Commit graph

47 commits

Author SHA1 Message Date
Dr. Stephen Henson
c0b674b7cb Relax CCM tag check.
In CCM mode don't require a tag before initialising decrypt: this allows
the tag length to be set without requiring the tag.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 9cca7be11d)
2015-07-06 18:35:35 +01:00
Emilia Kasper
ac32a77cd6 Use CRYPTO_memcmp when comparing authenticators
Pointed out by Victor Vasiliev (vasilvv@mit.edu) via Adam Langley
(Google).

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 1e4a355dca)
2015-06-08 15:01:14 +02:00
Matt Caswell
1a3701f4fe Sanity check EVP_CTRL_AEAD_TLS_AAD
The various implementations of EVP_CTRL_AEAD_TLS_AAD expect a buffer of at
least 13 bytes long. Add sanity checks to ensure that the length is at
least that. Also add a new constant (EVP_AEAD_TLS1_AAD_LEN) to evp.h to
represent this length. Thanks to Kevin Wojtysiak (Int3 Solutions) and
Paramjot Oberoi (Int3 Solutions) for reporting this issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit c826988109)

Conflicts:
	ssl/record/ssl3_record.c
2015-04-30 23:21:50 +01:00
Andy Polyakov
df57e42baa evp/e_aes.c: fix SPARC T4-specific problem:
- SIGSEGV/ILL in CCM (RT#3688);

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-12 09:07:53 +01:00
Matt Caswell
ae5c8664e5 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:31:38 +00:00
Andy Polyakov
f4868c9921 Remove inconsistency in ARM support.
This facilitates "universal" builds, ones that target multiple
architectures, e.g. ARMv5 through ARMv7. See commentary in
Configure for details.

Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit c1669e1c20)
2015-01-06 11:14:23 +01:00
Emilia Kasper
ebf221ee25 Fix build when BSAES_ASM is defined but VPAES_ASM is not
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit da92be4d68)
2014-08-21 15:48:10 +02:00
Andy Polyakov
c991d8ae8b Initial POWER8 support from development branch.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-20 14:36:49 +02:00
Dr. Stephen Henson
4c05b1f8d6 Make *Final work for key wrap again.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 58f4698f67)
2014-07-17 23:31:11 +01:00
Dr. Stephen Henson
6e1e5996df Sanity check lengths for AES wrap algorithm.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit d12eef1501)
2014-07-17 12:58:42 +01:00
Dr. Stephen Henson
802fdcda1e Fix copy for CCM, GCM and XTS.
Internal pointers in CCM, GCM and XTS contexts should either be
NULL or set to point to the appropriate key schedule. This needs
to be adjusted when copying contexts.
(cherry picked from commit c2fd5d79ff)
2014-06-30 13:59:38 +01:00
ZNV
14183e50e7 Make EVP_CIPHER_CTX_copy work in GCM mode.
PR#3272
(cherry picked from commit 370bf1d708)
2014-06-29 22:02:23 +01:00
Andy Polyakov
7e03acf2be Engage ARMv8 AES support [from HEAD]. 2014-06-11 00:08:03 +02:00
Dr. Stephen Henson
5f2329b82a Fix fips flag handling.
Don't set the fips flags in cipher and digests as the implementations
aren't suitable for FIPS mode and will be redirected to the FIPS module
versions anyway.

Return EVP_CIPH_FLAG_FIPS or EVP_MD_FLAG_FIPS if a FIPS implementation
exists when calling EVP_CIPHER_flags and EVP_MD_flags repectively.

Remove unused FIPS code from e_aes.c: the 1.0.2 branch will never be
used to build a FIPS module.
2014-02-27 19:18:58 +00:00
Andy Polyakov
fd2c85f6ae evp/e_aes.c: harmonize with 1.0.1. 2014-02-27 17:47:23 +01:00
Andy Polyakov
50f1b47c7f PPC assembly pack: jumbo update from master.
Add Vector Permutation AES and little-endian support.
2014-02-01 21:48:31 +01:00
Andy Polyakov
68e6ac4379 evp/e_[aes|camellia].c: fix typo in CBC subroutine.
It worked because it was never called.
(cherry picked from commit e9c80e04c1)
2013-12-18 22:56:24 +01:00
Andy Polyakov
b76310ba74 ARM assembly pack: AES update from master (including bit-sliced module). 2013-12-09 23:44:45 +01:00
Dr. Stephen Henson
e1e6c4dae7 Algorithm parameter support.
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
(cherry picked from commit e61f5d55bc)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
c6f3386577 EVP support for wrapping algorithms.
Add support for key wrap algorithms via EVP interface.

Generalise AES wrap algorithm and add to modes, making existing
AES wrap algorithm a special case.

