wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10783 commits 20 branches 302 tags 153 MiB
Commit graph

678 commits

Author SHA1 Message Date
Andy Polyakov
fcc6f699e3 evp/e_aes_cbc_hmac_sha*.c: improve cache locality. 
(cherry picked from commit 9587429fa0)
 2014-02-13 14:41:10 +01:00
Dr. Stephen Henson
f407eec799 make update 2014-02-06 14:31:09 +00:00
Andy Polyakov
41cf2d2518 evp/e_aes_cbc_hmac_sha[1|256].c: add multi-block implementations [from master]. 2014-02-05 19:52:38 +01:00
Andy Polyakov
9071b36d9a Add AES-NI+SHA256 stitch registrations (from master). 2014-02-02 00:05:02 +01:00
Andy Polyakov
50f1b47c7f PPC assembly pack: jumbo update from master. 
Add Vector Permutation AES and little-endian support.
 2014-02-01 21:48:31 +01:00
Dr. Stephen Henson
ff64ab32ae Ignore NULL parameter in EVP_MD_CTX_destroy. 
(cherry picked from commit a6c62f0c25)
 2013-12-20 23:24:26 +00:00
Andy Polyakov
68e6ac4379 evp/e_[aes|camellia].c: fix typo in CBC subroutine. 
It worked because it was never called.
(cherry picked from commit e9c80e04c1)
 2013-12-18 22:56:24 +01:00
Andy Polyakov
b76310ba74 ARM assembly pack: AES update from master (including bit-sliced module). 2013-12-09 23:44:45 +01:00
Dr. Stephen Henson
bc35b8e435 make update 2013-12-01 23:09:44 +00:00
Dr. Stephen Henson
1abfa78a8b Constify. 2013-11-14 21:00:40 +00:00
Andy Polyakov
ca44f72938 Make Makefiles OSF-make-friendly. 
PR: 3165
(cherry picked from commit d1cf23ac86)
 2013-11-12 21:53:39 +01:00
Dr. Stephen Henson
18f49508a5 Fix memory leak. 
(cherry picked from commit 16bc45ba95)
 2013-11-11 23:55:18 +00:00
Dr. Stephen Henson
a4947e4e06 Initialise context before using it. 2013-11-06 13:16:50 +00:00
Ben Laurie
262f1c524e PBKDF2 should be efficient. Contributed by Christian Heimes 
<christian@python.org>.
 2013-11-03 17:27:12 +00:00
Andy Polyakov
c99028f252 evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms. 
Submitted by: Yuriy Kaminskiy
(cherry picked from commit 524b00c0da)
 2013-10-05 21:09:50 +01:00
Dr. Stephen Henson
e1e6c4dae7 Algorithm parameter support. 
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
(cherry picked from commit e61f5d55bc)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
8c798690ce CMS support for key agreeement recipient info. 
Add hooks to support key agreement recipient info type (KARI) using
algorithm specific code in the relevant public key ASN1 method.
(cherry picked from commit 17c2764d2e)
 2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
d6dc5c506a Add control to retrieve signature MD. 
(cherry picked from commit 810639536c)
 2013-10-01 14:01:17 +01:00
Dr. Stephen Henson
c6f3386577 EVP support for wrapping algorithms. 
Add support for key wrap algorithms via EVP interface.

Generalise AES wrap algorithm and add to modes, making existing
AES wrap algorithm a special case.

Move test code to evptests.txt
(cherry picked from commit 97cf1f6c28)

Conflicts:

	CHANGES
 2013-10-01 14:01:17 +01:00
Andy Polyakov
cf65a07256 evptests.txt: add XTS test vectors 
(cherry picked from commit c9a8e3d1c7)
 2013-10-01 14:01:17 +01:00
Andy Polyakov
051dc9db2b evptests.txt: additional GCM test vectors. 
(cherry picked from commit ca303d333b)
 2013-10-01 14:01:17 +01:00
Ben Laurie
93a886b45a Fix warnings. 
(cherry picked from commit 282a480a35)
 2013-10-01 14:01:17 +01:00
Dr. Stephen Henson
ec19082ecc GCM and CCM test support 
Add code to support GCM an CCM modes in evp_test. On encrypt this
will compare the expected ciphertext and tag. On decrypt it will
compare the expected plaintext: tag comparison is done internally.

