aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* Add a Montgomery exponentiation that takes variable timeJack Lloyd2018-04-093-7/+52
| | | | | | | | In the case of RSA encryption/verification the public exponent is... public. So we don't need to carefully guard against side channels that leak the exponent. Improves RSA verification performance by 50% or more.
* Fix bug that broke session decryption (and thus resumption)Jack Lloyd2018-04-091-1/+1
| | | | Introduced in 3657639ab. Add a test that would have caught this
* Fix off by one when decoding TLS-CBC ciphertextsJack Lloyd2018-04-093-27/+30
|
* Fix interop bug in TLS serverJack Lloyd2018-04-083-0/+33
| | | | | The connection would fail if the client advertised any signature algorithm we did not support (eg RSA/SHA-224)
* Square is always positiveJack Lloyd2018-04-081-0/+1
|
* Add BigInt::square plus a speed test for BigInt multiplyJack Lloyd2018-04-083-8/+25
|
* Convert comba script to Python3Jack Lloyd2018-04-081-1/+1
|
* Work around unique_ptr conversion bug in older GCCJack Lloyd2018-04-071-1/+1
|
* Add RAII versions of get_cipher_mode and get_aeadJack Lloyd2018-04-0713-76/+143
| | | | See also #1526
* Add defensive assert to buffer_insertJack Lloyd2018-04-071-0/+2
| | | | | Otherwise an integer overflow bug elsewhere could turn into a heap overflow.
* Add pk_workfactor CLI and refactor workfactor estimator functionsJack Lloyd2018-04-051-12/+19
| | | | No reason to duplicate the NFS workfactor estimator twice
* Split up asm constructs to avoid miscompilationJack Lloyd2018-04-051-30/+49
| | | | | | | The constraints were invalid as they missed the clobber of a/d registers. This caused miscompilation when using GCC -fno-plt option. GH #1524
* Merge GH #1523 RSA optimizations and exponent blindingJack Lloyd2018-04-042-25/+53
|\
| * Work around a bug in MSVC lambda handlingJack Lloyd2018-04-041-1/+1
| |
| * Add RSA exponent blindingJack Lloyd2018-04-042-5/+14
| | | | | | | | Additional paranoia never hurt.
| * Tweak how RSA private operations are performedJack Lloyd2018-04-041-25/+44
| | | | | | | | Improves perf by about 15%
* | Add DL_Group::monty_params_p to get Montgomery paramsJack Lloyd2018-04-042-2/+13
|/
* Support passing an OAEP label in EME nameRené Korthaus2018-04-021-4/+5
| | | | | | | TPM 1.2 expects passing the owner and SRK secret encrypted with the public endorsement key. For asymmetric encryption, the TPM 1.2 uses OAEP with the label "TCPA".
* Fix problems with failure to build in various configurationsJack Lloyd2018-03-313-1/+5
|
* Merge GH #1519 Fix bugs in X.509 wildcard matchJack Lloyd2018-03-311-77/+107
|\
| * Fix bugs in wildcard matchingJack Lloyd2018-03-311-77/+107
| | | | | | | | | | | | | | We would incorrectly accept invalid matches for example b*.example.net could match foobar.example.net Introduced in 289cc25709b08
* | Export TLS::ExtensionJack Lloyd2018-03-311-1/+1
|/ | | | Needed to avoid UbSan issue
* Minor DH optimizationJack Lloyd2018-03-281-4/+6
| | | | Saves 30k-170k cycles depending on param size.
* Avoid another problem with AltiVecJack Lloyd2018-03-281-15/+6
| | | | This caused test failures on ppc64 (big-endian) with GCC 7.2
* Fix some Doxygen errorsJack Lloyd2018-03-284-1/+17
|
* Fix carry bugs introduced in 8a7559e4f8adJack Lloyd2018-03-272-22/+23
|
* Add back posix_mlock flagJack Lloyd2018-03-261-0/+6
| | | | | We need a distinct flag for this because Haiku is mostly POSIX but does not support mlock.
* Handle some corner cases in ECC multJack Lloyd2018-03-253-5/+19
| | | | | | | | For blinded_base_point_multiply_x if result is point at inifinity (eg due to k == group_order) return 0 instead of throwing. For base point multiply, reduce k mod order before masking otherwise the combination of k + mask might exceed our precomputed table.
* In Barrett avoid creating an unnecessary tempJack Lloyd2018-03-251-4/+4
|
* Extend Certificate_Store_In_Memory to load just a single cert from fileJack Lloyd2018-03-241-3/+9
|
* Bypass self-signed check in X509_Certificate if AKID and SKID are setJack Lloyd2018-03-241-12/+17
| | | | | | | | If they are they must be either equal (self-signed) or not equal (self-issued). This allows skipping the verification which reduces startup overhead eg when reading the system certificate store. On my systems's cert store it saves about 1/3 of the signature checks.
* Fix some corner cases for small values in power_modJack Lloyd2018-03-241-1/+15
|
* Add warning commentJack Lloyd2018-03-221-0/+6
|
* Tiny optimization in Montgomery inverseJack Lloyd2018-03-221-1/+1
|
* Add back mul/sqr to CurveGFp [ci skip]Jack Lloyd2018-03-221-0/+10
| | | | | These were available in 2.4 and while users "shouldn't" be using CurveGFp, it is an exposed API.
* Revamp GOST-34.10 testsJack Lloyd2018-03-211-6/+1
| | | | | Use an official vector (from RFC 5832), support arbitrary curves since GOST likes those for testing.
* Add EC_Group::random_scalarJack Lloyd2018-03-218-6/+16
|
* Remove bogus -1 from DSA key generationJack Lloyd2018-03-211-1/+1
| | | | GH #222
* Merge GH #1504 Store DN entries in a vectorJack Lloyd2018-03-215-72/+78
|\
| * Avoid creating a map from a DN when not requiredJack Lloyd2018-03-215-14/+20
| |
| * Store elements of a DN as a vectorJack Lloyd2018-03-212-59/+59
| | | | | | | | | | | | | | This allows retreiving the original ordering which is required for DN string encoding as defined in RFC 4514 Fixes #336
* | Throw Lookup_Error here for benefit of testsJack Lloyd2018-03-211-2/+2
| |
* | Support "mixed" OAEP hashesJack Lloyd2018-03-211-2/+17
| | | | | | | | | | | | Test vectors from pyca/cryptography Fixes GH #109
* | Mixed mode OAEPJack Lloyd2018-03-213-10/+27
|/
* Change DSA behavior similarlyJack Lloyd2018-03-211-2/+2
|
* Shift ECDSA inputs to match OpenSSL behaviorJack Lloyd2018-03-214-4/+25
| | | | See also GH #986
* Remove unused variables [ci skip]Jack Lloyd2018-03-212-4/+0
|
* Simplify a common case BigInt constructorJack Lloyd2018-03-212-1/+13
|
* Add another Ed25519 helper to save a few hundred redundant linesJack Lloyd2018-03-203-301/+106
| | | | No impact on performance.
* Add some helpers for handling carries in Ed25519Jack Lloyd2018-03-204-893/+491
|