Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openssl backends for all remaining KDFs #979

Closed
wants to merge 3 commits into from
Closed

openssl backends for all remaining KDFs #979

wants to merge 3 commits into from

Commits on Jul 13, 2021

  1. Add buildsystem detection of the OpenSSL-3 KDF interface

    @frozencemetery
    frozencemetery committed Jul 13, 2021
    Copy the full SHA
    e0f572d View commit details
    Browse the repository at this point in the history

  2. Use OpenSSL's SSKDF in PKINIT when available 

    Starting in 3.0, OpenSSL implements SSKDF, which is the basis of our
id-pkinit-kdf (RFC 8636).  Factor out common setup code around
other_info.  Adjust code to comply to existing style.
    @frozencemetery
    frozencemetery committed Jul 13, 2021
    Copy the full SHA
    6786425 View commit details
    Browse the repository at this point in the history

  3. Use OpenSSL's KBKDF and KRB5KDF for deriving long-term keys 

    If supported, use OpenSSL-provided KBKDF (aes-sha2 and camellia) and
KRB5KDF (3des and aes-sha1).  We already use OpenSSL's PBKDF2 where
appropriate.  OpenSSL added support for these KDFs in 3.0.
    @frozencemetery
    frozencemetery committed Jul 13, 2021
    Copy the full SHA
    4c8a39c View commit details
    Browse the repository at this point in the history