summaryrefslogtreecommitdiffstats
path: root/crypto/kdf/kdf_err.c
AgeCommit message (Collapse)Author
2019-11-12Reinstate the KDF error macrosRichard Levitte
For minimum breakage with existing applications that might use them. This reverts commit fe6ec26b204a056aee2a24b79df09a45b2308603 and 37ed62107112d95f7b7c9bf75602a6ac40883a89. Fixes #10340 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10368)
2019-09-06Cleanse crypto/kdf directoryPauli
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9662)
2019-09-06KDF provider conversion error updates - generatedPauli
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9662)
2019-07-16Regenerate mkerr filesRich Salz
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9058)
2019-07-09Add X9.42 KDF.Shane Lontis
Move the KDF code for CMS DH key agreement into an EVP_KDF object. There are 2 specifications for X9.42 KDF. This implementation uses DER for otherinfo which embeds the KDF loop counter inside the DER object. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8898)
2019-06-11PBKDF2 updates to conform to SP800-132Shane Lontis
The existing code used PKCS5 specifications. SP800-132 adds the following additional constraints for: - the range of the key length. - the minimum iteration count (1000 recommended). - salt length (at least 128 bits). These additional constraints may cause errors (in scrypt, and some PKCS5 related test vectors). To disable the new constraints use the new ctrl string "pkcs5". For backwards compatability, the checks are only enabled by default for fips mode. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8868)
2019-05-16Added X963KDF APIShane Lontis
X963 KDF is used for CMS ec keyagree Recipient Info. The X963 KDF that is used by CMS EC Key Agreement has been moved into a EVP_KDF object. This KDF is almost identical to the the SSKDF hash variant, so it has been implemented inside the SSKDF code with its own method table. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8902)
2019-03-19Single step kdf implementationShane Lontis
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8230)
2019-02-27Implement SSH KDFSimo Sorce
SSH's KDF is defined in RFC 4253 in Section 7.2 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7290)
2019-02-13Added new EVP/KDF API.David Makepeace
Changed PKEY/KDF API to call the new API. Added wrappers for PKCS5_PBKDF2_HMAC() and EVP_PBE_scrypt() to call the new EVP KDF APIs. Documentation updated. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6674)
2018-12-06Following the license change, modify the boilerplates in crypto/kdf/Richard Levitte
[skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7796)
2018-04-03Set error code on alloc failuresRich Salz
Almost all *alloc failures now set an error code. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5842)
2018-03-29EVP,KDF: Add more error code along some return 0 in ...FdaSilvaYY
methods : - EVP_PBE_scrypt - EVP_PKEY_meth_add0 - EVP_PKEY_meth_new - EVP_PKEY_CTX_dup Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5783)
2017-08-08Add interface to the scrypt KDF by means of PKEY_METHODJohannes Bauer
Add an interface that allows accessing the scrypt KDF as a PKEY_METHOD. This fixes #4021 (at least for the scrypt portion of the issue). Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4026)
2017-08-03Added differentiation between missing secret and missing seedJohannes Bauer
This was previously mistakenly handled as a single error code. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
2017-08-03Changed use of EVP_PKEY_CTX_md() and more specific error codesJohannes Bauer
Changed HKDF to use EVP_PKEY_CTX_md() (review comment of @snhenson) and introduced more specific error codes (not only indicating *that* some parameter is missing, but actually *which* one it is). Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
2017-08-03More error handling to HKDF and one more case in TLS1-PRFJohannes Bauer
HKDF now handles an invalid digest like TLS1-PRF does (i.e., returns KDF_R_INVALID_DIGEST if the passed digest is not known). Both KDFs now set the error code KDF_R_UNKNOWN_PARAMETER_TYPE if a type was passed that is not recognized. This will have the effect of improving debugging output in case a user uses "openssl pkeyutl -kdf ..." in a wrong way and result in an actual error code (instead of just "failure" and an empty error stack). Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
2017-08-03Set error when HKDF used without parametersJohannes Bauer
Introduce KDF_F_PKEY_HKDF_DERIVE and return the KDF_R_MISSING_PARAMETER error code when required parameters have not been set. This will make "openssl pkeyutl -kdf HKDF" return a meaningful error message instead of simply "Public Key operation error". Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3989)
2017-06-07make error tables const and separate header fileRich Salz
Run perltidy on util/mkerr Change some mkerr flags, write some doc comments Make generated tables "const" when genearting lib-internal ones. Add "state" file for mkerr Renerate error tables and headers Rationalize declaration of ERR_load_XXX_strings Fix out-of-tree build Add -static; sort flags/vars for options. Also tweak code output Moved engines/afalg to engines (from master) Use -static flag Standard engine #include's of errors Don't linewrap err string tables unless necessary Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3392)
2016-07-20Check for errors allocating the error strings.Kurt Roeckx
Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #1330
2016-05-23Remove unused error/function codes.Rich Salz
Add script to find unused err/reason codes Remove unused reason codes. Remove entries for unused functions Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-17Manual fixes after copyright consolidationRich Salz
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-02Add KDF error codesDr. Stephen Henson
Reviewed-by: Rich Salz <rsalz@openssl.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-16 16:02:48 +0000