pkcs5v2: add support for additional hmacSHA algorithms Currently only SHA1 is supported as PRF algorithm for PBKDF2 (PKCS#5 v2.0). This means that keys encrypted and authenticated using another algorithm of the SHA family cannot be decrypted. This deficiency has become particularly incumbent now that PKIs created with OpenSSL1.1 are encrypting keys using hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default and even if v2 was forced, it would still use hmacSHA1). Enable support for all the digest algorithms of the SHA family for PKCS#5 v2.0. Signed-off-by: Antonio Quartulli <antonio@openvpn.net>

commit: 12ccef276129a1ac4c2d003428a17e042a15d0a3 [log] [tgz]
author: Antonio Quartulli <antonio@openvpn.net> Wed Dec 20 07:03:55 2017 +0800
committer: Antonio Quartulli <a@unstable.cc> Thu Feb 08 17:18:15 2018 +0800
tree: b3b6f3e677a0590e7a0c8e652a1207a57d49c3fa
parent: 32605dc83042d737e715a685e53176388d73540e [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 8db0215..4189089 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,5 +1,12 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Features
+   * Extend PKCS#8 interface by introducing support for the entire SHA
+     algorithms family when encrypting private keys using PKCS#5 v2.0.
+     Submitted by Antonio Quartulli, OpenVPN Inc.
+
 = mbed TLS 2.7.0 branch released 2018-02-03
 
 Security
commit	12ccef276129a1ac4c2d003428a17e042a15d0a3	[log] [tgz]
author	Antonio Quartulli <antonio@openvpn.net>	Wed Dec 20 07:03:55 2017 +0800
committer	Antonio Quartulli <a@unstable.cc>	Thu Feb 08 17:18:15 2018 +0800
tree	b3b6f3e677a0590e7a0c8e652a1207a57d49c3fa
parent	32605dc83042d737e715a685e53176388d73540e [diff] [blame]