Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s |
|
#
f0efeea2 |
| 03-May-2019 |
Shane Lontis |
PBKDF2 updates to conform to SP800-132 The existing code used PKCS5 specifications. SP800-132 adds the following additional constraints for: - the range of the key length. -
PBKDF2 updates to conform to SP800-132 The existing code used PKCS5 specifications. SP800-132 adds the following additional constraints for: - the range of the key length. - the minimum iteration count (1000 recommended). - salt length (at least 128 bits). These additional constraints may cause errors (in scrypt, and some PKCS5 related test vectors). To disable the new constraints use the new ctrl string "pkcs5". For backwards compatability, the checks are only enabled by default for fips mode. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8868)
show more ...
|
#
ea053ec9 |
| 07-May-2019 |
Pauli |
Coverity CID 1444961: Integer handling issues Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
|
Revision tags: OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
3a9b3d2d |
| 13-Dec-2018 |
Richard Levitte |
Adapt OPENSSL_DEBUG_PKCS5V2 to the new generic trace API Co-authored-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Me
Adapt OPENSSL_DEBUG_PKCS5V2 to the new generic trace API Co-authored-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8198)
show more ...
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i |
|
#
5a285add |
| 21-Jun-2018 |
David Makepeace |
Added new EVP/KDF API. Changed PKEY/KDF API to call the new API. Added wrappers for PKCS5_PBKDF2_HMAC() and EVP_PBE_scrypt() to call the new EVP KDF APIs. Documentation updated.
Added new EVP/KDF API. Changed PKEY/KDF API to call the new API. Added wrappers for PKCS5_PBKDF2_HMAC() and EVP_PBE_scrypt() to call the new EVP KDF APIs. Documentation updated. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6674)
show more ...
|
#
4a8b0c55 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in crypto/evp/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/
Following the license change, modify the boilerplates in crypto/evp/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7794)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1 |
|
#
cbe29648 |
| 07-Dec-2017 |
Rich Salz |
Consistent formatting for sizeof(foo) Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4872)
|
Revision tags: OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
#
e3713c36 |
| 10-Oct-2017 |
Rich Salz |
Remove email addresses from source code. Names were not removed. Some comments were updated. Replace Andy's address with openssl.org Reviewed-by: Andy Polyakov <appro@openss
Remove email addresses from source code. Names were not removed. Some comments were updated. Replace Andy's address with openssl.org Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4516)
show more ...
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16, OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c |
|
#
b98530d6 |
| 13-Oct-2016 |
Gergely Nagy |
PBKDF2 computation speedup (15-40%) This commit contains some optimizations in PKCS5_PBKDF2_HMAC() and HMAC_CTX_copy() functions which together makes PBKDF2 computations faster by 15
PBKDF2 computation speedup (15-40%) This commit contains some optimizations in PKCS5_PBKDF2_HMAC() and HMAC_CTX_copy() functions which together makes PBKDF2 computations faster by 15-40% according to my measurements made on x64 Linux with both asm optimized and no-asm versions of SHA1, SHA256 and SHA512. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1708)
show more ...
|
#
fa013b65 |
| 11-Oct-2016 |
Péter Budai |
Fixed PKCS5_PBKDF2_HMAC() to adhere to the documentation. The documentation of this function states that the password parameter can be NULL. However, the implementation returns an error
Fixed PKCS5_PBKDF2_HMAC() to adhere to the documentation. The documentation of this function states that the password parameter can be NULL. However, the implementation returns an error in this case due to the inner workings of the HMAC_Init_ex() function. With this change, NULL password will be treated as an empty string and PKCS5_PBKDF2_HMAC() no longer fails on this input. I have also added two new test cases that tests the handling of the special values NULL and -1 of the password and passlen parameters, respectively. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1692)
show more ...
|
#
7280a5d3 |
| 28-Oct-2016 |
Richard Levitte |
Clean away remaining 'selftest' code All of these don't compile cleanly any more, probably haven't for quite some time Reviewed-by: Emilia Käsper <emilia@openssl.org> (Merge
Clean away remaining 'selftest' code All of these don't compile cleanly any more, probably haven't for quite some time Reviewed-by: Emilia Käsper <emilia@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1789)
show more ...
