aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pk_pad
Commit message (Collapse)AuthorAgeFilesLines
* Remove deprecated hashes MD2, HAS-160, and RIPEMD-128Jack Lloyd2016-09-021-17/+0
|
* Merge GH #554 Add PKCS #1 v1.5 ID for SHA-512/256 signaturesJack Lloyd2016-07-271-0/+8
|\
| * add SHA-512/256 PKCS#1 hash identifierDaniel Neus2016-07-251-0/+8
| |
* | eme / pubkey test improvementsDaniel Neus2016-07-252-11/+13
|/ | | | | | - add test for EME::maximum_input_size() - additionally use maximum_input_size() before pad() in OAEP and PKCS1 (remove code duplication) - prevent C4800 MSVC warning
* Merge GH #504 Add ECKCDSAJack Lloyd2016-06-208-2/+46
|\
| * Add ECKCDSA signature algorithmRené Korthaus2016-06-1410-2/+54
| |
* | remove all uses of EMSA1_BSIDaniel Neus2016-05-021-8/+0
| |
* | remove EMSA1_BSI (no longer recommended by BSI)Daniel Neus2016-04-303-69/+0
|/
* Clean up PK decryption encoding.Jack Lloyd2016-03-207-36/+34
| | | | | | | Previously RSA and ElGamal stripped off leading zeros which were then assumed by the padding decoders. Instead have them produce ciphertexts with leading zeros. Changes EME_Raw to strip leading zeros to match existing behavior.
* Add PK_Decryptor::decrypt_or_randomJack Lloyd2016-03-208-76/+59
| | | | | Performs content checks on the value (expected length, expected bytes) and in constant time returns either the decrypted value or a random value.
* cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵Daniel Neus2016-03-057-7/+7
| | | | explicit.
* Add final attribute to many classesJack Lloyd2016-01-108-9/+9
| | | | | | | In some cases this can offer better optimization, via devirtualization. And it lets the user know the class is not intended for derivation. Some discussion in GH #402
* Mass-prefix member vars with m_René Korthaus2016-01-086-28/+28
|
* Export mgf1_mask GH #380Jack Lloyd2015-12-251-3/+3
|
* TLS improvementsJack Lloyd2015-10-251-2/+1
| | | | | | | | | | | | | | Use constant time operations when checking CBC padding in TLS decryption Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes from working: on decode the session id and hello cookie would be swapped, causing confusion between client and server. Various changes in the service of finding the above DTLS bug that should have been done before now anyway - better control of handshake timeouts (via TLS::Policy), better reporting of handshake state in the case of an error, and finally expose the facility for per-message application callbacks.
* Make Montgomery reduction constant time.Jack Lloyd2015-10-242-16/+16
| | | | | | | | | | | | | | It was already close, but the carry loop would break early and selecting which value to copy out was indexed on the borrow bit. Have the carry loop run through, and add a const-time conditional copy operation and use that to copy the output. Convert ct_utils to CT namespace. Templatize the utils, which I was hesitant to do initially but is pretty useful when dealing with arbitrary word sizes. Remove the poison macros, replace with inline funcs which reads cleaner at the call site.
* Cleanups in ct and oaepJack Lloyd2015-10-171-9/+11
| | | | In OAEP expand the const time block to cover MGF1 also
* Make PKCS #1 and OAEP decoding constant time to avoid oracle attacksJack Lloyd2015-10-162-30/+48
| | | | | | | | via timing channels. Add annotations for checking constant-time code using ctgrind to PKCS #1 and OAEP, as well as IDEA and Curve25519 which were already written as constant time code.
* Remove use of lookup.h in favor of new T::create API.Jack Lloyd2015-09-213-10/+7
|
* Internal header cleanupsJack Lloyd2015-09-197-50/+17
| | | | Only user-visible change is the removal of get_byte.h
* Handle dependencies re static linking. GH #279Jack Lloyd2015-09-171-0/+1
| | | | | | | | | | | | | | Previously we were hanging on the type destructors to pull in the relevant objects. However that fails in many simple cases where the object is never deleted. For every type involved in the algo registry add static create and providers functions to access the algo registry. Modify lookup.h to be inline and call those functions, and move a few to sub-headers (eg, get_pbkdf going to pbkdf.h). So accessing the registry involves going through the same file that handles the initialization, so there is no way to end up with missing objs.
