boringssl/crypto/err
David Benjamin b529253bea Implement scrypt from RFC 7914.
This imports upstream's scrypt implementation, though it's been heavily
revised. I lost track of words vs. blocks vs. bigger blocks too many
times in the original code and introduced a typedef for the fixed-width
Salsa20 blocks. The downside is going from bytes to blocks is a bit
trickier, so I took advantage of our little-endian assumption.

This also adds an missing check for N < 2^32. Upstream's code is making
this assumption in Integerify. I'll send that change back upstream. I've
also removed the weird edge case where a NULL out_key parameter means to
validate N/r/p against max_mem and nothing else. That's just in there to
get a different error code out of their PKCS#12 code.

Performance-wise, the cleanup appears to be the same (up to what little
precision I was able to get here), but an optimization to use bitwise
AND rather than modulus makes us measurably faster. Though scrypt isn't
a fast operation to begin with, so hopefully it isn't anyone's
bottleneck.

This CL does not route scrypt up to the PKCS#12 code, though we could
write our own version of that if we need to later.

BUG=chromium:731993

Change-Id: Ib2f43344017ed37b6bafd85a2c2b103d695020b8
Reviewed-on: https://boringssl-review.googlesource.com/17084
Reviewed-by: Adam Langley <agl@google.com>
2017-06-12 20:32:21 +00:00
..
asn1.errordata Align with upstream's error strings, take two. 2016-03-15 16:02:12 +00:00
bio.errordata
bn.errordata Update BN_enhanced_miller_rabin_primality_test to enforce preconditions and accept BN_prime_checks. 2017-04-21 22:24:01 +00:00
cipher.errordata Enforce incrementing counter for TLS 1.2 AES-GCM. 2017-05-26 20:06:36 +00:00
CMakeLists.txt Move PKCS#7 functions into their own directory. 2017-04-19 17:24:51 +00:00
conf.errordata Fix out-of-memory condition in conf. 2017-03-21 16:19:22 +00:00
dh.errordata Reimplement PKCS #3 DH parameter parsing with crypto/bytestring. 2016-05-09 19:36:41 +00:00
digest.errordata Decouple PKCS#12 hash lookup from the OID table. 2017-03-25 21:22:50 +00:00
dsa.errordata Reimplement DSA parsing logic with crypto/asn1. 2016-02-17 00:26:01 +00:00
ec.errordata Fix check_fips for public keys and synchronize the EC and RSA versions. 2017-04-13 17:33:40 +00:00
ecdh.errordata
ecdsa.errordata
engine.errordata
err_data_generate.go Make err_data_generator.go silent by default. 2016-04-18 19:42:15 +00:00
err_test.cc Convert err_test to GTest. 2017-02-10 17:38:22 +00:00
err.c Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
evp.errordata Implement scrypt from RFC 7914. 2017-06-12 20:32:21 +00:00
hkdf.errordata
obj.errordata
pem.errordata
pkcs7.errordata Move PKCS#7 functions into their own directory. 2017-04-19 17:24:51 +00:00
pkcs8.errordata Update pkcs8 error data. 2017-03-23 15:07:28 +00:00
rsa.errordata Add RSA_check_fips to support public key validation checks. 2017-04-12 20:00:30 +00:00
ssl.errordata Enforce max_early_data_size on the server. 2017-04-19 17:21:01 +00:00
x509.errordata Teach crypto/x509 how to verify an Ed25519 signature. 2017-04-05 23:35:30 +00:00
x509v3.errordata