kdf_name could be one of "pbkdf2_hmac" (default) or "hkdf". The latter always returns NULL if built with OpenSSL 1.0 (default on CentOS 7 and SLES 12).
width is in bits, can be any positive number divisible by 8.
if the width is not specified, it's taken from the @@block_encyption_mode
Attachments
Issue Links
includes
MDEV-32047KDF() with negative and multiple of eight width hangs the request
Closed
MDEV-32048It is needed surround the invalid argument with quotes in the warning message of KDF() function
Closed
relates to
MDEV-9069extend AES_ENCRYPT() and AES_DECRYPT() to support IV and the algorithm
A key derivation function, SQL access to the {{EVP_KDF_derive()}} of OpenSSL.
Something like
{noformat}KDF(key_str [, kdf_name [, salt [, info [, iterations]]]]){noformat}
A key derivation function, SQL access to the {{EVP_KDF_derive()}} of OpenSSL.
Something like
{noformat}KDF(key_str, salt [, {info | iterations} [, kdf_name ]]){noformat}
A key derivation function, SQL access to the {{EVP_KDF_derive()}} of OpenSSL.
Something like
{noformat}KDF(key_str, salt [, {info | iterations} [, kdf_name ]]){noformat}
kdf_name could be one of "hkdf", "pbkdf2_hmac"
A key derivation function, SQL access to the {{EVP_KDF_derive()}} of OpenSSL.
Something like
{noformat}KDF(key_str, salt [, {info | iterations} [, kdf_name ]]){noformat}
kdf_name could be one of "hkdf", "pbkdf2_hmac"
key width could be either
* separate optional argument
* part of kdf_name (like "hkdf-128" or "pbkdf2_hmac-256")
either way, if it's not specified, it's taken from the {{@@block_encyption_mode}}
A key derivation function, SQL access to the {{EVP_KDF_derive()}} of OpenSSL.
Something like
{noformat}KDF(key_str, salt [, {info | iterations} [, kdf_name ]]){noformat}
kdf_name could be one of "hkdf", "pbkdf2_hmac"
key width could be either
* separate optional argument
* part of kdf_name (like "hkdf-128" or "pbkdf2_hmac-256")
either way, if it's not specified, it's taken from the {{@@block_encyption_mode}}
A key derivation function, SQL access to the {{EVP_KDF_derive()}} of OpenSSL.
Something like
{noformat}KDF(key_str, salt [, {info | iterations} [, kdf_name ]]){noformat}
kdf_name could be one of "hkdf", "pbkdf2_hmac"
key width could be either
* separate optional argument
* part of kdf_name (like "hkdf-128" or "pbkdf2_hmac-256")
either way, if it's not specified, it's taken from the {{@@block_encyption_mode}}
A key derivation function, SQL access to the {{EVP_KDF_derive()}} of OpenSSL.
Something like
{noformat}KDF(key_str, salt [, {info | iterations} [, kdf_name ]]){noformat}
kdf_name could be one of "hkdf", "pbkdf2_hmac"
key width could be either
* separate optional argument
* part of kdf_name (like "hkdf-128" or "pbkdf2_hmac-256")
either way, if it's not specified, it's taken from the {{@@block_encyption_mode}}
A key derivation function, SQL access to the {{EVP_KDF_derive()}} of OpenSSL.
Something like
{noformat}KDF(key_str, salt [, {info | iterations} [, kdf_name [, width ]]]){noformat}
kdf_name could be one of "hkdf", "pbkdf2_hmac"
either way, if the width is not specified, it's taken from the {{@@block_encyption_mode}}
A key derivation function, SQL access to the {{EVP_KDF_derive()}} of OpenSSL.
Something like
{noformat}KDF(key_str, salt [, {info | iterations} [, kdf_name [, width ]]]){noformat}
kdf_name could be one of "hkdf", "pbkdf2_hmac"
either way, if the width is not specified, it's taken from the {{@@block_encyption_mode}}
A key derivation function, SQL access to the {{EVP_KDF_derive()}} of OpenSSL.
Something like
{noformat}KDF(key_str, salt [, {info | iterations} [, kdf_name [, width ]]]){noformat}
kdf_name could be one of "hkdf", "pbkdf2_hmac"
if the width is not specified, it's taken from the {{@@block_encyption_mode}}
A key derivation function, SQL access to the {{EVP_KDF_derive()}} of OpenSSL.
Something like
{noformat}KDF(key_str, salt [, {info | iterations} [, kdf_name [, width ]]]){noformat}
kdf_name could be one of "hkdf", "pbkdf2_hmac"
if the width is not specified, it's taken from the {{@@block_encyption_mode}}
A key derivation function, with the same result as {{EVP_KDF_derive()}} of OpenSSL.
Something like
{noformat}KDF(key_str, salt [, {info | iterations} [, kdf_name [, width ]]]){noformat}
kdf_name could be one of "hkdf", "pbkdf2_hmac"
if the width is not specified, it's taken from the {{@@block_encyption_mode}}
A key derivation function, with the same result as {{EVP_KDF_derive()}} of OpenSSL.
Something like
{noformat}KDF(key_str, salt [, {info | iterations} [, kdf_name [, width ]]]){noformat}
kdf_name could be one of "hkdf", "pbkdf2_hmac"
if the width is not specified, it's taken from the {{@@block_encyption_mode}}
A key derivation function, with the same result as {{EVP_KDF_derive()}} of OpenSSL.
Something like
{noformat}KDF(key_str, salt [, {info | iterations} [, kdf_name [, width ]]]){noformat}
kdf_name could be one of "pbkdf2_hmac" (default) or "hkdf". The latter always returns NULL if built with OpenSSL 1.0 (default on CentOS 7 and SLES 12).
width is in bits, can be any positive number divisible by 8.
if the width is not specified, it's taken from the {{@@block_encyption_mode}}
Task
Critical
MDEV-32047 KDF() with negative and multiple of eight width hangs the request
OK with adding more diagnostic as we agreed.