mbedtls/library
Antonio Quartulli b9e3c6d9c6 pkcs5v2: add support for additional hmacSHA algorithms
Currently only SHA1 is supported as PRF algorithm for PBKDF2
(PKCS#5 v2.0).
This means that keys encrypted and authenticated using
another algorithm of the SHA family cannot be decrypted.

This deficiency has become particularly incumbent now that
PKIs created with OpenSSL1.1 are encrypting keys using
hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default
and even if v2 was forced, it would still use hmacSHA1).

Enable support for all the digest algorithms of the SHA
family for PKCS#5 v2.0.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-14 11:12:58 +01:00
..
.gitignore Split libs with make + general make cleanups 2015-06-25 10:59:56 +02:00
aes.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
aesni.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
arc4.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
asn1parse.c Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-12 17:45:29 +01:00
asn1write.c Fix potential double free in cert writing code 2015-12-10 11:24:35 +01:00
base64.c Add comment to integer overflow fix in base64.c 2017-02-20 21:51:18 +00:00
bignum.c Zeroize stack before returning from mpi_fill_random 2017-10-25 15:46:29 +01:00
blowfish.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
camellia.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ccm.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
certs.c X.509 self-tests: replaced SHA-1 certificates by SHA-256 2017-06-06 19:08:23 +02:00
cipher_wrap.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
cipher.c fix bug in get_one_and_zeros_padding() 2018-01-17 23:58:14 +01:00
CMakeLists.txt Update version to 2.1.10 2018-02-02 18:10:05 +00:00
ctr_drbg.c Zeroize tmp buf in ctr_drbg_write_seed_file() 2017-07-11 17:31:02 +01:00
debug.c Fix macroization of inline in C++ 2015-10-05 11:41:36 +01:00
des.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
dhm.c Merge remote-tracking branch 'upstream-restricted/pr/406' into mbedtls-2.1-restricted 2017-11-28 16:19:19 +01:00
ecdh.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ecdsa.c Add checks for private parameter in mbedtls_ecdsa_sign() 2017-11-20 17:11:17 +00:00
ecp_curves.c ECP: Prevent freeing a buffer on stack 2017-02-28 18:56:35 +00:00
ecp.c Fix information leak in ecp_gen_keypair_base 2017-10-25 15:44:10 +01:00
entropy_poll.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
entropy.c Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2017-11-28 18:44:49 +01:00
error.c Only return VERIFY_FAILED from a single point 2017-07-28 12:20:48 +01:00
gcm.c Backport 2.1: check if iv is zero in gcm. 2017-07-20 00:30:44 +02:00
havege.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
hmac_drbg.c Zeroize tmp bufs in hmac_drbg.c functions 2017-07-11 17:22:03 +01:00
Makefile Make ar invocation more portable 2016-01-08 14:52:14 +01:00
md2.c Fix integer overflows in buffer bound checks 2017-02-20 21:49:01 +00:00
md4.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
md5.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
md_wrap.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
md.c Zeroize tmp buf in mbedtls_md_file() md.c 2017-07-11 17:19:30 +01:00
memory_buffer_alloc.c Fixes memory leak in memory_buffer_alloc.c debug 2016-05-05 17:51:09 +01:00
net.c Backup errno in net_would_block 2017-05-12 15:04:07 +01:00
oid.c pkcs5v2: add support for additional hmacSHA algorithms 2018-02-14 11:12:58 +01:00
padlock.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pem.c Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2017-11-28 18:44:49 +01:00
pk_wrap.c Change PK module preprocessor check on word size 2017-08-04 13:43:07 +01:00
pk.c Change PK module preprocessor check on word size 2017-08-04 13:43:07 +01:00
pkcs5.c pkcs5v2: add support for additional hmacSHA algorithms 2018-02-14 11:12:58 +01:00
pkcs11.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pkcs12.c Fix stack buffer overflow in pkcs12 2015-09-28 19:47:50 +02:00
pkparse.c Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2017-12-18 11:44:26 +01:00
pkwrite.c Fix other occurrences of same bounds check issue 2015-11-02 10:43:03 +09:00
platform.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ripemd160.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
rsa.c RSA PSS: remove redundant check; changelog 2017-10-23 14:49:43 +02:00
sha1.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
sha256.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
sha512.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ssl_cache.c Address PR review comments 2017-10-30 18:11:38 +02:00
ssl_ciphersuites.c Undo API change 2017-06-20 19:33:51 +01:00
ssl_cli.c Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog. 2017-09-30 23:49:01 +01:00
ssl_cookie.c Backport 2.1:Resource leak in ssl_cookie and mutex 2017-03-02 21:11:16 +00:00
ssl_srv.c Merge remote-tracking branch 'upstream-restricted/pr/442' into mbedtls-2.1-restricted 2018-01-23 00:47:43 +01:00
ssl_ticket.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ssl_tls.c Merge remote-tracking branch 'upstream-restricted/pr/414' into mbedtls-2.1-restricted 2018-01-26 18:09:14 +00:00
threading.c Fix bug in threading sample implementation #667 2017-05-15 13:22:51 +01:00
timing.c Fix alarm(0) failure on mingw32 2018-01-29 13:23:40 +01:00
version_features.c Remove MBEDTLS_SSL_AEAD_RANDOM_IV feature 2016-10-13 10:35:34 +01:00
version.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
x509_create.c Fix other occurrences of same bounds check issue 2015-11-02 10:43:03 +09:00
x509_crl.c Fix build error with gcc -Werror=misleading-indentation 2017-12-01 11:45:21 +01:00
x509_crt.c Improve comments 2017-07-28 12:20:48 +01:00
x509_csr.c Prevent signed integer overflow in CSR parsing 2017-07-26 17:59:20 +01:00
x509.c Correctly handle leap year in x509_date_is_valid() 2017-10-12 21:03:01 +01:00
x509write_crt.c Use X509 CRT version macros for version checks in x509write_crt_der 2017-10-04 14:52:21 +01:00
x509write_csr.c Minor style and typo corrections 2017-10-04 14:51:32 +01:00
xtea.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00