openssl/apps
slontis b7cf9dd239 SHAKE documentation updates for default output length.
Fixes #18586

In order to not break existing applications the OpenSSL documentation
related to SHAKE has been updated.

Background:

All digests algorithms (including XOF's) use the bitlen as the default output length.
This results in a security strength of bitlen / 2.

This means that SHAKE128 will by default have an output length of 16
bytes and a security strength of 64 bits.

For SHAKE256 the default output length is 32 bytes and has a security
strength of 128 bits.

This behaviour was present in 1.1.1 and has been duplicated in the
provider SHAKE algorithms for 3.0.

The SHAKE XOF algorithms have a security strength of
min(bitlen, output xof length in bits / 2).

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18622)
2022-08-17 16:17:42 +02:00
..
demoSRP Remove unnecessary trailing whitespace 2019-02-05 16:25:11 +01:00
include APPS/x509: With -CA but both -CAserial and -CAcreateserial not given, use random serial. 2022-07-14 07:23:58 +01:00
lib Fix verify_callback in the openssl s_client/s_server app 2022-07-20 07:37:05 +01:00
asn1parse.c APPS: Improve diagnostics on missing/extra args and unknown cipher/digest 2021-12-07 15:26:40 +01:00
build.info CMP test server: move apps/{,lib/}cmp_mock_srv.c and apps/{,include/}cmp_mock_srv.h 2021-05-20 16:23:27 +02:00
ca-cert.srl
ca-key.pem
ca-req.pem
ca.c APPS/x509: With -CA but both -CAserial and -CAcreateserial not given, use random serial. 2022-07-14 07:23:58 +01:00
CA.pl.in Abstract out policy and extensions in CA.pl 2021-11-16 15:48:08 +00:00
cert.pem
ciphers.c Update copyright year 2022-05-03 13:34:51 +01:00
client.pem
cmp.c Add OSSL_CMP_CTX_get0_validatedSrvCert(), correcting OSSL_CMP_validate_msg() 2022-07-20 11:40:37 +02:00
cms.c Update copyright year 2022-05-03 13:34:51 +01:00
crl2pkcs7.c APPS: Improve diagnostics on missing/extra args and unknown cipher/digest 2021-12-07 15:26:40 +01:00
crl.c Update copyright year 2022-05-03 13:34:51 +01:00
ct_log_list.cnf Remove unnecessary trailing whitespace 2019-02-05 16:25:11 +01:00
dgst.c SHAKE documentation updates for default output length. 2022-08-17 16:17:42 +02:00
dhparam.c APPS: dhparam: Support setting properties 2022-08-17 09:20:41 +02:00
dsa512.pem
dsa1024.pem
dsa-ca.pem
dsa-pca.pem
dsa.c Update copyright year 2022-05-03 13:34:51 +01:00
dsap.pem
dsaparam.c APPS: dsaparam, gendsa: Support setting properties 2022-07-01 11:11:23 +02:00
ec.c Fix the checks of EVP_PKEY_check 2022-06-02 10:36:56 -04:00
ecparam.c APPS: ecparam: Support setting properties 2022-08-17 09:20:41 +02:00
enc.c Update copyright year 2022-05-03 13:34:51 +01:00
engine.c Update copyright year 2021-05-06 13:03:23 +01:00
errstr.c Check non-option arguments 2020-12-15 11:47:17 +01:00
fipsinstall.c APPS: Improve diagnostics on missing/extra args and unknown cipher/digest 2021-12-07 15:26:40 +01:00
gendsa.c APPS: dsaparam, gendsa: Support setting properties 2022-07-01 11:11:23 +02:00
genpkey.c Update copyright year 2022-05-03 13:34:51 +01:00
genrsa.c APPS: genrsa: Support setting properties 2022-08-17 09:20:41 +02:00
info.c APPS: Improve diagnostics on missing/extra args and unknown cipher/digest 2021-12-07 15:26:40 +01:00
insta.ca.crt openssl-cmp.pod.in: Update and extend example using Insta Demo CA 2020-08-04 12:11:46 +02:00
kdf.c kdf: use the app's libctx and property query when searching for algorithms 2021-06-15 18:26:47 +10:00
list.c Update copyright year 2022-05-03 13:34:51 +01:00
