boringssl/include/openssl
David Benjamin b529253bea Implement scrypt from RFC 7914.
This imports upstream's scrypt implementation, though it's been heavily
revised. I lost track of words vs. blocks vs. bigger blocks too many
times in the original code and introduced a typedef for the fixed-width
Salsa20 blocks. The downside is going from bytes to blocks is a bit
trickier, so I took advantage of our little-endian assumption.

This also adds an missing check for N < 2^32. Upstream's code is making
this assumption in Integerify. I'll send that change back upstream. I've
also removed the weird edge case where a NULL out_key parameter means to
validate N/r/p against max_mem and nothing else. That's just in there to
get a different error code out of their PKCS#12 code.

Performance-wise, the cleanup appears to be the same (up to what little
precision I was able to get here), but an optimization to use bitwise
AND rather than modulus makes us measurably faster. Though scrypt isn't
a fast operation to begin with, so hopefully it isn't anyone's
bottleneck.

This CL does not route scrypt up to the PKCS#12 code, though we could
write our own version of that if we need to later.

BUG=chromium:731993

Change-Id: Ib2f43344017ed37b6bafd85a2c2b103d695020b8
Reviewed-on: https://boringssl-review.googlesource.com/17084
Reviewed-by: Adam Langley <agl@google.com>
2017-06-12 20:32:21 +00:00
..
aead.h Add EVP_AEAD_CTX_{seal_scatter,open_gather}. 2017-06-09 23:10:49 +00:00
aes.h Replace keywrap AEADs with upstream's APIs. 2016-10-04 01:37:31 +00:00
arm_arch.h
asn1_mac.h Purge the remainder of asn1_mac.h. 2016-08-03 21:37:31 +00:00
asn1.h Remove some dead code from crypto/asn1. 2017-06-09 19:58:38 +00:00
asn1t.h Document support status of the legacy ASN.1 code. 2017-06-09 19:27:33 +00:00
base64.h Replace base64 decoding. 2016-05-26 17:59:10 +00:00
base.h Delete some dead code from crypto/x509. 2017-06-09 19:58:08 +00:00
bio.h Convert stack.h to use inline functions. 2017-05-22 15:06:04 +00:00
blowfish.h
bn.h Downgrade BN_kronecker to bn_jacobi and unexport. 2017-04-27 20:29:47 +00:00
buf.h Fold stack-allocated types into headers. 2016-09-07 21:50:05 +00:00
buffer.h
bytestring.h Convert bytestring_test to GTest. 2017-04-17 14:19:47 +00:00
cast.h
chacha.h Require in == out for in-place encryption. 2016-06-09 19:49:03 +00:00
cipher.h Enforce incrementing counter for TLS 1.2 AES-GCM. 2017-05-26 20:06:36 +00:00
cmac.h Fold stack-allocated types into headers. 2016-09-07 21:50:05 +00:00
conf.h Convert stack.h to use inline functions. 2017-05-22 15:06:04 +00:00
cpu.h Set static armcaps based on __ARM_FEATURE_CRYPTO. 2017-06-09 00:29:10 +00:00
crypto.h First part of the FIPS module. 2017-04-07 00:05:34 +00:00
curve25519.h Import additional test vectors from RFC 8032. 2017-03-30 16:28:55 +00:00
des.h
dh.h Remove ex_data's dup hook. 2017-05-23 22:43:59 +00:00
digest.h Decouple PKCS#12 hash lookup from the OID table. 2017-03-25 21:22:50 +00:00
dsa.h Remove ex_data's dup hook. 2017-05-23 22:43:59 +00:00
dtls1.h
ec_key.h Remove ex_data's dup hook. 2017-05-23 22:43:59 +00:00
ec.h Fix check_fips for public keys and synchronize the EC and RSA versions. 2017-04-13 17:33:40 +00:00
ecdh.h Const-correct ECDH_compute_key. 2016-10-09 17:53:19 +00:00
ecdsa.h ECDSA: const EC_KEY* arguments where possible. 2017-02-18 06:22:01 +00:00
engine.h Fold stack-allocated types into headers. 2016-09-07 21:50:05 +00:00
err.h Document ERR_error_string_n standalone. 2017-04-27 20:26:22 +00:00
evp.h Implement scrypt from RFC 7914. 2017-06-12 20:32:21 +00:00
ex_data.h Remove ex_data's dup hook. 2017-05-23 22:43:59 +00:00
hkdf.h Const-correct HKDF_expand. 2016-07-16 07:55:19 +00:00
hmac.h Fold stack-allocated types into headers. 2016-09-07 21:50:05 +00:00
is_boringssl.h Ensure consumers set up include paths properly. 2017-04-12 22:42:28 +00:00
lhash_macros.h Add CRYPTO_BUFFER and CRYPTO_BUFFER_POOL. 2016-10-27 22:55:55 +00:00
lhash.h Remove lh_new's default hash and comparator. 2017-01-04 01:44:10 +00:00
md4.h
md5.h
mem.h Fold stack-allocated types into headers. 2016-09-07 21:50:05 +00:00
nid.h Align EVP_PKEY Ed25519 API with upstream. 2017-06-12 12:04:11 +00:00
obj_mac.h Rename obj_mac.h to nid.h and make it a multiply-includable header. 2016-03-31 20:45:35 +00:00
obj.h Spellcheck our public headers. 2017-01-12 18:24:27 +00:00
objects.h
opensslconf.h Disable SSLv3 by default. 2017-04-11 16:38:16 +00:00
opensslv.h
ossl_typ.h
pem.h Delete some dead code from crypto/x509. 2017-06-09 19:58:08 +00:00
pkcs7.h Add PKCS7_get_raw_certificates. 2017-04-19 17:30:31 +00:00
pkcs8.h Decouple PKCS8_encrypt and PKCS8_decrypt's core from crypto/asn1. 2017-03-26 04:00:26 +00:00
pkcs12.h
poly1305.h Revert "Enable upstream's Poly1305 code." 2016-03-29 22:47:11 +00:00
pool.h Convert stack.h to use inline functions. 2017-05-22 15:06:04 +00:00
rand.h Add corpora for fuzzers with fuzzer mode disabled. 2016-11-09 16:53:37 +00:00
rc4.h
ripemd.h
rsa.h Remove ex_data's dup hook. 2017-05-23 22:43:59 +00:00
safestack.h
sha.h Remove SHA_LBLOCK and SHA_LONG. 2017-01-25 23:30:13 +00:00
srtp.h
ssl3.h Prune some dead constants. 2017-04-05 19:15:44 +00:00
ssl.h Remove ex_data's dup hook. 2017-05-23 22:43:59 +00:00
stack.h Convert stack.h to use inline functions. 2017-05-22 15:06:04 +00:00
thread.h Add missing 'does nothing' comments for consistency. 2016-06-28 20:40:45 +00:00
tls1.h Remove experimental TLS 1.3 short record header extension. 2017-03-02 22:39:17 +00:00
type_check.h Get OPENSSL_COMPILE_ASSERT working in function bodies. 2017-01-24 21:30:33 +00:00
x509_vfy.h Delete some dead code from crypto/x509. 2017-06-09 19:58:08 +00:00
x509.h Delete some dead code from crypto/x509. 2017-06-09 19:58:08 +00:00
x509v3.h Delete some dead code from crypto/x509. 2017-06-09 19:58:08 +00:00