Andy Polyakov
a42abde699
e_aes.c: reserve for future extensions.
2013-04-04 15:55:49 +02:00
Andy Polyakov
c9a8e3d1c7
evptests.txt: add XTS test vectors
2013-04-04 15:53:01 +02:00
Andy Polyakov
c5d975a743
Add support for SPARC T4 DES opcode.
2013-03-31 14:32:05 +02:00
Andy Polyakov
4e049c5259
Add AES-NI GCM stitch.
2013-03-29 20:45:33 +01:00
Andy Polyakov
5c60046553
e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms.
...
PR: 3002
2013-03-18 19:29:41 +01:00
Andy Polyakov
ca303d333b
evptests.txt: additional GCM test vectors.
2013-03-06 19:24:05 +01:00
Dr. Stephen Henson
15652f9825
GCM and CCM test support
...
Add code to support GCM an CCM modes in evp_test. On encrypt this
will compare the expected ciphertext and tag. On decrypt it will
compare the expected plaintext: tag comparison is done internally.
Add a simple CCM test case and convert all tests from crypto/modes/gcm128.c
2013-03-06 16:15:42 +00:00
Dr. Stephen Henson
95248de327
Add CCM ciphers to tables.
2013-03-06 16:15:42 +00:00
Ben Laurie
975dfb1c6c
make depend.
2013-02-21 18:17:38 +00:00
Andy Polyakov
2141e6f30b
e_aes_cbc_hmac_sha1.c: align calculated MAC at cache line.
...
It also ensures that valgring is happy.
2013-02-08 10:31:13 +01:00
Andy Polyakov
1041ab696e
e_aes_cbc_hmac_sha1.c: cleanse temporary copy of HMAC secret.
...
(cherry picked from commit 529d27ea47
)
2013-02-06 14:19:11 +00:00
Andy Polyakov
9970308c88
e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues.
...
Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
(cherry picked from commit 125093b59f
)
2013-02-06 14:19:10 +00:00
Ben Laurie
2acc020b77
Make CBC decoding constant time.
...
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.
This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.
In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bcc
)
2013-02-06 14:19:07 +00:00
Ben Laurie
a6bbbf2ff5
Make "make depend" work on MacOS out of the box.
2013-01-19 14:14:30 +00:00
Andy Polyakov
cd68694646
AES for SPARC T4: add XTS, reorder subroutines to improve TLB locality.
2012-11-24 21:55:23 +00:00
Dr. Stephen Henson
98a7edf9f0
make depend
2012-11-19 13:18:09 +00:00
Dr. Stephen Henson
7c43ea50fd
correct error function code
2012-11-05 13:34:29 +00:00
Andy Polyakov
7cb81398b7
e_camillia.c: remove copy-n-paste artifact, EVP_CIPH_FLAG_FIPS, and
...
leave comment about CTR mode.
2012-11-05 09:20:41 +00:00
Ben Laurie
5b0e3daf50
Remove unused static function.
2012-11-05 02:01:07 +00:00
Dr. Stephen Henson
057c8a2b9e
fix error code
2012-10-18 16:21:39 +00:00
Dr. Stephen Henson
964eaad78c
Don't require tag before ciphertext in AESGCM mode
2012-10-16 22:46:08 +00:00
Andy Polyakov
4739ccdb39
Add SPARC T4 Camellia support.
...
Submitted by: David Miller
2012-10-11 18:35:18 +00:00
Andy Polyakov
c5f6da54fc
Add SPARC T4 AES support.
...
Submitted by: David Miller
2012-10-06 18:08:09 +00:00
Andy Polyakov
244ed51a0d
e_aes.c: uninitialized variable in aes_ccm_init_key.
...
PR: 2874
Submitted by: Tomas Mraz
2012-09-15 08:45:42 +00:00
Dr. Stephen Henson
44488723de
add missing evp_cnf.c file
2012-07-04 13:15:10 +00:00
Dr. Stephen Henson
ea1d84358b
PR: 2840
...
Reported by: David McCullough <david_mccullough@mcafee.com>
Restore fips configuration module from 0.9.8.
2012-07-03 20:30:40 +00:00
Andy Polyakov
8d1b199d26
Revert random changes from commit#22606.
