pkcs5v2: add support for additional hmacSHA algorithms
Currently only SHA1 is supported as PRF algorithm for PBKDF2
(PKCS#5 v2.0).
This means that keys encrypted and authenticated using
another algorithm of the SHA family cannot be decrypted.
This deficiency has become particularly incumbent now that
PKIs created with OpenSSL1.1 are encrypting keys using
hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default
and even if v2 was forced, it would still use hmacSHA1).
Enable support for all the digest algorithms of the SHA
family for PKCS#5 v2.0.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
diff --git a/ChangeLog b/ChangeLog
index 8db0215..4189089 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
mbed TLS ChangeLog (Sorted per branch, date)
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Features
+ * Extend PKCS#8 interface by introducing support for the entire SHA
+ algorithms family when encrypting private keys using PKCS#5 v2.0.
+ Submitted by Antonio Quartulli, OpenVPN Inc.
+
= mbed TLS 2.7.0 branch released 2018-02-03
Security