- Sep 07, 2019
-
-
Bernd Edlinger authored
This leaves VPAES and AESNI support. The VPAES performance is comparable but BSAES is not completely constant time. There are table lookups using secret key data in AES_set_encrypt/decrypt_key and in ctr mode short data uses the non-constant time AES_encrypt function instead of bit-slicing. Furthermore the AES_ASM is by far outperformed by recent GCC versions. Since BSAES calls back to AES_ASM for short data blocks the performance on those is also worse than the pure software implementaion. Fixes: #9640 Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9675)
-
- Aug 08, 2019
-
-
Shane Lontis authored
Note a flag needed to be added since some ssl tests fail if they output any error (even if the error is ignored). Only ciphers that handle the GET_IV_LEN control set this flag. Fixes #8330 Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9499)
-
- Jun 24, 2019
-
-
Pauli authored
Reviewed-by:
-
Pauli authored
This feature is enabled by default outside of FIPS builds which ban such actions completely. Encryption is always disallowed and will generate an error. Reviewed-by:
Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9112) (cherry picked from commit 2c840201e57e27fa9f1b26a970270a91813e32fe)
-
- May 28, 2019
-
-
Richard Levitte authored
Reviewed-by:
-
- May 22, 2019
-
-
Patrick Steuer authored
67c81ec311 forgot about s390x Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8971) (cherry picked from commit 887e22dd8b6f054e39b2d20fc8870eaba7fc61a8)
-
- May 08, 2019
-
-
Tobias Nießen authored
This change allows to pass the authentication tag after specifying the AAD in CCM mode. This is already true for the other two supported AEAD modes (GCM and OCB) and it seems appropriate to match the behavior. GCM and OCB also support to set the tag at any point before the call to `EVP_*Final`, but this won't work for CCM due to a restriction imposed by section 2.6 of RFC3610: The tag must be set before actually decrypting data. This commit also adds a test case for setting the tag after supplying plaintext length and AAD. Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
-
- Sep 21, 2018
-
-
agnosticdev authored
Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7277) (cherry picked from commit 46d08509)
-
- Jul 12, 2018
-
-
Patrick Steuer authored
Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
Andy Polyakov <appro@openssl.org>
-
- Jun 03, 2018
-
-
Andy Polyakov authored
Even though calls can be viewed as styling improvement, they do come with cost. It's not big cost and shows only on short inputs, but it is measurable, 2-3% on some platforms. Reviewed-by:
-
- Apr 03, 2018
-
-
Rich Salz authored
Almost all *alloc failures now set an error code. Reviewed-by:
-
- Mar 28, 2018
-
-
Patrick Steuer authored
... to compute s390x aes function code from keylength. Signed-off-by:
-
Patrick Steuer authored
Signed-off-by:
-
Patrick Steuer authored
Signed-off-by:
-
Patrick Steuer authored
Signed-off-by:
-
Patrick Steuer authored
Signed-off-by:
-
- Mar 19, 2018
-
-
Kurt Roeckx authored
Since the public and private DRBG are per thread we don't need one per ssl object anymore. It could also try to get entropy from a DRBG that's really from an other thread because the SSL object moved to an other thread. Reviewed-by:
-
- Mar 15, 2018
-
-
Dr. Matthias St. Pierre authored
Fixes #4403 This commit moves the internal header file "internal/rand.h" to <openssl/rand_drbg.h>, making the RAND_DRBG API public. The RAND_POOL API remains private, its function prototypes were moved to "internal/rand_int.h" and converted to lowercase. Documentation for the new API is work in progress on GitHub #5461. Reviewed-by:
-
- Feb 28, 2018
-
-
Kurt Roeckx authored
Reviewed-by:
-
- Feb 23, 2018
-
-
Bernd Edlinger authored
Reviewed-by:
-
- Feb 06, 2018
-
-
Patrick Steuer authored
Signed-off-by:
-
Patrick Steuer authored
Signed-off-by:
-
- Jan 09, 2018
-
-
Richard Levitte authored
Reviewed-by:
-
- Jan 07, 2018
-
-
Patrick Steuer authored
Signed-off-by:
-
- May 11, 2017
-
-
Bernd Edlinger authored
- Mostly missing fall thru comments - And uninitialized value used in sslapitest.c Reviewed-by:
-
- Feb 08, 2017
-
-
Dr. Stephen Henson authored
Reviewed-by:
-
- Feb 07, 2017
-
-
Bernd Edlinger authored
or EVP_CTRL_INIT/EVP_CTRL_COPY was not called or failed. If that happens in EVP_CipherInit_ex/EVP_CIPHER_CTX_copy set cipher = NULL, aes_gcm_cleanup should check that gctx != NULL before calling OPENSSL_cleanse. Reviewed-by:
-
- Jan 26, 2017
-
-
Andy Polyakov authored
Originally a crash in 32-bit build was reported CHACHA20-POLY1305 cipher. The crash is triggered by truncated packet and is result of excessive hashing to the edge of accessible memory. Since hash operation is read-only it is not considered to be exploitable beyond a DoS condition. Other ciphers were hardened. Thanks to Robert Święcki for report. CVE-2017-3731 Reviewed-by:
-
- Jan 25, 2017
-
-
Matt Caswell authored
When doing in place encryption the overlapping buffer check can fail incorrectly where we have done a partial block "Update" operation. This fixes things to take account of any pending partial blocks. Reviewed-by:
-
Matt Caswell authored
If we have previously been passed a partial block in an "Update" call then make sure we properly increment the output buffer when we use it. Fixes #2273 Reviewed-by:
-
Matt Caswell authored
Lots of references to 16 replaced by AES_BLOCK_SIZE. Also a few other style tweaks in that function Reviewed-by:
-
- Oct 18, 2016
-
-
Patrick Steuer authored
crypto/evp/e_aes.c: Types of inp and out parameters of AES_xts_en/decrypt functions need to be changed from char to unsigned char to avoid build error due to '-Werror=incompatible-pointer-types'. crypto/aes/asm/aes-s390x.pl: Comments need to reflect the above change. Signed-off-by:
Patrick Steuer <psteuer@mail.de> Reviewed-by:
-
- Jul 16, 2016
-
-
Andy Polyakov authored
Reviewed-by:
-
- Jun 14, 2016
-
-
Andy Polyakov authored
Reviewed-by:
-
- May 24, 2016
-
-
Todd Short authored
This compiles correctly, but depending on what may be defined, it's possible that this could fail compilation. The braces are mismatched, and it's possible to end up with an else followed by another else. This presumes the indentation is mostly correct and indicative of intent. Found via static analysis. Reviewed-by:
-
- May 17, 2016
-
-
Rich Salz authored
Reviewed-by:
-
- May 02, 2016
-
-
Andy Polyakov authored
This macro was defined by no-longer-supported __MWERKS__ compiler. Reviewed-by:
-
- Apr 20, 2016
-
-
Andy Polyakov authored
Reviewed-by:
-
- Apr 13, 2016
-
-
Matt Caswell authored
no-aes is no longer a Configure option and therefore the OPENSSL_NO_AES guards can be removed. Reviewed-by:
-
- Mar 20, 2016
-
-
Rich Salz authored
Don't have #error statements in header files, but instead wrap the contents of that file in #ifndef OPENSSL_NO_xxx This means it is now always safe to include the header file. Reviewed-by:
-