|
Revision tags: OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a, OpenSSL_1_1_0, OpenSSL_1_1_0-pre6, OpenSSL-fips-2_0_13 |
|
#
62867571 |
| 17-May-2016 |
Rich Salz |
Copyright consolidation 04/10 Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
dccd20d1 |
| 03-May-2016 |
FdaSilvaYY |
fix tab-space mixed indentation No code change Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
|
Revision tags: OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5, OpenSSL_1_1_0-pre4, OpenSSL_1_0_1s, OpenSSL_1_0_2g |
|
#
d63a5e5e |
| 18-Feb-2016 |
Rich Salz |
Remove outdated DEBUG flags. Add -DBIO_DEBUG to --strict-warnings. Remove comments about outdated debugging ifdef guards. Remove md_rand ifdef guarding an assert; it doesn't seem use
Remove outdated DEBUG flags. Add -DBIO_DEBUG to --strict-warnings. Remove comments about outdated debugging ifdef guards. Remove md_rand ifdef guarding an assert; it doesn't seem used. Remove the conf guards in conf_api since we use OPENSSL_assert, not assert. For pkcs12 stuff put OPENSSL_ in front of the macro name. Merge TLS_DEBUG into SSL_DEBUG. Various things just turned on/off asserts, mainly for checking non-NULL arguments, which is now removed: camellia, bn_ctx, crypto/modes. Remove some old debug code, that basically just printed things to stderr: DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG, RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG. Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL. Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0-pre3, OpenSSL-fips-2_0_12, OpenSSL_1_0_1r, OpenSSL_1_0_2f, OpenSSL_1_1_0-pre2 |
|
#
34980760 |
| 18-Dec-2015 |
Rich Salz |
Remove /* foo.c */ comments This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1
Remove /* foo.c */ comments This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0-pre1, OpenSSL_0_9_8zh, OpenSSL_1_0_0t, OpenSSL_1_0_1q, OpenSSL_1_0_2e |
|
#
a87a0a6e |
| 02-Dec-2015 |
Richard Levitte |
Cleanup: fix all sources that used HMAC_CTX_init Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
eda34e4b |
| 30-Nov-2015 |
Richard Levitte |
Adapt the rest of the source to the removal of (EVP_MD_CTX|HMAC_CTX)_cleanup Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
bf7c6817 |
| 30-Nov-2015 |
Richard Levitte |
Adapt the rest of the source to the opaque HMAC_CTX Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
fa0c23de |
| 27-Nov-2015 |
Richard Levitte |
Adapt HMAC to the EVP_MD_CTX changes This change required some special treatment, as HMAC is intertwined with EVP_MD. For now, all local HMAC_CTX variables MUST be initialised with
Adapt HMAC to the EVP_MD_CTX changes This change required some special treatment, as HMAC is intertwined with EVP_MD. For now, all local HMAC_CTX variables MUST be initialised with HMAC_CTX_EMPTY, or whatever happens to be on the stack will be mistaken for actual pointers to EVP_MD_CTX. This will change as soon as HMAC_CTX becomes opaque. Also, since HMAC_CTX_init() can fail now, its return type changes from void to int, and it will return 0 on failure, 1 on success. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_0_1p, OpenSSL_1_0_2d, OpenSSL-fips-2_0_11, OpenSSL_1_0_1o, OpenSSL_1_0_2c, OpenSSL_0_9_8zg, OpenSSL_1_0_0s, OpenSSL_1_0_1n, OpenSSL_1_0_2b |
|
#
b39fc560 |
| 14-May-2015 |
Richard Levitte |
