summaryrefslogtreecommitdiff
path: root/crypto
Commit message (Collapse)AuthorAgeFilesLines
...
* Follow up to r1833359: apr_crypto_prng API depends on APU_HAVE_CRYPTO_PRNG.Yann Ylavic2018-06-111-9/+8
| | | | | | Also switches apr_crypto_{prng,[thread_]random}_bytes() destination buffer type to void *. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1833366 13f79535-47bb-0310-9956-ffa450edef68
* Cryptographic Pseudo Random Number Generator (CPRNG).Yann Ylavic2018-06-112-2/+481
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | New apr_crypto_prng API and apr_crypto[_thread]_random_bytes() functions. Allows to generate cryptographically secure random bytes indefinitely given an initial seed of APR_CRYPTO_PRNG_SEED_SIZE bytes (32), which is either provided by the caller or automatically gathered from the system. The CPRNG can also be re-seeded at any time, or after a process is fork()ed. The internal key is renewed every APR_CRYPTO_PRNG_SEED_SIZE random bytes produced and those data once returned to the caller are cleared from the internal state, which ensures forward secrecy. This CPRNG is fast, based on a stream cipher, and will never block besides the initial seed or any reseed if it depends on the system entropy. Finally, it can be used either globally (locked in multithread environment), per-thread (a lock free instance is automatically created for each thread on first use), or created as standalone instance (manageable independently). For now it's only implemented with the OpenSSL library as underlying crypto, that is --with-crypto --with-openssl needs to be configured, and the latter links libcrypto with APR. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1833359 13f79535-47bb-0310-9956-ffa450edef68
* Better stack memseting of sensitive information.Christophe Jaillet2018-05-281-0/+5
| | | | | | | | Why is 'apr_crypto_memzero()' only available if APU_HAVE_CRYPTO=1? See PR 55738 git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1832415 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto: Fix compatibility with LibreSSL. PR 61596.Yann Ylavic2017-10-081-6/+19
| | | | | | | | | Proposed by: Bernard Spil <brnrd freebsd.org> Reviewed by: ylavic git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1811470 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto: follow up to r1772803.Yann Ylavic2017-02-021-2/+2
| | | | | | | | Still avoid excessive bcrypt iterations, verification side this time. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1781391 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto: blowfish: revert r1773929.Yann Ylavic2016-12-191-2/+1
| | | | | | | | | | Wrong place for this check, and wrong value too (should be 1 << 17). But actually the max is already caped by _crypt_gensalt_blowfish_rn() which is necessarily called previously in apr_bcrypt_encode(). git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1774976 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto: blowfish: follow up to r1772803: also cap hash verification time.Yann Ylavic2016-12-131-1/+2
| | | | | | | | Reverted in r1774976. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1773929 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypt: avoid excessive iteration in bcrypt hash.Nick Kew2016-12-051-1/+1
| | | | | | | Patch by Hanno Böck git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1772803 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto: axe the un(thread)safe key cache, creating each key on the poolYann Ylavic2016-12-023-44/+34
| | | | | | | | given to crypto_key()/crypto_passphrase(). git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1772414 13f79535-47bb-0310-9956-ffa450edef68
* Provide apr_siphash*() functions family.Yann Ylavic2016-10-071-0/+196
| | | | git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1763672 13f79535-47bb-0310-9956-ffa450edef68
* crypto: provide apr_crypto_equals(), a timing attacks safe buffers comparisonYann Ylavic2016-10-061-0/+15
| | | | | | | | function. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1763669 13f79535-47bb-0310-9956-ffa450edef68
* crypto: provide apr_crypto_memzero, garanteed to not be optimized out byYann Ylavic2016-10-061-1/+33
| | | | | | | | compilers. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1763665 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto_commoncrypto: set native eol.Yann Ylavic2016-09-261-912/+912
| | | | git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1762325 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto: Add apr_crypto_key() function which supports keysGraham Leggett2016-07-094-192/+633
| | | | | | | | generated from a passphrase or a raw secret provided by the caller. Deprecate apr_crypto_passphrase(). git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1752008 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto_nss: Ensure the SECItem returned by PK11_ParamFromIVGraham Leggett2016-07-081-12/+23
| | | | | | | is properly freed. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1751898 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto: Don't cache the driver if initialisation fails. ThisGraham Leggett2016-07-072-10/+14
