VladPolskiy/MariaDB
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-16 18:19:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

MDEV-31474 KDF() function

Browse Source 
KDF(key_str, salt [, {info | iterations} [, kdf_name [, width ]]])

kdf_name is "hkdf" or "pbkdf2_hmac" (default).

width (in bits) can be any number divisible by 8,
by default it's taken from @@block_encryption_mode

iterations must be positive, and is 1000 by default

OpenSSL 1.0 doesn't support HKDF, so it'll return NULL.
This OpenSSL version is still used in SLES 12 and CentOS 7
This commit is contained in:
Sergei Golubchik
2023-06-19 16:20:21 +02:00
parent 03c68f402f
commit 4f9396b9f8
10 changed files with 481 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cmake/ssl.cmake
View File

@ -60,6 +60,7 @@ MACRO (MYSQL_USE_BUNDLED_SSL)
SET(HAVE_EncryptAes128Ctr ON CACHE INTERNAL "wolfssl does support AES-CTR")
SET(HAVE_EncryptAes128Gcm OFF CACHE INTERNAL "wolfssl does not support AES-GCM")
SET(HAVE_X509_check_host ON CACHE INTERNAL "wolfssl does support X509_check_host")
SET(HAVE_hkdf ON CACHE INTERNAL "wolfssl does support EVP_PKEY API")
CHANGE_SSL_SETTINGS("bundled")
ADD_SUBDIRECTORY(extra/wolfssl)
MESSAGE_ONCE(SSL_LIBRARIES "SSL_LIBRARIES = ${SSL_LIBRARIES}")
@ -158,6 +159,8 @@ MACRO (MYSQL_CHECK_SSL)
HAVE_EncryptAes128Gcm)
CHECK_SYMBOL_EXISTS(X509_check_host "openssl/x509v3.h"
HAVE_X509_check_host)
CHECK_SYMBOL_EXISTS(EVP_PKEY_CTX_set_hkdf_md "string.h;stdarg.h;openssl/kdf.h"
HAVE_hkdf)
SET(CMAKE_REQUIRED_INCLUDES)
SET(CMAKE_REQUIRED_LIBRARIES)
SET(CMAKE_REQUIRED_DEFINITIONS)