wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11267 commits 20 branches 302 tags 153 MiB
Commit graph

685 commits

Author SHA1 Message Date
Andy Polyakov
9970308c88 e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues. 
Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
(cherry picked from commit 125093b59f)
 2013-02-06 14:19:10 +00:00
Ben Laurie
2acc020b77 Make CBC decoding constant time. 
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bcc)
 2013-02-06 14:19:07 +00:00
Ben Laurie
a6bbbf2ff5 Make "make depend" work on MacOS out of the box. 2013-01-19 14:14:30 +00:00
Andy Polyakov
cd68694646 AES for SPARC T4: add XTS, reorder subroutines to improve TLB locality. 2012-11-24 21:55:23 +00:00
Dr. Stephen Henson
98a7edf9f0 make depend 2012-11-19 13:18:09 +00:00
Dr. Stephen Henson
7c43ea50fd correct error function code 2012-11-05 13:34:29 +00:00
Andy Polyakov
7cb81398b7 e_camillia.c: remove copy-n-paste artifact, EVP_CIPH_FLAG_FIPS, and 
leave comment about CTR mode.
 2012-11-05 09:20:41 +00:00
Ben Laurie
5b0e3daf50 Remove unused static function. 2012-11-05 02:01:07 +00:00
Dr. Stephen Henson
057c8a2b9e fix error code 2012-10-18 16:21:39 +00:00
Dr. Stephen Henson
964eaad78c Don't require tag before ciphertext in AESGCM mode 2012-10-16 22:46:08 +00:00
Andy Polyakov
4739ccdb39 Add SPARC T4 Camellia support. 
Submitted by: David Miller
 2012-10-11 18:35:18 +00:00
Andy Polyakov
c5f6da54fc Add SPARC T4 AES support. 
Submitted by: David Miller
 2012-10-06 18:08:09 +00:00
Andy Polyakov
244ed51a0d e_aes.c: uninitialized variable in aes_ccm_init_key. 
PR: 2874
Submitted by: Tomas Mraz
 2012-09-15 08:45:42 +00:00
Dr. Stephen Henson
44488723de add missing evp_cnf.c file 2012-07-04 13:15:10 +00:00
Dr. Stephen Henson
ea1d84358b PR: 2840 
Reported by: David McCullough <david_mccullough@mcafee.com>

Restore fips configuration module from 0.9.8.
 2012-07-03 20:30:40 +00:00
Andy Polyakov
8d1b199d26 Revert random changes from commit#22606. 2012-06-04 22:12:10 +00:00
Ben Laurie
71fa451343 Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
Andy Polyakov
8ea92ddd13 e_rc4_hmac_md5.c: last commit was inappropriate for non-x86[_64] platforms. 
PR: 2792
 2012-04-19 20:38:05 +00:00
Dr. Stephen Henson
b214184160 recognise X9.42 DH certificates on servers 2012-04-18 17:03:29 +00:00
Andy Polyakov
6dd9b0fc43 e_rc4_hmac_md5.c: harmonize zero-length fragment handling with 
e_aes_cbc_hmac_sha1.c (mostly for aesthetic reasons).
 2012-04-18 14:55:39 +00:00
Andy Polyakov
e36f6b9cfa e_rc4_hmac_md5.c: oops, can't use rc4_hmac_md5_cipher on legacy Intel CPUs. 
PR: 2792
 2012-04-18 14:50:28 +00:00
Andy Polyakov
fc90e42c86 e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag 
countermeasure.

