Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: 0113ec8460a918f8bc782130db8f75540b3b1ab2 https://github.openssl.org/openssl/openssl/commit/0113ec8460a918f8bc782130db8f75540b3b1ab2 Author: Todd Short <tsh...@akamai.com> Date: 2022-07-29 (Fri, 29 Jul 2022)
Changed paths: M .github/workflows/run-checker-ci.yml M apps/speed.c M crypto/modes/gcm128.c M doc/man3/EVP_EncryptInit.pod M include/crypto/modes.h M include/openssl/core_names.h M include/openssl/evp.h M providers/defltprov.c M providers/implementations/ciphers/build.info A providers/implementations/ciphers/cipher_aes_gcm_siv.c A providers/implementations/ciphers/cipher_aes_gcm_siv.h A providers/implementations/ciphers/cipher_aes_gcm_siv_hw.c A providers/implementations/ciphers/cipher_aes_gcm_siv_polyval.c M providers/implementations/include/prov/implementations.h M providers/implementations/include/prov/names.h M test/evp_test.c M test/recipes/30-test_evp.t A test/recipes/30-test_evp_data/evpciph_aes_gcm_siv.txt Log Message: ----------- Implement AES-GCM-SIV (RFC8452) Fixes #16721 This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could not get AES-CTR to work as-is), and GHASH to implement POLYVAL. Optimally, there would be separate polyval assembly implementation(s), but the only one I could find (and it was SSE2 x86_64 code) was not Apache 2.0 licensed. This implementation lives only in the default provider; there is no legacy implementation. The code offered in #16721 is not used; that implementation sits on top of OpenSSL, this one is embedded inside OpenSSL. Full test vectors from RFC8452 are included, except the 0 length plaintext; that is not supported; and I'm not sure it's worthwhile to do so. Reviewed-by: Hugo Landau <hlan...@openssl.org> Reviewed-by: Tomas Mraz <to...@openssl.org> Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18693)