mac.c APPS: Improve diagnostics on missing/extra args and unknown cipher/digest 2021-12-07 15:26:40 +01:00
nseq.c APPS: Improve diagnostics on missing/extra args and unknown cipher/digest 2021-12-07 15:26:40 +01:00
ocsp.c Fixes OSCP->OCSP typo in ocsp command line 2022-07-06 08:25:07 +01:00
openssl-vms.cnf Disclaimer about the default provider activation added to config 2021-08-12 09:59:34 +02:00
openssl.c APPS: Improve diagnostics on missing/extra args and unknown cipher/digest 2021-12-07 15:26:40 +01:00
openssl.cnf Disclaimer about the default provider activation added to config 2021-08-12 09:59:34 +02:00
passwd.c Update copyright year 2022-05-03 13:34:51 +01:00
pca-cert.srl
pca-key.pem
pca-req.pem
pkcs7.c Update copyright year 2022-05-03 13:34:51 +01:00
pkcs8.c APPS: Improve diagnostics on missing/extra args and unknown cipher/digest 2021-12-07 15:26:40 +01:00
pkcs12.c Fix wrong default algorithm in openssl pkcs12 help 2022-08-01 11:54:36 +02:00
pkey.c Update copyright year 2022-05-03 13:34:51 +01:00
pkeyparam.c APPS: pkeyparam: Support setting properties 2022-08-17 09:20:41 +02:00
pkeyutl.c Update copyright year 2022-05-03 13:34:51 +01:00
prime.c Update copyright year 2022-05-03 13:34:51 +01:00
privkey.pem
progs.pl Update copyright year 2022-05-03 13:34:51 +01:00
rand.c Update copyright year 2022-05-03 13:34:51 +01:00
rehash.c Update copyright year 2022-05-03 13:34:51 +01:00
req.c Update copyright year 2022-05-03 13:34:51 +01:00
req.pem
rsa8192.pem Fix rsa8192.pem 2020-05-13 06:28:36 +02:00
rsa.c Fix the checks of EVP_PKEY_check 2022-06-02 10:36:56 -04:00
rsautl.c APPS: Improve diagnostics on missing/extra args and unknown cipher/digest 2021-12-07 15:26:40 +01:00
s512-key.pem
s512-req.pem
s1024key.pem
s1024req.pem
s_client.c s_client -proxy / -starttls shouldn't be mutually exclusive 2022-05-05 13:36:23 +02:00
s_server.c apps/s_server.c: Add check for OPENSSL_strdup 2022-06-22 16:56:40 +10:00
s_time.c APPS: Improve diagnostics on missing/extra args and unknown cipher/digest 2021-12-07 15:26:40 +01:00
server2.pem
server.pem Replace apps/server.pem with certificate with a sha256 signature. 2020-01-25 14:10:40 +01:00
server.srl
sess_id.c APPS: Improve diagnostics on missing/extra args and unknown cipher/digest 2021-12-07 15:26:40 +01:00
smime.c Update copyright year 2022-05-03 13:34:51 +01:00
speed.c Implement AES-GCM-SIV (RFC8452) 2022-07-29 08:32:16 -04:00
spkac.c APPS: Improve diagnostics on missing/extra args and unknown cipher/digest 2021-12-07 15:26:40 +01:00
srp.c openssl srp: make index.txt parsing error more verbose 2021-05-24 14:37:00 +02:00
storeutl.c Update copyright year 2022-05-03 13:34:51 +01:00
testCA.pem
testdsa.h Replace OSSL_PARAM_BLD_free_params() with OSSL_PARAM_free(). 2021-04-12 16:55:30 +10:00
testrsa.h Following the license change, modify the boilerplates in apps/ 2018-12-06 14:15:27 +01:00
timeouts.h Fix header file include guard names 2019-09-28 20:26:36 +02:00
ts.c Fix the checks of X509_LOOKUP_* functions 2022-06-23 12:42:25 +02:00
tsget.in convert tabs to spaces in two distributed Perl scripts 2021-09-14 07:21:22 +10:00
verify.c Update copyright year 2022-05-03 13:34:51 +01:00
version.c APPS: Improve diagnostics on missing/extra args and unknown cipher/digest 2021-12-07 15:26:40 +01:00
vms_decc_init.c VMS: move copy_argc to its own module and make it an aux source 2019-03-05 08:51:09 +01:00
x509.c apps/x509: add warnings for options ignored when -CA is not specified 2022-07-14 07:24:27 +01:00