PR: 2778
 2012-04-15 14:14:22 +00:00
Dr. Stephen Henson
751e26cb9b fix leak 2012-03-22 16:28:07 +00:00
Dr. Stephen Henson
f94cfe6a12 only cleanup ctx if we need to, save ctx flags when we do 2012-02-10 16:55:17 +00:00
Dr. Stephen Henson
afb14cda8c Initial experimental support for X9.42 DH parameter format to handle 
RFC5114 parameters and X9.42 DH public and private keys.
 2011-12-07 00:32:34 +00:00
Andy Polyakov
77aae9654f Configure, e_aes.c: allow for XTS assembler implementation. 2011-11-15 12:18:40 +00:00
Ben Laurie
ae55176091 Fix some warnings caused by __owur. Temporarily (I hope) remove the more 
aspirational __owur annotations.
 2011-11-14 00:36:10 +00:00
Andy Polyakov
32268b183f e_aes.c: additional sanity check in aes_xts_cipher. 2011-11-12 13:26:36 +00:00
Andy Polyakov
60d4e99cf3 bsaes-x86_64.pl: add bsaes_xts_[en|de]crypt. 2011-11-10 22:41:31 +00:00
Andy Polyakov
9a480169cd e_aes.c: fold aesni_xts_cipher and [most importantly] fix aes_xts_cipher's 
return value after custom flag was rightly reverted.
 2011-11-06 19:48:39 +00:00
Andy Polyakov
a75a52a43e bsaes-x86_64.pl: add CBC decrypt and engage it in e_aes.c. 2011-10-30 12:15:56 +00:00
Andy Polyakov
f2784994ec e_aes.c: fold even aesni_ccm_cipher. 2011-10-24 06:00:06 +00:00
Andy Polyakov
507b0d9d38 e_aes.c: prevent potential DoS in aes_gcm_tls_cipher. 2011-10-23 22:58:40 +00:00
Dr. Stephen Henson
f59a5d6079 No need for custom flag in XTS mode: block length is 1. 2011-10-23 17:06:28 +00:00
Andy Polyakov
07904e0c6c evp/e_aes.c: fold AES-NI modes that heavily rely on indirect calls 
(trade 2% small-block performance), engage bit-sliced AES in GCM.
 2011-10-18 13:37:26 +00:00
Andy Polyakov
e2473dcc7d c_allc.c: add aes-xts to loop. 2011-10-18 07:53:50 +00:00
Andy Polyakov
993adc0531 Engage bsaes-x86_64.pl, bit-sliced AES. 2011-10-17 17:10:54 +00:00
Andy Polyakov
027026df9f e_aes.c: fix bug in aesni_gcm_tls_cipher. 2011-10-14 09:32:06 +00:00
Bodo Möller
bf6d2f986d Make CTR mode behaviour consistent with other modes: 
- clear ctx->num in EVP_CipherInit_ex
- adapt e_eas.c changes from http://cvs.openssl.org/chngview?cn=19816
  for eng_aesni.c

Submitted by: Emilia Kasper
 2011-10-13 13:41:34 +00:00
Dr. Stephen Henson
3231e42d72 update pkey method initialisation and copy 2011-10-11 18:15:31 +00:00
Dr. Stephen Henson
819cf4b886 Sync error codes with 1.0.1-stable. 2011-09-17 00:17:46 +00:00
Andy Polyakov
8ca28da0a7 Integrate Vector Permutation AES into build system. 2011-09-15 20:22:59 +00:00
Bodo Möller
ae53b299fa make update 2011-09-05 09:46:15 +00:00
Bodo Möller
f0ecb86666 Fix error codes. 2011-09-05 09:42:34 +00:00
Dr. Stephen Henson
5e92fd244c Stop warnings. 2011-09-01 14:15:47 +00:00
Dr. Stephen Henson
d77a970669 PR: 2588 
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Close file pointer.
 2011-09-01 13:49:16 +00:00
Dr. Stephen Henson
7daf0efad9 Fix warning. 2011-08-25 19:50:51 +00:00
Andy Polyakov
c608171d9c Add RC4-MD5 and AESNI-SHA1 "stitched" implementations. 2011-08-23 20:51:38 +00:00
Dr. Stephen Henson
ab1ec69843 aesni TLS GCM support 2011-08-11 23:06:19 +00:00
Dr. Stephen Henson
28dd49faec Expand range of ctrls for AES GCM to support retrieval and setting of 
invocation field.

Add complete support for AES GCM ciphersuites including all those in
RFC5288 and RFC5289.
 2011-08-03 15:37:22 +00:00