#
0113ec84 |
| 28-Apr-2022 |
Todd Short |
Implement AES-GCM-SIV (RFC8452) Fixes #16721 This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could not get AES-CTR to work as-is), and GHASH to implement
Implement AES-GCM-SIV (RFC8452) Fixes #16721 This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could not get AES-CTR to work as-is), and GHASH to implement POLYVAL. Optimally, there would be separate polyval assembly implementation(s), but the only one I could find (and it was SSE2 x86_64 code) was not Apache 2.0 licensed. This implementation lives only in the default provider; there is no legacy implementation. The code offered in #16721 is not used; that implementation sits on top of OpenSSL, this one is embedded inside OpenSSL. Full test vectors from RFC8452 are included, except the 0 length plaintext; that is not supported; and I'm not sure it's worthwhile to do so. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18693)
show more ...
|
#
186be8ed |
| 28-Jul-2022 |
Tomas Mraz |
Fix regression from GCM mode refactoring Fixes #18896 Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/
Fix regression from GCM mode refactoring Fixes #18896 Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18903)
show more ...
|
#
48e35b99 |
| 25-Jul-2022 |
Juergen Christ |
s390x: Fix GCM setup Rework of GCM code did not include s390x causing NULL pointer dereferences on GCM operations other than AES-GCM on platforms that support kma. Fix this by a pro
s390x: Fix GCM setup Rework of GCM code did not include s390x causing NULL pointer dereferences on GCM operations other than AES-GCM on platforms that support kma. Fix this by a proper setup of the function pointers. Fixes: 92c9086e5c2b ("Use separate function to get GCM functions") Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18862)
show more ...
|
#
d50e0934 |
| 20-Jul-2022 |
Todd Short |
Clean up GCM_MUL and remove GCM_FUNCREF_4BIT Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pu
Clean up GCM_MUL and remove GCM_FUNCREF_4BIT Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18835)
show more ...
|
#
95201ef4 |
| 20-Jul-2022 |
Todd Short |
Clean up use of GHASH macro Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18835)
|
#
92c9086e |
| 20-Jul-2022 |
Todd Short |
Use separate function to get GCM functions Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull
Use separate function to get GCM functions Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18835)
show more ...
|
#
7da952bc |
| 20-Jul-2022 |
Todd Short |
Remove some unused 4bit GCM code Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18835)
|
#
7b6e19fc |
| 20-Jul-2022 |
Todd Short |
Remove unused 1bit GCM implementation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1883
Remove unused 1bit GCM implementation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18835)
show more ...
|
#
a8b5128f |
| 20-Jul-2022 |
Todd Short |
Remove unused 8bit GCM implementation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1883
Remove unused 8bit GCM implementation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18835)
show more ...
|
#
36c269c3 |
| 15-May-2022 |
Daniel Fiala |
Change loops conditions to make zero loop risk more obvious. Fixes openssl#18073. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Rev
Change loops conditions to make zero loop risk more obvious. Fixes openssl#18073. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18327)
show more ...
|
#
999376dc |
| 28-Jan-2022 |
Henry Brausen |
Add clmul-based gmult for riscv64 with Zbb, Zbc ghash-riscv64.pl implements 128-bit galois field multiplication for use in the GCM mode using RISC-V carryless multiplication primitives.
Add clmul-based gmult for riscv64 with Zbb, Zbc ghash-riscv64.pl implements 128-bit galois field multiplication for use in the GCM mode using RISC-V carryless multiplication primitives. The clmul-accelerated routine can be selected by setting the Zbb and Zbc bits of the OPENSSL_riscvcap environment variable at runtime. Reviewed-by: Philipp Tomsich <philipp.tomsich@vrull.eu> Signed-off-by: Henry Brausen <henry.brausen@vrull.eu> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17640)
show more ...
|
#
52f7e44e |
| 07-Jul-2021 |
Tomas Mraz |
Split bignum code out of the sparcv9cap.c Fixes #15978 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16019)
|
#
3d178db7 |
| 18-Jun-2021 |
Tomas Mraz |
ppccap.c: Split out algorithm-specific functions Fixes #13336 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15828)
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
8020d79b |
| 11-Mar-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14512)
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
1d724b5e |
| 24-Sep-2020 |
Zhang Jinde |
CRYPTO_gcm128_decrypt: fix mac or tag calculation The incorrect code is in #ifdef branch that is normally not compiled in. Signed-off-by: Zhang Jinde <zjd5536@163.com>
CRYPTO_gcm128_decrypt: fix mac or tag calculation The incorrect code is in #ifdef branch that is normally not compiled in. Signed-off-by: Zhang Jinde <zjd5536@163.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12968)
show more ...