* Fix pbkdf, pk padding and ECDH registration for static linking.Jack Lloyd2015-09-1115-75/+122
| | | | | | | | With this change the tests pass when linked against a static library built in the normal (non-amalgamation) fashion. Remove the restriction in configure.py, and have circleci build the clang static build as a non-amalg.
* Remove alloc module; move secmem.h to base and locking_allocator to utilsJack Lloyd2015-08-291-1/+0
|
* pk_pad: Add missing overridesDaniel Seither2015-07-309-34/+34
|
* Fix typosSimon Warta2015-07-241-4/+4
| | | | Thanks to @vlajos https://github.com/vlajos/misspell_fixer
* Fix module combi: adler32,eme_rawSimon Warta2015-07-081-2/+0
|
* Fix module combi: adler32,eme_oaepSimon Warta2015-07-085-3/+2
|
* lib/pk_pad: Convert &vec[0] to vec.data()Daniel Seither2015-06-207-20/+20
|
* In PK encrypt/decrypt move pad calls to the operation. This allows anlloyd2015-03-143-0/+66
| | | | | | | | | op to use a padding scheme outside of our knowledge or control, for instance an OpenSSL RSA op which uses OpenSSL's padding code. Similar change for key agreement and KDFs for the same reason. Add an EME_Raw type; previously this operation was implicit in the code in pubkey.cpp
* Hide Algorithm_Factory and use the functions in lookup.h internally.lloyd2015-03-043-11/+12
| | | | | | Fix two memory leaks (in TLS and modes) caused by calling get_foo and then cloning the result before saving it (leaking the original object), a holdover from the conversion between construction techniques in 1.11.14
* Clean up root dir, remove some unneeded dependencieslloyd2015-02-057-18/+0
|
* Remove algo factory, engines, global RNG, global state, etc.lloyd2015-02-042-4/+4
| | | | | | | | | | | | | | | Convert all uses of Algorithm_Factory and the engines to using Algo_Registry The shared pool of entropy sources remains but is moved to EntropySource. With that and few remaining initializations (default OIDs and aliases) moved elsewhere, the global state is empty and init and shutdown are no-ops. Remove almost all of the headers and code for handling the global state, except LibraryInitializer which remains as a compatability stub. Update seeding for blinding so only one hacky almost-global RNG instance needs to be setup instead of across all pubkey uses (it uses either the system RNG or an AutoSeeded_RNG if the system RNG is not available).
* Convert PK operations to using Algo_Registry instead of Engine.lloyd2015-02-032-2/+13
| | | | Remove global PRNG.
* Add missing files. Remove cipher lookup from engine code.lloyd2015-02-012-1/+46
|
* Use registry also for KDF, EMSA, and EMElloyd2015-01-3114-112/+84
|
* Use registry for streams and MACs. Start updating callers.lloyd2015-01-311-12/+11
|
* Ensure all files have copyright and license info.lloyd2015-01-1024-24/+24
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* Support 0 length salts in PSSR. Bugzilla 268lloyd2014-03-272-3/+12
|
* More fixes for minified buildslloyd2014-02-091-2/+5
|
* Guess I won't be needing theselloyd2014-01-184-4/+0
|
* More unique_ptr, and pull <memory> all the way up to types.hlloyd2014-01-185-34/+21
|
* Rename the various pubkey padding schemes to match the common names.lloyd2014-01-1821-367/+301
| | | | Way back when, following IEEE 1363 naming seemed like a good idea. But not so much.
* More unique_ptr, also cleanup MGF1 usagelloyd2014-01-189-38/+105
|
* Split up docs into the reference manual, the website, and everything else.lloyd2014-01-101-2/+2
| | | | | | | | | | | Add `website` target to makefile. Some progress towards fixing minimized builds. TLS now hard requires ECDSA and GCM since otherwise a minimized build has only insecure options. Remove boost_thread dependency in command line tool
* Move lib into srclloyd2014-01-1032-0/+1749