Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add a Montgomery exponentiation that takes variable time | Jack Lloyd | 2018-04-09 | 3 | -7/+52 |
| | | | | | | | | In the case of RSA encryption/verification the public exponent is... public. So we don't need to carefully guard against side channels that leak the exponent. Improves RSA verification performance by 50% or more. | ||||
* | Fix bug that broke session decryption (and thus resumption) | Jack Lloyd | 2018-04-09 | 1 | -1/+1 |
| | | | | Introduced in 3657639ab. Add a test that would have caught this | ||||
* | Fix off by one when decoding TLS-CBC ciphertexts | Jack Lloyd | 2018-04-09 | 3 | -27/+30 |
| | |||||
* | Fix interop bug in TLS server | Jack Lloyd | 2018-04-08 | 3 | -0/+33 |
| | | | | | The connection would fail if the client advertised any signature algorithm we did not support (eg RSA/SHA-224) | ||||
* | Square is always positive | Jack Lloyd | 2018-04-08 | 1 | -0/+1 |
| | |||||
* | Add BigInt::square plus a speed test for BigInt multiply | Jack Lloyd | 2018-04-08 | 3 | -8/+25 |
| | |||||
* | Convert comba script to Python3 | Jack Lloyd | 2018-04-08 | 1 | -1/+1 |
| | |||||
* | Work around unique_ptr conversion bug in older GCC | Jack Lloyd | 2018-04-07 | 1 | -1/+1 |
| | |||||
* | Add RAII versions of get_cipher_mode and get_aead | Jack Lloyd | 2018-04-07 | 13 | -76/+143 |
| | | | | See also #1526 | ||||
* | Add defensive assert to buffer_insert | Jack Lloyd | 2018-04-07 | 1 | -0/+2 |
| | | | | | Otherwise an integer overflow bug elsewhere could turn into a heap overflow. | ||||
* | Add pk_workfactor CLI and refactor workfactor estimator functions | Jack Lloyd | 2018-04-05 | 1 | -12/+19 |
| | | | | No reason to duplicate the NFS workfactor estimator twice | ||||
* | Split up asm constructs to avoid miscompilation | Jack Lloyd | 2018-04-05 | 1 | -30/+49 |
| | | | | | | | The constraints were invalid as they missed the clobber of a/d registers. This caused miscompilation when using GCC -fno-plt option. GH #1524 | ||||
* | Merge GH #1523 RSA optimizations and exponent blinding | Jack Lloyd | 2018-04-04 | 2 | -25/+53 |
|\ | |||||
| * | Work around a bug in MSVC lambda handling | Jack Lloyd | 2018-04-04 | 1 | -1/+1 |
| | | |||||
| * | Add RSA exponent blinding | Jack Lloyd | 2018-04-04 | 2 | -5/+14 |
| | | | | | | | | Additional paranoia never hurt. | ||||
| * | Tweak how RSA private operations are performed | Jack Lloyd | 2018-04-04 | 1 | -25/+44 |
| | | | | | | | | Improves perf by about 15% | ||||
* | | Add DL_Group::monty_params_p to get Montgomery params | Jack Lloyd | 2018-04-04 | 2 | -2/+13 |
|/ | |||||
* | Support passing an OAEP label in EME name | René Korthaus | 2018-04-02 | 1 | -4/+5 |
| | | | | | | | TPM 1.2 expects passing the owner and SRK secret encrypted with the public endorsement key. For asymmetric encryption, the TPM 1.2 uses OAEP with the label "TCPA". | ||||
* | Fix problems with failure to build in various configurations | Jack Lloyd | 2018-03-31 | 3 | -1/+5 |
| | |||||
* | Merge GH #1519 Fix bugs in X.509 wildcard match | Jack Lloyd | 2018-03-31 | 1 | -77/+107 |
|\ | |||||
| * | Fix bugs in wildcard matching | Jack Lloyd | 2018-03-31 | 1 | -77/+107 |
| | | | | | | | | | | | | | | We would incorrectly accept invalid matches for example b*.example.net could match foobar.example.net Introduced in 289cc25709b08 | ||||
* | | Export TLS::Extension | Jack Lloyd | 2018-03-31 | 1 | -1/+1 |
|/ | | | | Needed to avoid UbSan issue | ||||
* | Minor DH optimization | Jack Lloyd | 2018-03-28 | 1 | -4/+6 |
| | | | | Saves 30k-170k cycles depending on param size. | ||||
* | Avoid another problem with AltiVec | Jack Lloyd | 2018-03-28 | 1 | -15/+6 |
