boringssl/crypto
Adam Langley df447ba3a9 Add generic AES-GCM-SIV support.
AES-GCM-SIV is an AEAD with nonce-misuse resistance. It can reuse
hardware support for AES-GCM and thus encrypt at ~66% the speed, and
decrypt at 100% the speed, of AES-GCM.

See https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-02

This implementation is generic, not optimised, and reuses existing AES
and GHASH support as much as possible. It is guarded by !OPENSSL_SMALL,
at least for now.

Change-Id: Ia9f77b256ef5dfb8588bb9ecfe6ee0e827626f57
Reviewed-on: https://boringssl-review.googlesource.com/12541
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-12-07 00:13:50 +00:00
..
aes aes/asm/aesp8-ppc.pl: improve [backward] portability. 2016-11-10 16:20:02 +00:00
asn1 Don't leak memory on ASN1_GENERALIZEDTIME_adj() error path 2016-11-10 16:17:29 +00:00
base64 Use C99 for size_t loops. 2016-09-12 19:44:24 +00:00
bio Remove the last of BIO_print_errors. 2016-11-03 16:44:32 +00:00
bn Check for BN_lshift failure in BN_sqrt. 2016-11-29 00:55:56 +00:00
buf Add BUF_MEM_reserve. 2016-05-18 19:09:06 +00:00
bytestring Add CBS_get_any_asn1. 2016-10-03 18:36:14 +00:00
chacha Use fewer macros in C ChaCha implementation. 2016-09-13 01:56:09 +00:00
cipher Add generic AES-GCM-SIV support. 2016-12-07 00:13:50 +00:00
cmac Replace Scoped* heap types with bssl::UniquePtr. 2016-09-01 22:22:54 +00:00
conf Add a no-op |OPENSSL_no_config|. 2016-10-19 19:43:35 +00:00
curve25519 Add ED25519_keypair_from_seed. 2016-11-03 17:30:30 +00:00
des Fix up macros. 2016-10-18 18:28:23 +00:00
dh Fold stack-allocated types into headers. 2016-09-07 21:50:05 +00:00
digest Fix up macros. 2016-10-18 18:28:23 +00:00
dsa Add various 1.1.0 accessors. 2016-08-10 16:52:15 +00:00
ec signed char => int8_t. 2016-11-29 01:03:52 +00:00
ecdh Const-correct ECDH_compute_key. 2016-10-09 17:53:19 +00:00
ecdsa Replace Scoped* heap types with bssl::UniquePtr. 2016-09-01 22:22:54 +00:00
engine Remove trailing ';' from macros 2016-09-12 19:17:26 +00:00
err Parse the entire PSK extension. 2016-12-01 21:53:13 +00:00
evp Use C99 for size_t loops. 2016-09-12 19:44:24 +00:00
hkdf Adding ARRAY_SIZE macro for getting the size of constant arrays. 2016-08-19 19:30:39 +00:00
hmac Use C99 for size_t loops. 2016-09-12 19:44:24 +00:00
lhash Use C99 for size_t loops. 2016-09-12 19:44:24 +00:00
md4 Fix up macros. 2016-10-18 18:28:23 +00:00
md5 Fix up macros. 2016-10-18 18:28:23 +00:00
modes Add generic AES-GCM-SIV support. 2016-12-07 00:13:50 +00:00
newhope Use C99 for size_t loops. 2016-09-12 19:44:24 +00:00
obj Rename the |dont_return_name| flag of |OBJ_obj2txt| to |always_return_oid|. 2016-08-10 17:18:25 +00:00
pem Reject inappropriate private key encryption ciphers. 2016-05-03 16:30:08 +00:00
perlasm Add PPC64LE assembly for AES-GCM. 2016-09-27 18:43:20 +00:00
pkcs8 Use C99 for size_t loops. 2016-09-12 19:44:24 +00:00
poly1305 Always assume little-endian in Poly1305 reference code. 2016-11-10 22:34:03 +00:00
pool Add missing include. 2016-10-28 19:56:32 +00:00
rand Enable getrandom for entropy gathering. 2016-12-06 19:37:08 +00:00
rc4 Simplify RC4 code and remove assembly. 2016-08-30 15:32:31 +00:00
rsa Use C99 for size_t loops. 2016-09-12 19:44:24 +00:00
sha Sync with upstream's version of sha256-armv4.pl. 2016-11-30 17:37:24 +00:00
stack Use C99 for size_t loops. 2016-09-12 19:44:24 +00:00
test C++ crypto/test/malloc.cc more. 2016-10-14 16:01:26 +00:00
x509 Fix x509v3_cache_extensions locking. 2016-12-05 23:12:49 +00:00
x509v3 Fix x509v3_cache_extensions locking. 2016-12-05 23:12:49 +00:00
CMakeLists.txt Add CRYPTO_BUFFER and CRYPTO_BUFFER_POOL. 2016-10-27 22:55:55 +00:00
constant_time_test.c
cpu-aarch64-linux.c Rewrite ARM feature detection. 2016-03-26 04:54:44 +00:00
cpu-arm-linux.c Make CRYPTO_is_NEON_capable aware of the buggy CPU. 2016-04-28 16:42:21 +00:00
cpu-arm.c Rewrite ARM feature detection. 2016-03-26 04:54:44 +00:00
cpu-intel.c Wrap MSVC-only warning pragmas in a macro. 2016-06-09 21:29:36 +00:00
cpu-ppc64le.c Add PPC64LE assembly for AES-GCM. 2016-09-27 18:43:20 +00:00
crypto.c Add PPC64LE assembly for AES-GCM. 2016-09-27 18:43:20 +00:00
ex_data.c Use C99 for size_t loops. 2016-09-12 19:44:24 +00:00
internal.h Add PPC64LE assembly for AES-GCM. 2016-09-27 18:43:20 +00:00
mem.c Remove a clang-cl workaround that's no longer needed. 2016-10-25 21:10:52 +00:00
refcount_c11.c
refcount_lock.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
refcount_test.c
thread_none.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
thread_pthread.c Use pthreads on MinGW. 2016-09-20 22:25:14 +00:00
thread_test.c Wrap MSVC-only warning pragmas in a macro. 2016-06-09 21:29:36 +00:00
thread_win.c Use pthreads on MinGW. 2016-09-20 22:25:14 +00:00
thread.c Remove a bunch of unnecessary includes. 2016-06-28 20:31:14 +00:00
time_support.c