- Jun 03, 2018
-
-
Andy Polyakov authored
Even though calls can be viewed as styling improvement, they do come with cost. It's not big cost and shows only on short inputs, but it is measurable, 2-3% on some platforms. Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6312)
-
- Apr 17, 2018
-
-
Richard Levitte authored
Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5990)
-
- Apr 13, 2018
-
-
Matt Caswell authored
Historically we used to implement standalone base64 code for SRP. This was replaced by commit 3d3f21aa with the standard base64 processing code. However, the SRP base64 code was designed to be compatible with other SRP libraries (notably libsrp, but also others) that use a variant of standard base64. Specifically a different alphabet is used and no padding '=' characters are used. Instead 0 padding is added to the front of the string. By changing to standard base64 we change the behaviour of the API which may impact interoperability. It also means that SRP verifier files created prior to 1.1.1 would not be readable in 1.1.1 and vice versa. Instead we expand our standard base64 processing with the capability to be able to read and generate the SRP base64 variant. Reviewed-by:
Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5925)
-
Matt Caswell authored
Previously they were using EVP_EncodeBlock/EVP_DecodeBlock. These are low level functions that do not handle padding characters. This was causing the SRP code to fail. One side effect of using EVP_EncodeUpdate is that it inserts newlines which is not what we need in SRP so we add a flag to avoid that. Reviewed-by:
-
- Apr 03, 2018
-
-
Rich Salz authored
Almost all *alloc failures now set an error code. Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5842)
-
Matt Caswell authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5851)
-
- Apr 02, 2018
-
-
Kurt Roeckx authored
Reviewed-by:
-
- Mar 29, 2018
-
-
FdaSilvaYY authored
methods : - EVP_PBE_scrypt - EVP_PKEY_meth_add0 - EVP_PKEY_meth_new - EVP_PKEY_CTX_dup Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by:
-
- Mar 28, 2018
-
-
Patrick Steuer authored
... to compute s390x aes function code from keylength. Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
-
Patrick Steuer authored
Signed-off-by:
-
Patrick Steuer authored
Signed-off-by:
-
Patrick Steuer authored
Signed-off-by:
-
Patrick Steuer authored
Signed-off-by:
-
- Mar 21, 2018
-
-
Jack Bates authored
Reviewed-by:
-
- Mar 20, 2018
-
-
Matt Caswell authored
Reviewed-by:
-
- Mar 19, 2018
-
-
Kurt Roeckx authored
Since the public and private DRBG are per thread we don't need one per ssl object anymore. It could also try to get entropy from a DRBG that's really from an other thread because the SSL object moved to an other thread. Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
- Mar 15, 2018
-
-
Dr. Matthias St. Pierre authored
Fixes #4403 This commit moves the internal header file "internal/rand.h" to <openssl/rand_drbg.h>, making the RAND_DRBG API public. The RAND_POOL API remains private, its function prototypes were moved to "internal/rand_int.h" and converted to lowercase. Documentation for the new API is work in progress on GitHub #5461. Reviewed-by:
-
Matt Caswell authored
Renamed to EVP_PKEY_new_raw_private_key()/EVP_new_raw_public_key() as per feedback. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Not all algorithms will support this, since their keys are not a simple block of data. But many can. Reviewed-by:
-
- Mar 02, 2018
-
-
Matt Caswell authored
This adds all of the relevant EVP plumbing required to make X448 and Ed448 work. Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/5481)
-
- Feb 28, 2018
-
-
Kurt Roeckx authored
Reviewed-by:
-
- Feb 27, 2018
-
-
Dr. Matthias St. Pierre authored
Fixes #5405, #1381 The base64 filter BIO reads its input in chunks of B64_BLOCK_SIZE bytes. When processing input in PEM format it can happen in rare cases that - the trailing PEM marker crosses the boundary of a chunk, and - the beginning of the following chunk contains valid base64 encoded data. This happened in issue #5405, where the PEM marker was split into "-----END CER" and "TIFICATE-----" at the end of the first chunk. The decoding of the first chunk terminated correctly at the '-' character, which is treated as an EOF marker, and b64_read() returned. However, when called the second time, b64_read() read the next chunk and interpreted the string "TIFICATE" as valid base64 encoded data, adding 6 extra bytes '4c 81 48 08 04 c4'. This patch restores the assignment of the error code to 'ctx->cont', which was deleted accidentally in commit 5562cfac and which prevents b64_read() from reading additional data on subsequent calls. This issue was observed and reported by Annie Yousar. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
- Feb 23, 2018
-
-
Bernd Edlinger authored
Reviewed-by:
-
- Feb 14, 2018
-
-
Viktor Dukhovni authored
This is purported to save a few cycles, but makes the code less obvious and more brittle, and in fact breaks on platforms where for ABI continuity reasons there is a SHA2 implementation in libc, and so EVP needs to call those to avoid conflicts. A sufficiently good optimizer could simply generate the same entry points for: foo(...) { ... } and bar(...) { return foo(...); } but, even without that, the different is negligible, with the "winner" varying from run to run (openssl speed -evp sha384): Old: type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes sha384 28864.28k 117362.62k 266469.21k 483258.03k 635144.87k 649123.16k New: type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes sha384 30055.18k 120725.98k 272057.26k 482847.40k 634585.09k 650308.27k Reviewed-by:
-
- Feb 06, 2018
-
-
Patrick Steuer authored
Signed-off-by:
-
Patrick Steuer authored
Signed-off-by:
-
- Jan 23, 2018
-
-
Pauli authored
Support added for these two digests, available only via the EVP interface. Reviewed-by:
-
Richard Levitte authored
EVP_PKEY_asn1_find_str() would search through standard asn1 methods first, then those added by the application, which EVP_PKEY_asn1_find() worked the other way around. Also, EVP_PKEY_asn1_find_str() didn't handle aliases. This change brings EVP_PKEY_asn1_find_str() closer to EVP_PKEY_asn1_find(). Fixes #5086 Reviewed-by:
-
- Jan 09, 2018
-
-
Richard Levitte authored
Reviewed-by:
-
- Jan 07, 2018
-
-
Patrick Steuer authored
Signed-off-by:
-
- Dec 15, 2017
-
-
Bernd Edlinger authored
Rename bio_info_cb to BIO_info_cb. Reviewed-by:
-
- Dec 09, 2017
-
-
Daniel Bevenius authored
I noticed that some of the BIO_METHOD structs are placing the name on the same line as the type and some don't. This commit places the name on a separate line for consistency (which looks like what the majority do) CLA: trivial Reviewed-by:
-
- Dec 08, 2017
-
-
Rich Salz authored
Reviewed-by:
-
- Nov 20, 2017
-
-
Paul Yang authored
EVP_PKEY_public_check() and EVP_PKEY_param_check() Doc and test cases are added Reviewed-by:
-
- Nov 13, 2017
-
-
Andy Polyakov authored
Even though |Blen| is declared uint64_t it was casted implicitly to int. [Caught by VC warning subsytem.] Reviewed-by:
-