2012-06-04 22:12:10 +00:00
Ben Laurie
71fa451343
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
Andy Polyakov
8ea92ddd13
e_rc4_hmac_md5.c: last commit was inappropriate for non-x86[_64] platforms.
...
PR: 2792
2012-04-19 20:38:05 +00:00
Dr. Stephen Henson
b214184160
recognise X9.42 DH certificates on servers
2012-04-18 17:03:29 +00:00
Andy Polyakov
6dd9b0fc43
e_rc4_hmac_md5.c: harmonize zero-length fragment handling with
...
e_aes_cbc_hmac_sha1.c (mostly for aesthetic reasons).
2012-04-18 14:55:39 +00:00
Andy Polyakov
e36f6b9cfa
e_rc4_hmac_md5.c: oops, can't use rc4_hmac_md5_cipher on legacy Intel CPUs.
...
PR: 2792
2012-04-18 14:50:28 +00:00
Andy Polyakov
fc90e42c86
e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag
...
countermeasure.
PR: 2778
2012-04-15 14:14:22 +00:00
Dr. Stephen Henson
751e26cb9b
fix leak
2012-03-22 16:28:07 +00:00
Dr. Stephen Henson
f94cfe6a12
only cleanup ctx if we need to, save ctx flags when we do
2012-02-10 16:55:17 +00:00
Dr. Stephen Henson
afb14cda8c
Initial experimental support for X9.42 DH parameter format to handle
...
RFC5114 parameters and X9.42 DH public and private keys.
2011-12-07 00:32:34 +00:00
Andy Polyakov
77aae9654f
Configure, e_aes.c: allow for XTS assembler implementation.
2011-11-15 12:18:40 +00:00
Ben Laurie
ae55176091
Fix some warnings caused by __owur. Temporarily (I hope) remove the more
...
aspirational __owur annotations.
2011-11-14 00:36:10 +00:00
Andy Polyakov
32268b183f
e_aes.c: additional sanity check in aes_xts_cipher.
2011-11-12 13:26:36 +00:00
Andy Polyakov
60d4e99cf3
bsaes-x86_64.pl: add bsaes_xts_[en|de]crypt.
2011-11-10 22:41:31 +00:00
Andy Polyakov
9a480169cd
e_aes.c: fold aesni_xts_cipher and [most importantly] fix aes_xts_cipher's
...
return value after custom flag was rightly reverted.
2011-11-06 19:48:39 +00:00
Andy Polyakov
a75a52a43e
bsaes-x86_64.pl: add CBC decrypt and engage it in e_aes.c.
2011-10-30 12:15:56 +00:00
Andy Polyakov
f2784994ec
e_aes.c: fold even aesni_ccm_cipher.
2011-10-24 06:00:06 +00:00
Andy Polyakov
507b0d9d38
e_aes.c: prevent potential DoS in aes_gcm_tls_cipher.
2011-10-23 22:58:40 +00:00
Dr. Stephen Henson
f59a5d6079
No need for custom flag in XTS mode: block length is 1.
2011-10-23 17:06:28 +00:00
Andy Polyakov
07904e0c6c
evp/e_aes.c: fold AES-NI modes that heavily rely on indirect calls
...
(trade 2% small-block performance), engage bit-sliced AES in GCM.
2011-10-18 13:37:26 +00:00
Andy Polyakov
e2473dcc7d
c_allc.c: add aes-xts to loop.
2011-10-18 07:53:50 +00:00
Andy Polyakov
993adc0531
Engage bsaes-x86_64.pl, bit-sliced AES.
2011-10-17 17:10:54 +00:00
Andy Polyakov
027026df9f
e_aes.c: fix bug in aesni_gcm_tls_cipher.
2011-10-14 09:32:06 +00:00
Bodo Möller
bf6d2f986d
Make CTR mode behaviour consistent with other modes:
...
- clear ctx->num in EVP_CipherInit_ex
- adapt e_eas.c changes from http://cvs.openssl.org/chngview?cn=19816
for eng_aesni.c
Submitted by: Emilia Kasper
2011-10-13 13:41:34 +00:00