If backward-compatible API is not defined (-DOPENSSL_API_COMPAT=0x10100000L)
deprecated symbols cannot be used.
Also see https://bugs.gentoo.org/show_bug.cgi?id=604698
Thanks eroen for reporting this.
If measurement function returns exactly 500 ms, the iteration
calculation loop doubles iteration count but instead of repeating
measurement it uses this value directly.
Thanks to Ondrej Mosnacek for bug report.
The previous PBKDF2 benchmark code did not take into account
output key length.
For SHA1 (with 160-bits output) and 256-bit keys (and longer)
it means that the final value was higher than it should be.
For other hash algorithms (like SHA256 or SHA512) it caused
that iteration count was smaller (in comparison to SHA1) than
expected for the requested time period.
This patch fixes the code to use key size for the formatted device
(or default LUKS key size if running in informational benchmark mode).
Thanks to A.Visconti, S.Bossi, A.Calo and H.Ragab
(http://www.club.di.unimi.it/) for point this out.
(Based on "What users should know about Full Disk Encryption
based on LUKS" paper to be presented on CANS2015).
Apparently there are some people using ECB.
This mode by design do not use any IV, unfortunately
kernel dmcrypt allows to specify them (but userspace crypto api don't).
Let support activation as it was in previous version.
Should fix issue#238.
(Or it rehases key in every iteration.)
- Kernel backens seems not to support >20480 HMAC key
- NSS is slow (without proper key reset)
Add some test vectors (commented out by default).
- config.h must always be the first file to be included
- Use AM_CFLAGS and AM_LDFLAGS consistently and properly.
(Modified to disable build without largefile support etc
by Milan Broz <gmazyland@gmail.com>)
This includes crypto, loopaes, tcrypt handling code I have written myself
and verity code written originally by Mikulas Patocka and modified by me,
copyright by Red Hat.
Other part of library have to stay GPLv2+ only for now
(no agreement from all authors).
