[openssl/openssl] 6d47e8: Restrict digest algorithm used in KDFs
Po-Hsing Wu
noreply at github.com
Wed Jul 24 03:17:59 UTC 2024
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: 6d47e819f2101f0219ddee67e855701e7bc3a716
https://github.com/openssl/openssl/commit/6d47e819f2101f0219ddee67e855701e7bc3a716
Author: pohsingwu <pohsingwu at synology.com>
Date: 2024-07-24 (Wed, 24 Jul 2024)
Changed paths:
M apps/fipsinstall.c
M doc/man1/openssl-fipsinstall.pod.in
M doc/man7/EVP_KDF-SS.pod
M doc/man7/EVP_KDF-SSHKDF.pod
M doc/man7/EVP_KDF-TLS13_KDF.pod
M doc/man7/EVP_KDF-TLS1_PRF.pod
M doc/man7/EVP_KDF-X963.pod
M include/openssl/fips_names.h
M providers/common/include/prov/fipscommon.h
M providers/common/include/prov/securitycheck.h
M providers/common/securitycheck_default.c
M providers/common/securitycheck_fips.c
M providers/fips/fipsprov.c
M providers/implementations/kdfs/hkdf.c
M providers/implementations/kdfs/sshkdf.c
M providers/implementations/kdfs/sskdf.c
M providers/implementations/kdfs/tls1_prf.c
M test/evp_kdf_test.c
M test/recipes/30-test_evp_data/evpkdf_hkdf.txt
M test/recipes/30-test_evp_data/evpkdf_ss.txt
M test/recipes/30-test_evp_data/evpkdf_ssh.txt
M test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt
M test/recipes/30-test_evp_data/evpkdf_x963.txt
M test/recipes/80-test_cms.t
M util/mk-fipsmodule-cnf.pl
M util/perl/OpenSSL/paramnames.pm
Log Message:
-----------
Restrict digest algorithm used in KDFs
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23889)
Commit: 5e25b8afc0f964a3f178549d00fbe6a9295188e8
https://github.com/openssl/openssl/commit/5e25b8afc0f964a3f178549d00fbe6a9295188e8
Author: pohsingwu <pohsingwu at synology.com>
Date: 2024-07-24 (Wed, 24 Jul 2024)
Changed paths:
M test/recipes/30-test_evp_data/evpkdf_hkdf.txt
M test/recipes/30-test_evp_data/evpkdf_ss.txt
M test/recipes/30-test_evp_data/evpkdf_ssh.txt
M test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
M test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt
M test/recipes/30-test_evp_data/evpkdf_x963.txt
M test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt
M test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt
Log Message:
-----------
Add FIPS indicator tests for KDFs
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23889)
Commit: 14e46600c68ece74970462a60ad20703221747a1
https://github.com/openssl/openssl/commit/14e46600c68ece74970462a60ad20703221747a1
Author: pohsingwu <pohsingwu at synology.com>
Date: 2024-07-24 (Wed, 24 Jul 2024)
Changed paths:
M doc/man7/EVP_KDF-SS.pod
M doc/man7/EVP_KDF-SSHKDF.pod
M doc/man7/EVP_KDF-TLS13_KDF.pod
M doc/man7/EVP_KDF-TLS1_PRF.pod
M doc/man7/EVP_KDF-X963.pod
M providers/implementations/kdfs/hkdf.c
M providers/implementations/kdfs/sshkdf.c
M providers/implementations/kdfs/sskdf.c
M providers/implementations/kdfs/tls1_prf.c
M test/recipes/30-test_evp_data/evpkdf_hkdf.txt
M test/recipes/30-test_evp_data/evpkdf_ss.txt
M test/recipes/30-test_evp_data/evpkdf_ssh.txt
M test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
M test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt
M test/recipes/30-test_evp_data/evpkdf_x963.txt
M test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt
M test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt
Log Message:
-----------
Restrict digest in set_ctx_params
In this commit, we also return different error if the digest is XOF.
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23889)
Compare: https://github.com/openssl/openssl/compare/4f619ca622b6...14e46600c68e
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
More information about the openssl-commits
mailing list