| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
| |
Also switches apr_crypto_{prng,[thread_]random}_bytes() destination buffer type to void *.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1833366 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New apr_crypto_prng API and apr_crypto[_thread]_random_bytes() functions.
Allows to generate cryptographically secure random bytes indefinitely
given an initial seed of APR_CRYPTO_PRNG_SEED_SIZE bytes (32), which
is either provided by the caller or automatically gathered from the system.
The CPRNG can also be re-seeded at any time, or after a process is fork()ed.
The internal key is renewed every APR_CRYPTO_PRNG_SEED_SIZE random
bytes produced and those data once returned to the caller are cleared from
the internal state, which ensures forward secrecy.
This CPRNG is fast, based on a stream cipher, and will never block besides
the initial seed or any reseed if it depends on the system entropy.
Finally, it can be used either globally (locked in multithread environment),
per-thread (a lock free instance is automatically created for each thread on
first use), or created as standalone instance (manageable independently).
For now it's only implemented with the OpenSSL library as underlying crypto,
that is --with-crypto --with-openssl needs to be configured, and the latter
links libcrypto with APR.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1833359 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
| |
Why is 'apr_crypto_memzero()' only available if APU_HAVE_CRYPTO=1?
See PR 55738
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1832415 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
| |
Proposed by: Bernard Spil <brnrd freebsd.org>
Reviewed by: ylavic
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1811470 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
| |
Still avoid excessive bcrypt iterations, verification side this time.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1781391 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
| |
Wrong place for this check, and wrong value too (should be 1 << 17).
But actually the max is already caped by _crypt_gensalt_blowfish_rn()
which is necessarily called previously in apr_bcrypt_encode().
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1774976 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
| |
Reverted in r1774976.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1773929 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
| |
Patch by Hanno Böck
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1772803 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
| |
given to crypto_key()/crypto_passphrase().
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1772414 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1763672 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
| |
function.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1763669 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
| |
compilers.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1763665 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1762325 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
| |
generated from a passphrase or a raw secret provided by the caller.
Deprecate apr_crypto_passphrase().
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1752008 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
| |
is properly freed.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1751898 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
| |
stops the second and subsequent attempt to use the API from failing
claiming the library is not initialised.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1751806 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- choose OPENSSL_malloc_init() instead of
CRYPTO_malloc_init
- make cipherCtx a pointer. Type EVP_CIPHER_CTX
is now opaque.
- use EVP_CIPHER_CTX_new() in init() functions
if initialised flag is not set (and set flag)
- use EVP_CIPHER_CTX_free() in cleanup function
- Improve reuse cleanup
- call EVP_CIPHER_CTX_reset() resp.
EVP_CIPHER_CTX_cleanup() in finish functions
- call EVP_CIPHER_CTX_reset() resp.
EVP_CIPHER_CTX_cleanup() when Update fails
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1728963 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
| |
of NSS detect key sizes correctly, leading to test failures.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1626561 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
| |
on error path.
Submitted by: Philip Martin <philip.martin wandisco.com>
Reviewed by: trawick
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1619438 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
| |
PR: 56627
Submitted by: Fredrik Fornwall <fredrik fornwall.net>, trawick
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1618843 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1536770 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
| |
PR: 55587
Submitted by: Carlo Bramini <carlo.bramix libero.it>
Reviewed by: trawick
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1529554 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1479836 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
| |
PR: 49011
Submitted by: Stefan Fritsch, Stefan Fuhrmann <stefanfuhrmann alice-dsl de>
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1460244 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
| |
PR: 54572
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1460243 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
| |
and crypt_r based algorithms.
PR: 54603
Submitted by: Harvey Eneman <harvey.eneman oracle.com>
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1449308 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
| |
Noticed by Alan Hourihane <alanh fairlite co uk>
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1426442 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
| |
If __GLIBC_PREREQ is undefined, the single-line version expands to
'#if 0 && 0(2,4)', which causes a syntax error.
PR: 54275
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1422413 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
| |
where OpenSSL has been deprecated.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1394552 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
| |
such as FreeBSD where the crypt() function is used.
(broken recently by r1362241)
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1370626 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
| |
Some compilers don't allow empty structure declarations
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1362248 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
| |
Noted by Jason Ovich <jasonovich mailfish de>
PR: 53410
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1362241 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
|
| |
sha512-crypt with custom rounds= prefix needs 115 bytes plus length of the
number of rounds string to store the resulting hash. An usable buffer size of
119 limited this to 9999 rounds.
Use 200 to allow for future hash algorithms with longer string lengths (e.g.
due to longer salt).
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1361811 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
| |
Suggested by Stefan Fritsch.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1358480 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1357979 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The bcrypt implementation uses code from crypt_blowfish written by Solar
Designer <solar openwall com>. The x86 assembler implementation is not used
becaused it did not result in significant speed-up on my system.
apr_bcrypt_encode creates hashes with "$2y$" prefix, but apr_password_validate
also accepts the old prefix "$2a$".
* crypto/crypt_blowfish.[ch]: Imported from crypt_blowfish 1.2. The only
change compared to the upstream version is setting BF_ASM to 0.
* crypto/apr_passwd.c: Add bcrypt support to apr_password_validate, add
apr_bcrypt_encode
* test/testpass.c: Add new tests, for bcrypt and the old schemes.
* include/apr_md5.h: apr_password_validate() is left here fore backward
compatibility and apr_bcrypt_encode() is added here as well.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1357780 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1357772 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
| |
initialisation of each crypto driver works when the first driver
isn't in use.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1308318 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
| |
compiled library is initialised for the first time.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1308131 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
| |
has already been loaded. Fix ported from apr_dbd.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1308087 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
| |
build part for Makefile.win
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1212119 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
| |
apr_crypto_init() to apr_crypto_get_driver(), so that we don't lose
the parameters.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1211987 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
| |
which the memory was allocated from is cleaned up.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1210524 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1207680 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1188920 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
| |
for where NSS is initialised elsewhere.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1187984 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1187932 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
| |
the apr_dbd inspired string passing, and simplify configuration.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1187914 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1140899 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1133587 13f79535-47bb-0310-9956-ffa450edef68
|