|
Revision tags: OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5 |
|
#
e23d850f |
| 09-Jul-2020 |
Richard Levitte |
Add and use internal header that implements endianness check This moves test/ossl_test_endian.h to include/internal/endian.h and thereby makes the macros in there our standard way to che
Add and use internal header that implements endianness check This moves test/ossl_test_endian.h to include/internal/endian.h and thereby makes the macros in there our standard way to check endianness in run-time. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/12390)
show more ...
|
Revision tags: openssl-3.0.0-alpha4, openssl-3.0.0-alpha3 |
|
#
00c405b3 |
| 04-Jun-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12043)
|
Revision tags: openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6 |
|
#
77286fe3 |
| 24-Apr-2018 |
Bernd Edlinger |
Avoid undefined behavior with unaligned accesses Fixes: #4983 [extended tests] Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/op
Avoid undefined behavior with unaligned accesses Fixes: #4983 [extended tests] Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/6074)
show more ...
|
#
25f2138b |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize private crypto header files Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: W
Reorganize private crypto header files Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: While header files in 'include/internal' are intended to be shared between libcrypto and libssl, the files in 'crypto/include/internal' are intended to be shared inside libcrypto only. To make things complicated, the include search path is set up in such a way that the directive #include "internal/file.h" could refer to a file in either of these two directoroes. This makes it necessary in some cases to add a '_int.h' suffix to some files to resolve this ambiguity: #include "internal/file.h" # located in 'include/internal' #include "internal/file_int.h" # located in 'crypto/include/internal' This commit moves the private crypto headers from 'crypto/include/internal' to 'include/crypto' As a result, the include directives become unambiguous #include "internal/file.h" # located in 'include/internal' #include "crypto/file.h" # located in 'include/crypto' hence the superfluous '_int.h' suffixes can be stripped. The files 'store_int.h' and 'store.h' need to be treated specially; they are joined into a single file. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
#
24fd8541 |
| 24-Aug-2019 |
Bernd Edlinger |
Remove extern declarations of OPENSSL_ia32cap_P Use the header file internal/cryptlib.h instead. Remove checks for OPENSSL_NO_ASM and I386_ONLY in cryptlib.c, to match the checks in
Remove extern declarations of OPENSSL_ia32cap_P Use the header file internal/cryptlib.h instead. Remove checks for OPENSSL_NO_ASM and I386_ONLY in cryptlib.c, to match the checks in other places where OPENSSL_ia32cap_P is used and assumed to be initialized. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/9688)
show more ...
|
#
459b15d4 |
| 15-Jul-2019 |
Shane Lontis |
Add Common shared code needed to move aes ciphers to providers Custom aes ciphers will be placed into multiple new files (instead of the monolithic setup used in the e_aes.c legacy code)
Add Common shared code needed to move aes ciphers to providers Custom aes ciphers will be placed into multiple new files (instead of the monolithic setup used in the e_aes.c legacy code) so it makes sense to have a header for the platform specific code that needs to be shared between files. modes_lcl.h has also moved to modes_int.h to allow sharing with the provider source. Code that will be common to AEAD ciphers has also been added. These will be used by seperate PR's for GCM, CCM & OCB. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9301)
show more ...
|
#
81cae8ce |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in crypto/modes/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pul
Following the license change, modify the boilerplates in crypto/modes/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7803)
show more ...
|
#
fd38836b |
| 20-Jun-2018 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6538)
|
#
c1b2569d |
| 20-May-2018 |
Andy Polyakov |
modes/gcm128.c: coalesce calls to GHASH. On contemporary platforms assembly GHASH processes multiple blocks faster than one by one. For TLS payloads shorter than 16 bytes, e.g. alert
modes/gcm128.c: coalesce calls to GHASH. On contemporary platforms assembly GHASH processes multiple blocks faster than one by one. For TLS payloads shorter than 16 bytes, e.g. alerts, it's possible to reduce hashing operation to single call. And for block lengths not divisible by 16 - fold two final calls to one. Improvement is most noticeable with "reptoline", because call to assembly GHASH is indirect. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6312)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
#
f5791af3 |
| 14-Oct-2017 |
Andy Polyakov |
modes/gcm128.c: harmonize GCM_MUL macro with GHASH. Reviewed-by: Rich Salz <rsalz@openssl.org>
|