Skip to content
  1. Jan 07, 2018
  3. Dec 15, 2017
  5. Dec 09, 2017
  7. Dec 08, 2017
  9. Nov 20, 2017
  11. Nov 13, 2017
  13. Nov 05, 2017
  15. Oct 31, 2017
  17. Oct 30, 2017
  19. Oct 18, 2017
  21. Oct 13, 2017
  23. Oct 11, 2017
  25. Oct 09, 2017
  27. Sep 14, 2017
  29. Sep 13, 2017
  31. Sep 11, 2017
  33. Aug 30, 2017
  35. Aug 29, 2017
  37. Aug 22, 2017
  39. Aug 21, 2017
    • Pauli's avatar
      This has been added to avoid the situation where some host ctype.h functions · a1df06b3
      Pauli authored 
      
return true for characters > 127.  I.e. they are allowing extended ASCII
characters through which then cause problems.  E.g. marking superscript '2' as
a number then causes the common (ch - '0') conversion to number to fail
miserably.  Likewise letters with diacritical marks can also cause problems.

If a non-ASCII character set is being used (currently only EBCDIC), it is
adjusted for.

The implementation uses a single table with a bit for each of the defined
classes.  These functions accept an int argument and fail for
values out of range or for characters outside of the ASCII set.  They will
work for both signed and unsigned character inputs.

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4102)
      a1df06b3
  41. Aug 15, 2017
  43. Aug 12, 2017
  45. Aug 08, 2017
  47. Aug 03, 2017
    • Rich Salz's avatar
      Switch from ossl_rand to DRBG rand · 75e2c877
      Rich Salz authored 
      

If RAND_add wraps around, XOR with existing. Add test to drbgtest that
does the wrap-around.

Re-order seeding and stop after first success.

Add RAND_poll_ex()

Use the DF and therefore lower RANDOMNESS_NEEDED.  Also, for child DRBG's,
mix in the address as the personalization bits.

Centralize the entropy callbacks, from drbg_lib to rand_lib.
(Conceptually, entropy is part of the enclosing application.)
Thanks to Dr. Matthias St Pierre for the suggestion.

Various code cleanups:
    -Make state an enum; inline RANDerr calls.
    -Add RAND_POLL_RETRIES (thanks Pauli for the idea)
    -Remove most RAND_seed calls from rest of library
    -Rename DRBG_CTX to RAND_DRBG, etc.
    -Move some code from drbg_lib to drbg_rand; drbg_lib is now only the
     implementation of NIST DRBG.
    -Remove blocklength

Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4019)
      75e2c877
  49. Aug 01, 2017
    • Martin Peylo's avatar
      Adding NID_hmac_sha1 and _md5 to builtin_pbe[] · 418d49c2
      Martin Peylo authored 
      

The OID for {1 3 6 1 5 5 8 1 2} HMAC-SHA1 (NID_hmac_sha1) is explicitly
referenced by RFC 2510, RFC 3370, and RFC 4210. This is essential for the
common implementations of CMP (Certificate Managing Protocol, RFC4210).

HMAC-MD5's OID {1 3 6 1 5 5 8 1 1} (NID_hmac_md5) is in the same branch and
it seems to generally exist (-> Internet search), but it is unclear where it is
actually defined as it appears not to be referenced by RFCs and practically
rather unused.

Those OIDs are both duplicates to OIDs from an RSA OID branch, which are already
included in builtin_pbe[]:

HMAC-SHA1 also has another OID defined in PKCS#5/RFC2898 (NID_hmacWithSHA1).

It is also unclear where the other OID for HMAC-MD5 (NID_hmacWithMD5) from the
RSA branch is officially specified, as only HMAC-SHA1 from PKCS#5 was found to be
defined. Anyway, HMAC-MD5 likely only plays a neglectable role in the future.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarPaul Dale <paul.dale@or...>
      418d49c2
  51. Jul 29, 2017
  53. Jul 25, 2017
  55. Jul 24, 2017