kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
03c6fa4426
boringssl/crypto/fipsmodule
History
David Benjamin 03c6fa4426 AES-GCM is not defined for empty nonces. 
It shouldn't have been defined for variable-length nonces at all, but so
it goes. EVP_CIPHER rejected this by way of EVP_CTRL_GCM_SET_IVLEN
comparing <= 0, but the EVP_AEAD API did not.

I've done the test in a separate file on the assumption that aead_test
will become GTest shortly, at which point it will be easy to stick extra
tests into the same file as the FileTest ones.

Thanks to Daniel Bleichenbacher and Thanh Bui of Project Wycheproof for
the report.

Change-Id: Ic4616b39a1d7fe74a1f14fb58cccec2ce7c4f2f3
Reviewed-on: https://boringssl-review.googlesource.com/16544
Reviewed-by: Adam Langley <agl@google.com>
2017-05-23 22:36:06 +00:00
..
aes Convert aes_test to GTest. 2017-05-23 22:33:25 +00:00
bn Remove filename argument to x86 asm_init. 2017-05-12 14:58:27 +00:00
cipher AES-GCM is not defined for empty nonces. 2017-05-23 22:36:06 +00:00
des Move des/ to crypto/fipsmodule/ 2017-05-02 19:21:02 +00:00
digest Be less clever about .rel.ro avoidance. 2017-04-07 15:20:26 +00:00
ec fipstools: Add a sample binary that exercises methods from the FIPS module. 2017-05-18 00:00:33 +00:00
ecdsa Tidy up FIPS module dependencies. 2017-05-05 23:10:24 +00:00
hmac First part of the FIPS module. 2017-04-07 00:05:34 +00:00
md4 First part of the FIPS module. 2017-04-07 00:05:34 +00:00
md5 Remove filename argument to x86 asm_init. 2017-05-12 14:58:27 +00:00
modes Remove filename argument to x86 asm_init. 2017-05-12 14:58:27 +00:00
rand Have a single function for FIPS test failures. 2017-05-18 20:33:55 +00:00
rsa fipstools: Add a sample binary that exercises methods from the FIPS module. 2017-05-18 00:00:33 +00:00
sha Remove filename argument to x86 asm_init. 2017-05-12 14:58:27 +00:00
bcm.c Have a single function for FIPS test failures. 2017-05-18 20:33:55 +00:00
CMakeLists.txt Convert aes_test to GTest. 2017-05-23 22:33:25 +00:00
delocate.h Move ec/ and ecdsa/ into fipsmodule/ 2017-05-04 20:27:23 +00:00
FIPS.md Inject FIPS hash without running module. 2017-04-12 23:09:38 +00:00
intcheck1.png First part of the FIPS module. 2017-04-07 00:05:34 +00:00
intcheck2.png Inject FIPS hash without running module. 2017-04-12 23:09:38 +00:00
intcheck3.png First part of the FIPS module. 2017-04-07 00:05:34 +00:00
is_fips.c Move OPENSSL_ASAN to base.h. 2017-05-16 20:16:52 +00:00