#
7ed6de99 |
| 05-Sep-2024 |
Tomas Mraz |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes
|
#
c48e5687 |
| 25-Aug-2024 |
slontis |
XOF / EVP_MD_size() changes. Added the function EVP_MD_CTX_get_size_ex() which checks for XOF and does a ctx get rather than just returning EVP_MD_size(). SHAKE did not have a get_ct
XOF / EVP_MD_size() changes. Added the function EVP_MD_CTX_get_size_ex() which checks for XOF and does a ctx get rather than just returning EVP_MD_size(). SHAKE did not have a get_ctx_params() so that had to be added to return the xoflen. Added a helper function EVP_MD_xof() EVP_MD_CTX_size() was just an aliased macro for EVP_MD_size(), so to keep it the same I added an extra function. EVP_MD_size() always returns 0 for SHAKE now, since it caches the value of md_size at the time of an EVP_MD_fetch(). This is probably better than returning the incorrect initial value it was before e.g (16 for SHAKE128) and returning tht always instead of the set xoflen. Note BLAKE2B uses "size" instead of "xoflen" to do a similar thing. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25285)
show more ...
|
#
ad3f28c5 |
| 24-Apr-2024 |
Tomas Mraz |
Document that SHAKE-128 and SHAKE-256 have no default digest length Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https:/
Document that SHAKE-128 and SHAKE-256 have no default digest length Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/24105)
show more ...
|
#
8da20b30 |
| 24-Nov-2023 |
James Muir |
doc: improve display of KECCAK-KMAC128, KECCAK-KMAC256 defs Do not allow mid-expression line breaks. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@ope
doc: improve display of KECCAK-KMAC128, KECCAK-KMAC256 defs Do not allow mid-expression line breaks. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22814)
show more ...
|
#
f1bea887 |
| 13-Nov-2023 |
James Muir |
doc: better description of KECCAK-KMAC XOF KECCAK-KMAC-128 and KECCAK-KMAC-256 are extendable output functions that have been defined because they are convenient for implementing KMA
doc: better description of KECCAK-KMAC XOF KECCAK-KMAC-128 and KECCAK-KMAC-256 are extendable output functions that have been defined because they are convenient for implementing KMAC. Give definitions for them so that users aren't left to figure that out themselves. KECCAK-KMAC-128 is very similar to SHAKE-128, and KECCAK-KMAC-256 is very similar to SHAKE-256. Related to #22619. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22755)
show more ...
|
#
53664908 |
| 21-Jul-2023 |
slontis |
Add EVP_DigestSqueeze() API. Fixes #7894 This allows SHAKE to squeeze multiple times with different output sizes. The existing EVP_DigestFinalXOF() API has been left as a o
Add EVP_DigestSqueeze() API. Fixes #7894 This allows SHAKE to squeeze multiple times with different output sizes. The existing EVP_DigestFinalXOF() API has been left as a one shot operation. A similar interface is used by another toolkit. The low level SHA3_Squeeze() function needed to change slightly so that it can handle multiple squeezes. This involves changing the assembler code so that it passes a boolean to indicate whether the Keccak function should be called on entry. At the provider level, the squeeze is buffered, so that it only requests a multiple of the blocksize when SHA3_Squeeze() is called. On the first call the value is zero, on subsequent calls the value passed is 1. This PR is derived from the excellent work done by @nmathewson in https://github.com/openssl/openssl/pull/7921 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21511)
show more ...
|
#
b7cf9dd2 |
| 22-Jun-2022 |
slontis |
SHAKE documentation updates for default output length. Fixes #18586 In order to not break existing applications the OpenSSL documentation related to SHAKE has been updated.
SHAKE documentation updates for default output length. Fixes #18586 In order to not break existing applications the OpenSSL documentation related to SHAKE has been updated. Background: All digests algorithms (including XOF's) use the bitlen as the default output length. This results in a security strength of bitlen / 2. This means that SHAKE128 will by default have an output length of 16 bytes and a security strength of 64 bits. For SHAKE256 the default output length is 32 bytes and has a security strength of 128 bits. This behaviour was present in 1.1.1 and has been duplicated in the provider SHAKE algorithms for 3.0. The SHAKE XOF algorithms have a security strength of min(bitlen, output xof length in bits / 2). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18622)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
1e55cbc8 |
| 06-Mar-2020 |
Richard Levitte |
DOCS: Move implementation specific docs away from provider-digest(7) The provider- manuals are meant to describe the general interface for their respective operation. This is not the pl
DOCS: Move implementation specific docs away from provider-digest(7) The provider- manuals are meant to describe the general interface for their respective operation. This is not the place to describe implementation specific details. This change creates a number of doc/man7/EVP_MD manuals, one for each algorithm or set of algorithms, as well as doc/man7/EVP_MD-common.pod to describe what's common to them all. While we're at it, correct the SHA3 settable context params array to match what's actually settable. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11270)
show more ...
|