- Sep 21, 2018
-
-
agnosticdev authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7277) (cherry picked from commit 46d08509)
-
- Sep 13, 2018
-
-
Paul Yang authored
Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7209)
-
- Sep 11, 2018
-
-
Matt Caswell authored
Reviewed-by:
-
- Sep 07, 2018
-
-
Paul Yang authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7113)
-
Paul Yang authored
Reviewed-by:
-
Paul Yang authored
zero-length ID is allowed, but it's not allowed to skip the ID. Fixes: #6534 Reviewed-by:
-
Paul Yang authored
Reviewed-by:
-
Paul Yang authored
Thus users can use this function to set customized EVP_PKEY_CTX to EVP_MD_CTX structure. Reviewed-by:
-
- Sep 06, 2018
-
-
Pauli authored
Put a NULL check back in to avoid dereferencing the NULL pointer. Reviewed-by:
-
- Sep 05, 2018
-
-
Shane Lontis authored
Reviewed-by:
Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by:
-
- Aug 07, 2018
-
-
Andy Polyakov authored
In some cases it's about redundant check for return value, in some cases it's about replacing check for -1 with comparison to 0. Otherwise compiler might generate redundant check for <-1. [Even formatting and readability fixes.] Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6860)
-
- Aug 06, 2018
-
-
Patrick Steuer authored
Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
-
- Aug 03, 2018
-
-
Dr. Matthias St. Pierre authored
Fixes #6800 Replaces #5418 This commit reverts commit 7876dbff and moves the check for a zero-length input down the callstack into sha3_update(). Reviewed-by:
-
- Aug 01, 2018
-
-
Pauli authored
Reviewed-by:
-
- Jul 12, 2018
-
-
Patrick Steuer authored
Reviewed-by:
-
- Jul 06, 2018
-
-
Andy Polyakov authored
Improvement coefficients vary with TLS fragment length and platform, on most Intel processors maximum improvement is ~50%, while on Ryzen - 80%. The "secret" is new dedicated ChaCha20_128 code path and vectorized xor helpers. Reviewed-by:
-
- Jun 29, 2018
-
-
Andy Polyakov authored
Inputs not longer than 64 bytes are processed ~10% faster, longer lengths not divisble by 64, e.g. 255, up to ~20%. Unfortunately it's impossible to measure with apps/speed.c, -aead benchmarks TLS-like call sequence, but not exact. It took specially crafted code path... Reviewed-by:
-
- Jun 20, 2018
-
-
Matt Caswell authored
Reviewed-by:
-
- Jun 19, 2018
-
-
Jack Lloyd authored
Use EVP_PKEY_set_alias_type to access Reviewed-by:
-
Jack Lloyd authored
Reviewed-by:
-
- Jun 18, 2018
-
-
David von Oheimb authored
Reviewed-by:
-
- Jun 08, 2018
-
-
Matt Caswell authored
Only applies to algorithms that support it. Both raw private and public keys can be obtained for X25519, Ed25519, X448, Ed448. Raw private keys only can be obtained for HMAC, Poly1305 and SipHash Fixes #6259 Reviewed-by:
-
- Jun 03, 2018
-
-
Andy Polyakov authored
Even though calls can be viewed as styling improvement, they do come with cost. It's not big cost and shows only on short inputs, but it is measurable, 2-3% on some platforms. Reviewed-by:
-
- Apr 17, 2018
-
-
Richard Levitte authored
Reviewed-by:
-
- Apr 13, 2018
-
-
Matt Caswell authored
Historically we used to implement standalone base64 code for SRP. This was replaced by commit 3d3f21aa with the standard base64 processing code. However, the SRP base64 code was designed to be compatible with other SRP libraries (notably libsrp, but also others) that use a variant of standard base64. Specifically a different alphabet is used and no padding '=' characters are used. Instead 0 padding is added to the front of the string. By changing to standard base64 we change the behaviour of the API which may impact interoperability. It also means that SRP verifier files created prior to 1.1.1 would not be readable in 1.1.1 and vice versa. Instead we expand our standard base64 processing with the capability to be able to read and generate the SRP base64 variant. Reviewed-by:
-
Matt Caswell authored
Previously they were using EVP_EncodeBlock/EVP_DecodeBlock. These are low level functions that do not handle padding characters. This was causing the SRP code to fail. One side effect of using EVP_EncodeUpdate is that it inserts newlines which is not what we need in SRP so we add a flag to avoid that. Reviewed-by:
-
- Apr 03, 2018
-
-
Rich Salz authored
Almost all *alloc failures now set an error code. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
- Apr 02, 2018
-
-
Kurt Roeckx authored
Reviewed-by:
-
- Mar 29, 2018
-
-
FdaSilvaYY authored
methods : - EVP_PBE_scrypt - EVP_PKEY_meth_add0 - EVP_PKEY_meth_new - EVP_PKEY_CTX_dup Reviewed-by:
-
- Mar 28, 2018
-
-
Patrick Steuer authored
... to compute s390x aes function code from keylength. Signed-off-by:
-
Patrick Steuer authored
Signed-off-by:
-
Patrick Steuer authored
Signed-off-by:
-
Patrick Steuer authored
Signed-off-by:
-
Patrick Steuer authored
Signed-off-by:
-
- Mar 21, 2018
-
-
Jack Bates authored
Reviewed-by:
-
- Mar 20, 2018
-
-
Matt Caswell authored
Reviewed-by:
-
- Mar 19, 2018
-
-
Kurt Roeckx authored
Since the public and private DRBG are per thread we don't need one per ssl object anymore. It could also try to get entropy from a DRBG that's really from an other thread because the SSL object moved to an other thread. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
- Mar 15, 2018
-
-
Dr. Matthias St. Pierre authored
Fixes #4403 This commit moves the internal header file "internal/rand.h" to <openssl/rand_drbg.h>, making the RAND_DRBG API public. The RAND_POOL API remains private, its function prototypes were moved to "internal/rand_int.h" and converted to lowercase. Documentation for the new API is work in progress on GitHub #5461. Reviewed-by:
-