| | | | | | | | stops the second and subsequent attempt to use the API from failing claiming the library is not initialised. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1751806 13f79535-47bb-0310-9956-ffa450edef68
* Add support for OpenSSL 1.1.0:Rainer Jung2016-02-071-25/+58
| | | | | | | | | | | | | | | | | | - choose OPENSSL_malloc_init() instead of CRYPTO_malloc_init - make cipherCtx a pointer. Type EVP_CIPHER_CTX is now opaque. - use EVP_CIPHER_CTX_new() in init() functions if initialised flag is not set (and set flag) - use EVP_CIPHER_CTX_free() in cleanup function - Improve reuse cleanup - call EVP_CIPHER_CTX_reset() resp. EVP_CIPHER_CTX_cleanup() in finish functions - call EVP_CIPHER_CTX_reset() resp. EVP_CIPHER_CTX_cleanup() when Update fails git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1728963 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto_nss: Explicitly declare key sizes when using NSS. Not all versionsGraham Leggett2014-09-211-2/+7
| | | | | | | of NSS detect key sizes correctly, leading to test failures. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1626561 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto_get_driver(): Fix invalid storage referenceJeff Trawick2014-08-211-1/+1
| | | | | | | | | | on error path. Submitted by: Philip Martin <philip.martin wandisco.com> Reviewed by: trawick git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1619438 13f79535-47bb-0310-9956-ffa450edef68
* Fix Android compile error caused by assumption that crypt is available.Jeff Trawick2014-08-191-2/+8
| | | | | | | | PR: 56627 Submitted by: Fredrik Fornwall <fredrik fornwall.net>, trawick git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1618843 13f79535-47bb-0310-9956-ffa450edef68
* Fix line endings of trunk-specific text filesWilliam A. Rowe Jr2013-10-291-814/+814
| | | | git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1536770 13f79535-47bb-0310-9956-ffa450edef68
* APR DSOs have .dll extension on Cygwin too.Jeff Trawick2013-10-051-1/+1
| | | | | | | | | PR: 55587 Submitted by: Carlo Bramini <carlo.bramix libero.it> Reviewed by: trawick git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1529554 13f79535-47bb-0310-9956-ffa450edef68
* Fix forever loop on NetWare when trying to get parent pool.Guenter Knauf2013-05-071-1/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1479836 13f79535-47bb-0310-9956-ffa450edef68
* speed-up md5 by avoiding some memcopiesStefan Fritsch2013-03-231-4/+18
| | | | | | | | PR: 49011 Submitted by: Stefan Fritsch, Stefan Fuhrmann <stefanfuhrmann alice-dsl de> git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1460244 13f79535-47bb-0310-9956-ffa450edef68
* use heap memory for crypt in apr_password_validate, to reduce stack usageStefan Fritsch2013-03-231-15/+29
| | | | | | | PR: 54572 git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1460243 13f79535-47bb-0310-9956-ffa450edef68
* Fix password validation failure for all cryptRainer Jung2013-02-231-13/+12
| | | | | | | | | | | and crypt_r based algorithms. PR: 54603 Submitted by: Harvey Eneman <harvey.eneman oracle.com> git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1449308 13f79535-47bb-0310-9956-ffa450edef68
* Fixup r1422413 so that memset is used on non-glibc platformsStefan Fritsch2012-12-281-5/+10
| | | | | | | Noticed by Alan Hourihane <alanh fairlite co uk> git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1426442 13f79535-47bb-0310-9956-ffa450edef68
* Split glibc version detection in two #if directives.Stefan Fritsch2012-12-151-1/+4
| | | | | | | | | | If __GLIBC_PREREQ is undefined, the single-line version expands to '#if 0 && 0(2,4)', which causes a syntax error. PR: 54275 git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1422413 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto: Add a native CommonCrypto implementation for iOS and OSXGraham Leggett2012-10-052-0/+819
| | | | | | | where OpenSSL has been deprecated. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1394552 13f79535-47bb-0310-9956-ffa450edef68
* apr_password_validate(): Fix intermittent errors on systemsJeff Trawick2012-08-081-9/+14
| | | | | | | | | such as FreeBSD where the crypt() function is used. (broken recently by r1362241) git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1370626 13f79535-47bb-0310-9956-ffa450edef68
* Forward port r1211337 from apr-util 1.4:Stefan Fritsch2012-07-161-0/+1
| | | | | | | Some compilers don't allow empty structure declarations git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1362248 13f79535-47bb-0310-9956-ffa450edef68
* Avoid copying the hashed password to a temp buffer, if possible.Stefan Fritsch2012-07-161-4/+4
| | | | | | | | Noted by Jason Ovich <jasonovich mailfish de> PR: 53410 git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1362241 13f79535-47bb-0310-9956-ffa450edef68
* Increase the buffer size for the hashed stringStefan Fritsch2012-07-151-1/+1