Identify and move common internal libcrypto header files There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and ada
Identify and move common internal libcrypto header files There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
Revision tags: OpenSSL-fips-2_0_10 |
|
#
e93c8748 |
| 28-Mar-2015 |
Dr. Stephen Henson |
Remove duplicate code. Update code to use ASN1_TYPE_pack_sequence and ASN1_TYPE_unpack_sequence instead of performing the same operation manually. Reviewed-by: Rich Salz <rsalz@
Remove duplicate code. Update code to use ASN1_TYPE_pack_sequence and ASN1_TYPE_unpack_sequence instead of performing the same operation manually. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
Revision tags: OpenSSL_0_9_8zf, OpenSSL_1_0_0r, OpenSSL_1_0_1m, OpenSSL_1_0_2a |
|
#
d6c5462e |
| 06-Feb-2015 |
Dr. Stephen Henson |
Support for alternative KDFs. Don't hard code NID_id_pbkdf2 in PBES2: look it up in PBE table. Reviewed-by: Andy Polyakov <appro@openssl.org>
|
#
a283d2a8 |
| 06-Feb-2015 |
Dr. Stephen Henson |
Remove OPENSSL_NO_HMAC Disabling HMAC doesn't work. If it did it would end up disabling a lot of OpenSSL functionality (it is required for all versions of TLS for example). Reviewed-
Remove OPENSSL_NO_HMAC Disabling HMAC doesn't work. If it did it would end up disabling a lot of OpenSSL functionality (it is required for all versions of TLS for example). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
474e469b |
| 27-Jan-2015 |
Rich Salz |
OPENSSL_NO_xxx cleanup: SHA Remove support for SHA0 and DSS0 (they were broken), and remove the ability to attempt to build without SHA (it didn't work). For simplicity, remove the o
OPENSSL_NO_xxx cleanup: SHA Remove support for SHA0 and DSS0 (they were broken), and remove the ability to attempt to build without SHA (it didn't work). For simplicity, remove the option of not building various SHA algorithms; you could argue that SHA_224/256/384/512 should be kept, since they're like crypto algorithms, but I decided to go the other way. So these options are gone: GENUINE_DSA OPENSSL_NO_SHA0 OPENSSL_NO_SHA OPENSSL_NO_SHA1 OPENSSL_NO_SHA224 OPENSSL_NO_SHA256 OPENSSL_NO_SHA384 OPENSSL_NO_SHA512 Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_0_2, master-post-auto-reformat |
|
#
0f113f3e |
| 22-Jan-2015 |
Matt Caswell |
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
|
Revision tags: OpenSSL_1_0_2-post-auto-reformat, OpenSSL_0_9_8-post-auto-reformat, OpenSSL_0_9_8-pre-auto-reformat, OpenSSL_1_0_0-post-auto-reformat, OpenSSL_1_0_0-pre-auto-reformat, OpenSSL_1_0_1-post-auto-reformat, OpenSSL_1_0_1-pre-auto-reformat, master-post-reformat, OpenSSL_0_9_8-pre-reformat, OpenSSL_0_9_8ze, OpenSSL_1_0_0-pre-reformat, OpenSSL_1_0_0q, OpenSSL_1_0_1-pre-reformat, OpenSSL_1_0_1l, master-pre-reformat, OpenSSL_1_0_2-pre-reformat, OpenSSL_0_9_8zd, OpenSSL_1_0_0p, OpenSSL_1_0_1k, OpenSSL_0_9_8-post-reformat, OpenSSL-fips-2_0_9, OpenSSL_1_0_1j, OpenSSL_1_0_0o, OpenSSL_0_9_8zc, OpenSSL_1_0_2-beta3, OpenSSL_0_9_8zb, OpenSSL_1_0_0n, OpenSSL_1_0_1i, OpenSSL_1_0_2-beta2, OpenSSL-fips-2_0_8, OpenSSL_1_0_1h, OpenSSL_1_0_0m, OpenSSL_0_9_8za, OpenSSL-fips-2_0_7, OpenSSL_1_0_1g, OpenSSL_1_0_2-beta1, OpenSSL_1_0_0l, OpenSSL_1_0_1f, OpenSSL-fips-2_0_6, OpenSSL-fips-2_0_5, OpenSSL-fips-2_0_4 |
|
#
16bc45ba |
| 11-Nov-2013 |
Dr. Stephen Henson |
Fix memory leak.
|