3.
-
 =back
 
 =head1 NOTES
@@ -59,7 +55,7 @@ byte sequence.
 
 =head1 CONFORMING TO
 
-RFC7292
+RFC 8018
 
 =head1 SEE ALSO
 
@@ -76,7 +72,7 @@ This functionality was added to OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/providers/implementations/include/prov/names.h b/providers/implementations/include/prov/names.h
index fd39c0229e..5aec4a0934 100644
--- a/providers/implementations/include/prov/names.h
+++ b/providers/implementations/include/prov/names.h
@@ -250,6 +250,7 @@
 #define PROV_NAMES_HKDF "HKDF"
 #define PROV_DESCS_HKDF_SIGN "OpenSSL HKDF via EVP_PKEY implementation"
 #define PROV_NAMES_SSKDF "SSKDF"
+#define PROV_NAMES_PBKDF1 "PBKDF1"
 #define PROV_NAMES_PBKDF2 "PBKDF2:1.2.840.113549.1.5.12"
 #define PROV_NAMES_SSHKDF "SSHKDF"
 #define PROV_NAMES_X963KDF "X963KDF:X942KDF-CONCAT"
diff --git a/providers/legacyprov.c b/providers/legacyprov.c
index b5fc5f523f..a5999c5f8b 100644
--- a/providers/legacyprov.c
+++ b/providers/legacyprov.c
@@ -144,7 +144,7 @@ static const OSSL_ALGORITHM legacy_ciphers[] = {
 };
 
 static const OSSL_ALGORITHM legacy_kdfs[] = {
-    ALG("PBKDF1", ossl_kdf_pbkdf1_functions),
+    ALG(PROV_NAMES_PBKDF1, ossl_kdf_pbkdf1_functions),
     { NULL, NULL, NULL }
 };

More information about the openssl-commits mailing list