Move test code to evptests.txt
(cherry picked from commit 97cf1f6c28)

Conflicts:

	CHANGES
2013-10-01 14:01:17 +01:00
Andy Polyakov
9dc07f04c3 crypto/evp/e_aes.c: fix logical pre-processor bug and formatting.
Bug would emerge when XTS is added to bsaes-armv7.pl. Pointed out by
Ard Biesheuvel of Linaro.
(cherry picked from commit 044f63086051d7542fa9485a1432498c39c4d8fa)
2013-08-03 17:09:37 +02:00
Andy Polyakov
a7e9ed95ec evp/e_aes.c: engage SPARC T4 AES support [from master]. 2013-05-20 16:36:53 +02:00
Andy Polyakov
615d0edf1f evp/e_aes.c: engage AES-NI GCM stitch. 2013-05-20 16:30:21 +02:00
Dr. Stephen Henson
9a6aff50ff Don't require tag before ciphertext in AESGCM mode 2012-10-16 22:46:32 +00:00
Andy Polyakov
507e5c3a61 e_aes.c: uninitialized variable in aes_ccm_init_key [from HEAD].
PR: 2874
Submitted by: Tomas Mraz
2012-09-15 08:46:08 +00:00
Dr. Stephen Henson
1dded7f7e8 Experimental multi-implementation support for FIPS capable OpenSSL.
When in FIPS mode the approved implementations are used as normal,
when not in FIPS mode the internal unapproved versions are used instead.
This means that the FIPS capable OpenSSL isn't forced to use the
(often lower perfomance) FIPS implementations outside FIPS mode.
2012-05-13 18:40:12 +00:00
Andy Polyakov
e6ccc6ed70 Configure, e_aes.c: allow for XTS assembler implementation [from HEAD]. 2011-11-15 12:19:56 +00:00
Andy Polyakov
e959a01fac e_aes.c: jumbo update from HEAD. 2011-11-14 21:17:08 +00:00
Andy Polyakov
a99ce1f5b1 e_aes.c: fix bug in aesni_gcm_tls_cipher [in HEAD]. 2011-10-14 09:34:14 +00:00
Dr. Stephen Henson
c0d2943952 Typo. 2011-09-16 23:04:07 +00:00
Bodo Möller
9e96812934 Fix error codes. 2011-09-05 09:42:55 +00:00
Dr. Stephen Henson
c5d38fc262 aesni TLS GCM support 2011-08-11 23:06:37 +00:00
Dr. Stephen Henson
6b71970520 Sync EVP AES modes from HEAD. 2011-08-11 22:52:06 +00:00
Dr. Stephen Henson
61cdb9f36a Backport GCM support from HEAD. Minimal support at present: no assembly
language optimisation. [original by Andy]
2011-08-04 11:12:38 +00:00
Andy Polyakov
fbe2e28911 AES-NI backport from HEAD. Note that e_aes.c doesn't implement all modes
from HEAD yet, more will be back-ported later.
2011-06-28 14:49:35 +00:00
Dr. Stephen Henson
04dc5a9ca6 Redirect digests to FIPS module for FIPS builds.
Use FIPS API when initialising digests.

Sync header file evp.h and error codes with HEAD for necessary FIPS
definitions.
2011-05-28 23:01:26 +00:00
Dr. Stephen Henson
19043426b9 backport AES EVP ctr mode changes from HEAD 2010-11-17 17:46:23 +00:00
Richard Levitte
8d1ebe0bd1 Add the missing parts for DES CFB1 and CFB8.
Add the corresponding AES parts while I'm at it.
make update
2004-01-28 19:05:35 +00:00
Richard Levitte
8c84b677e2 Make sure we get the definition of OPENSSL_NO_AES. 2003-03-20 23:28:03 +00:00
Richard Levitte
94f1b50c0f For CFB and OFB modes, always create the encryption key. 2002-05-31 13:11:44 +00:00
Richard Levitte
a6cd870784 The AES modes OFB and CFB are defined with 128 feedback bits. This
deviates from the "standard" 64 bits of feedback that all other
algorithms are using.  Therefore, let's redo certain EVP macros to
accept different amounts of feedback bits for these modes.

Also, change e_aes.c to provide all usually available modes for AES.
CTR isn't included yet.
2002-02-16 12:39:07 +00:00
Richard Levitte
6f9079fd50 Because Rijndael is more known as AES, use crypto/aes instead of
crypto/rijndael.  Additionally, I applied the AES integration patch
from Stephen Sprunk <stephen@sprunk.org> and fiddled it to work
properly with the normal EVP constructs (and incidently work the same
way as all other symmetric cipher implementations).

This results in an API that looks a lot like the rest of the OpenSSL
cipher suite.
2002-01-02 16:55:35 +00:00
Dr. Stephen Henson
591ccf586d Fix AES CBC mode EVP_CIPHER structures: the IV length is always
16.
2001-09-25 13:49:58 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Richard Levitte
77dd9c1850 Add the possibility to have AES removed in Windows as well.
Spotted by Harald Koch <chk@pobox.com>
2001-04-08 04:35:58 +00:00
Dr. Stephen Henson
1358835050 Change the EVP_somecipher() and EVP_somedigest()
functions to return constant EVP_MD and EVP_CIPHER
pointers.

Update docs.
2001-03-09 02:51:02 +00:00
Dr. Stephen Henson
deb2c1a1c5 Fix AES code.
Update Rijndael source to v3.0

Add AES OIDs.

Change most references of Rijndael to AES.

Add new draft AES ciphersuites.
2001-02-07 18:15:18 +00:00