| | | | | This caused test failures on ppc64 (big-endian) with GCC 7.2 | ||||
* | Fix some Doxygen errors | Jack Lloyd | 2018-03-28 | 4 | -1/+17 |
| | |||||
* | Fix carry bugs introduced in 8a7559e4f8ad | Jack Lloyd | 2018-03-27 | 2 | -22/+23 |
| | |||||
* | Add back posix_mlock flag | Jack Lloyd | 2018-03-26 | 1 | -0/+6 |
| | | | | | We need a distinct flag for this because Haiku is mostly POSIX but does not support mlock. | ||||
* | Handle some corner cases in ECC mult | Jack Lloyd | 2018-03-25 | 3 | -5/+19 |
| | | | | | | | | For blinded_base_point_multiply_x if result is point at inifinity (eg due to k == group_order) return 0 instead of throwing. For base point multiply, reduce k mod order before masking otherwise the combination of k + mask might exceed our precomputed table. | ||||
* | In Barrett avoid creating an unnecessary temp | Jack Lloyd | 2018-03-25 | 1 | -4/+4 |
| | |||||
* | Extend Certificate_Store_In_Memory to load just a single cert from file | Jack Lloyd | 2018-03-24 | 1 | -3/+9 |
| | |||||
* | Bypass self-signed check in X509_Certificate if AKID and SKID are set | Jack Lloyd | 2018-03-24 | 1 | -12/+17 |
| | | | | | | | | If they are they must be either equal (self-signed) or not equal (self-issued). This allows skipping the verification which reduces startup overhead eg when reading the system certificate store. On my systems's cert store it saves about 1/3 of the signature checks. | ||||
* | Fix some corner cases for small values in power_mod | Jack Lloyd | 2018-03-24 | 1 | -1/+15 |
| | |||||
* | Add warning comment | Jack Lloyd | 2018-03-22 | 1 | -0/+6 |
| | |||||
* | Tiny optimization in Montgomery inverse | Jack Lloyd | 2018-03-22 | 1 | -1/+1 |
| | |||||
* | Add back mul/sqr to CurveGFp [ci skip] | Jack Lloyd | 2018-03-22 | 1 | -0/+10 |
| | | | | | These were available in 2.4 and while users "shouldn't" be using CurveGFp, it is an exposed API. | ||||
* | Revamp GOST-34.10 tests | Jack Lloyd | 2018-03-21 | 1 | -6/+1 |
| | | | | | Use an official vector (from RFC 5832), support arbitrary curves since GOST likes those for testing. | ||||
* | Add EC_Group::random_scalar | Jack Lloyd | 2018-03-21 | 8 | -6/+16 |
| | |||||
* | Remove bogus -1 from DSA key generation | Jack Lloyd | 2018-03-21 | 1 | -1/+1 |
| | | | | GH #222 | ||||
* | Merge GH #1504 Store DN entries in a vector | Jack Lloyd | 2018-03-21 | 5 | -72/+78 |
|\ | |||||
| * | Avoid creating a map from a DN when not required | Jack Lloyd | 2018-03-21 | 5 | -14/+20 |
| | | |||||
| * | Store elements of a DN as a vector | Jack Lloyd | 2018-03-21 | 2 | -59/+59 |
| | | | | | | | | | | | | | | This allows retreiving the original ordering which is required for DN string encoding as defined in RFC 4514 Fixes #336 | ||||
* | | Throw Lookup_Error here for benefit of tests | Jack Lloyd | 2018-03-21 | 1 | -2/+2 |
| | | |||||
* | | Support "mixed" OAEP hashes | Jack Lloyd | 2018-03-21 | 1 | -2/+17 |
| | | | | | | | | | | | | Test vectors from pyca/cryptography Fixes GH #109 | ||||
* | | Mixed mode OAEP | Jack Lloyd | 2018-03-21 | 3 | -10/+27 |
|/ | |||||
* | Change DSA behavior similarly | Jack Lloyd | 2018-03-21 | 1 | -2/+2 |
| | |||||
* | Shift ECDSA inputs to match OpenSSL behavior | Jack Lloyd | 2018-03-21 | 4 | -4/+25 |
| | | | | See also GH #986 | ||||
* | Remove unused variables [ci skip] | Jack Lloyd | 2018-03-21 | 2 | -4/+0 |
| | |||||
* | Simplify a common case BigInt constructor | Jack Lloyd | 2018-03-21 | 2 | -1/+13 |
| | |||||
* | Add another Ed25519 helper to save a few hundred redundant lines | Jack Lloyd | 2018-03-20 | 3 | -301/+106 |
| | | | | No impact on performance. | ||||
* | Add some helpers for handling carries in Ed25519 | Jack Lloyd | 2018-03-20 | 4 | -893/+491 |
| |