Add a simple CCM test case and convert all tests from crypto/modes/gcm128.c
(cherry picked from commit 15652f9825)
 2013-10-01 14:01:17 +01:00
Dr. Stephen Henson
0eff7c7c88 Add CCM ciphers to tables. 
(cherry picked from commit 95248de327)
 2013-10-01 14:01:17 +01:00
Andy Polyakov
9dc07f04c3 crypto/evp/e_aes.c: fix logical pre-processor bug and formatting. 
Bug would emerge when XTS is added to bsaes-armv7.pl. Pointed out by
Ard Biesheuvel of Linaro.
(cherry picked from commit 044f63086051d7542fa9485a1432498c39c4d8fa)
 2013-08-03 17:09:37 +02:00
Ben Laurie
e3120586fb Missing prototypes. 2013-06-04 15:14:18 +01:00
Ben Laurie
3941aa12f1 Remove added ;. 2013-06-04 15:05:18 +01:00
Andy Polyakov
a7e9ed95ec evp/e_aes.c: engage SPARC T4 AES support [from master]. 2013-05-20 16:36:53 +02:00
Andy Polyakov
615d0edf1f evp/e_aes.c: engage AES-NI GCM stitch. 2013-05-20 16:30:21 +02:00
Andy Polyakov
e775755dec evp/evp_err.c: update from master. 2013-05-20 16:16:34 +02:00
Andy Polyakov
a1bf7de5a7 evp/e_camellia.c: engage SPARC T5 Camellia support [from master]. 2013-05-20 16:09:13 +02:00
Andy Polyakov
047c02e8db evp/e_des[3].c: engage SPARC T4 DES support. 2013-05-20 16:08:39 +02:00
Andy Polyakov
1ff546737b evp/Makefile: fix typo. 2013-05-19 23:11:03 +02:00
Andy Polyakov
56f0b25754 Add EVP glue to AES-NI SHA256 stich [from master]. 2013-05-19 22:35:37 +02:00
Andy Polyakov
dd1e4fbcc0 e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms. 
PR: 3002
(cherry picked from commit 5c60046553)
 2013-03-18 19:35:20 +01:00
Andy Polyakov
82425f2c28 e_aes_cbc_hmac_sha1.c: align calculated MAC at cache line. 
It also ensures that valgring is happy.
(cherry picked from commit 2141e6f30b)
 2013-02-08 10:35:02 +01:00
Andy Polyakov
af010edd55 e_aes_cbc_hmac_sha1.c: cleanse temporary copy of HMAC secret. 
(cherry picked from commit 529d27ea47)
 2013-02-06 13:56:15 +00:00
Andy Polyakov
5966f4d973 e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues. 
Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
(cherry picked from commit 125093b59f)
 2013-02-06 13:56:15 +00:00
Ben Laurie
fb0a59cc58 Make CBC decoding constant time. 
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bcc)
 2013-02-06 13:56:12 +00:00
Dr. Stephen Henson
75a8ff9263 make update 2013-01-15 16:24:07 +00:00
Dr. Stephen Henson
9a6aff50ff Don't require tag before ciphertext in AESGCM mode 2012-10-16 22:46:32 +00:00
Andy Polyakov
507e5c3a61 e_aes.c: uninitialized variable in aes_ccm_init_key [from HEAD]. 
PR: 2874
Submitted by: Tomas Mraz
 2012-09-15 08:46:08 +00:00
Dr. Stephen Henson
7fbcc2f24a type 2012-07-13 11:17:56 +00:00
Dr. Stephen Henson
1e4a6e7b7f add missing evp_cnf.c file 2012-07-04 13:14:44 +00:00
Dr. Stephen Henson
74d89b0d93 PR: 2840 
Reported by: David McCullough <david_mccullough@mcafee.com>

Restore fips configuration module from 0.9.8.
 2012-07-03 20:20:11 +00:00
Dr. Stephen Henson
e51ec51af9 revert more "version skew" changes that break FIPS builds 2012-06-10 23:02:06 +00:00
Ben Laurie
68d2cf51bc Reduce version skew: trivia (I hope). 2012-06-03 22:03:37 +00:00
Dr. Stephen Henson
1dded7f7e8 Experimental multi-implementation support for FIPS capable OpenSSL. 
When in FIPS mode the approved implementations are used as normal,
when not in FIPS mode the internal unapproved versions are used instead.
This means that the FIPS capable OpenSSL isn't forced to use the
(often lower perfomance) FIPS implementations outside FIPS mode.
 2012-05-13 18:40:12 +00:00
Andy Polyakov
6ca7af9ec0 e_rc4_hmac_md5.c: reapply commit#21726, which was erroneously omitted [from 1.0.1]. 
PR: 2797, 2792
 2012-04-20 21:45:21 +00:00
Dr. Stephen Henson
00bb875240 make ciphers work again for FIPS builds 2012-04-20 00:08:32 +00:00