| | | | | | | | | | | | sha512-crypt with custom rounds= prefix needs 115 bytes plus length of the number of rounds string to store the resulting hash. An usable buffer size of 119 limited this to 9999 rounds. Use 200 to allow for future hash algorithms with longer string lengths (e.g. due to longer salt). git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1361811 13f79535-47bb-0310-9956-ffa450edef68
* Fix NetWare build with picky Metrowerks compiler.Guenter Knauf2012-07-072-3/+3
| | | | | | | Suggested by Stefan Fritsch. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1358480 13f79535-47bb-0310-9956-ffa450edef68
* fix breakageStefan Fritsch2012-07-051-3/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1357979 13f79535-47bb-0310-9956-ffa450edef68
* Add support for bcrypt encoded passwords.Stefan Fritsch2012-07-053-5/+961
| | | | | | | | | | | | | | | | | | | | | | | | The bcrypt implementation uses code from crypt_blowfish written by Solar Designer <solar openwall com>. The x86 assembler implementation is not used becaused it did not result in significant speed-up on my system. apr_bcrypt_encode creates hashes with "$2y$" prefix, but apr_password_validate also accepts the old prefix "$2a$". * crypto/crypt_blowfish.[ch]: Imported from crypt_blowfish 1.2. The only change compared to the upstream version is setting BF_ASM to 0. * crypto/apr_passwd.c: Add bcrypt support to apr_password_validate, add apr_bcrypt_encode * test/testpass.c: Add new tests, for bcrypt and the old schemes. * include/apr_md5.h: apr_password_validate() is left here fore backward compatibility and apr_bcrypt_encode() is added here as well. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1357780 13f79535-47bb-0310-9956-ffa450edef68
* Move non-MD5-related things from apr_md5.c to new file apr_passwd.cStefan Fritsch2012-07-052-144/+170
| | | | git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1357772 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto: Ensure that the if/else that governs the staticGraham Leggett2012-04-021-3/+3
| | | | | | | | initialisation of each crypto driver works when the first driver isn't in use. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1308318 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto: Ensure the *driver variable is initialised when a staticallyGraham Leggett2012-04-011-5/+6
| | | | | | | compiled library is initialised for the first time. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1308131 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto: Ensure the *driver variable is initialised when the libraryGraham Leggett2012-04-011-15/+7
| | | | | | | has already been loaded. Fix ported from apr_dbd. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1308087 13f79535-47bb-0310-9956-ffa450edef68
* Backport windows crypto build files from apr-util. We still need port module ↵Mladen Turk2011-12-082-0/+406
| | | | | | build part for Makefile.win git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1212119 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto: Move the static initialisation of DRIVER_LOAD fromGraham Leggett2011-12-083-28/+45
| | | | | | | | apr_crypto_init() to apr_crypto_get_driver(), so that we don't lose the parameters. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1211987 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto: Clear out buffers that are allocated by us when the pool fromGraham Leggett2011-12-053-0/+37
| | | | | | | which the memory was allocated from is cleaned up. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1210524 13f79535-47bb-0310-9956-ffa450edef68
* Remove variables that we assign but never read.Graham Leggett2011-11-281-1/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1207680 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto: Support NULL values for the params field.Graham Leggett2011-10-252-49/+57
| | | | git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1188920 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto: Teach the apr_crypto_nss driver to support the "noinit" optionGraham Leggett2011-10-232-82/+84
| | | | | | | for where NSS is initialised elsewhere. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1187984 13f79535-47bb-0310-9956-ffa450edef68
* Formatting, no functional change.Graham Leggett2011-10-233-108/+124
| | | | git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1187932 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto: Replace the LDAP inspired constant-based parameter passing withGraham Leggett2011-10-233-59/+122
| | | | | | | the apr_dbd inspired string passing, and simplify configuration. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1187914 13f79535-47bb-0310-9956-ffa450edef68
* Remove unused variable.Rainer Jung2011-06-281-1/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1140899 13f79535-47bb-0310-9956-ffa450edef68
* apr_crypto: Remove an unused parameter from the apr_crypto_init() function.Graham Leggett2011-06-081-2/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1133587 13f79535-47bb-0310-9956-ffa450edef68
View Lorry Controller Status