Paul Bakker
bf98c3dd11
Merged deterministic ECDSA
...
Conflicts:
library/ecdsa.c
2014-01-23 15:48:01 +01:00
Manuel Pégourié-Gonnard
dfab4c1193
Add forgotten #ifdef and depends_on
2014-01-22 16:01:06 +01:00
Paul Bakker
5862eee4ca
Merged RIPEMD-160 support
2014-01-22 14:18:34 +01:00
Paul Bakker
61b699ed1b
Renamed RMD160 to RIPEMD160
2014-01-22 14:17:31 +01:00
Paul Bakker
0ac99ca7bc
Merged support for secp224k1, secp192k1 and secp25k1
2014-01-22 13:10:48 +01:00
Manuel Pégourié-Gonnard
b4fae579e8
Add pk_rsa_set_padding() and rsa_set_padding()
2014-01-22 13:03:27 +01:00
Manuel Pégourié-Gonnard
7c59363a85
Remove a few dead stores
2014-01-22 13:02:39 +01:00
Manuel Pégourié-Gonnard
9e987edf9f
Fix potential memory leak in bignum selftest
2014-01-22 12:59:04 +01:00
Manuel Pégourié-Gonnard
fd6a191381
Fix misplaced initialisation.
...
If one of the calls to mpi_grow() before setting Apos would fail, then
mpi_free( &Apos ) would be executed without Apos being initialised.
2014-01-22 12:57:04 +01:00
Manuel Pégourié-Gonnard
073f0fa2fb
Fix missing error checking in gcm
2014-01-22 12:56:51 +01:00
Manuel Pégourié-Gonnard
280f95bd00
Add #ifs arround ssl_ciphersuite_uses_XXX()
2014-01-22 12:56:37 +01:00
Manuel Pégourié-Gonnard
7cfdcb8c7f
Add a length check in ssl_derive_keys()
2014-01-22 12:56:22 +01:00
Manuel Pégourié-Gonnard
9af7d3a35b
Add fast reduction for the other Koblitz curves
2014-01-18 17:48:00 +01:00
Manuel Pégourié-Gonnard
8887d8d37c
Add mod_p256k1
...
Makes secp256k1 about 4x faster
2014-01-17 23:17:10 +01:00
Manuel Pégourié-Gonnard
ea499a7321
Add support for secp192k1
2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
0a56c2c698
Fix bug in ecdh_calc_secret()
...
Only affects curves with nbits != pbits (currently only secp224k1)
2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
5304812b2d
Fix theoretical compliance issue in ECDSA
...
The issue would happen for curves whose bitlength is not a multiple of eight
(the only case is NIST P-521) with hashes that are longer than the bitlength
of the curve: since the wides hash is 512 bits long, this can't happen.
Fixing however as a matter of principle and readability.
2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
18e3ec9b4d
Add support for secp224k1
2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
e4d47a655b
Add RIPEMD-160 to the generic MD layer
2014-01-17 20:41:32 +01:00
Manuel Pégourié-Gonnard
ff40c3ac34
Add HMAC support to RIPEMD-160
2014-01-17 20:04:59 +01:00
Manuel Pégourié-Gonnard
cab4a8807c
Add RIPEMD-160 (core functions)
2014-01-17 14:04:25 +01:00
Manuel Pégourié-Gonnard
9bcff3905b
Add OIDs and TLS IDs for prime Koblitz curves
2014-01-10 18:32:31 +01:00
Manuel Pégourié-Gonnard
f51c8fc353
Add support for secp256k1 arithmetic
2014-01-10 18:17:18 +01:00
Manuel Pégourié-Gonnard
65ad3e4daf
Use deterministic ECDSA in the PK layer
2014-01-07 16:19:28 +01:00
Manuel Pégourié-Gonnard
5e6edcfd96
Add fallback for md_alg == NONE to ecdsa_sign_det()
2014-01-07 16:19:28 +01:00
Manuel Pégourié-Gonnard
937340bce0
Add ecdsa_write_signature_det()
2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
f42bca6da0
Little HMAC_DRBG refactoring
2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
4daaef7e27
Add ecdsa_sign_det() with test vectors
2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
461d416892
Add minified HMAC_DRBG for deterministic ECDSA
2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard
e7072f8d11
Fix theoretical compliance issue in ECDSA
...
The issue would happen for curves whose bitlength is not a multiple of eight
(the only case is NIST P-521) with hashes that are longer than the bitlength
of the curve: since the wides hash is 512 bits long, this can't happen.
Fixing however as a matter of principle and readability.
2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard
c9573998ca
Fix unchecked error codes in ecp_gen_keypair()
2014-01-06 11:01:38 +01:00
Manuel Pégourié-Gonnard
79f73b96d9
Remove bias in EC private key generation
2014-01-06 10:19:35 +01:00
Paul Bakker
c78c8422c2
Added failure stub for uninitialized POLARSSL_THREADING_ALT functions
2013-12-31 11:55:27 +01:00
Paul Bakker
a8fd3e31ed
Removed POLARSSL_THREADING_DUMMY option
2013-12-31 11:54:08 +01:00
Paul Bakker
4de44aa0ae
Rewrote check to prevent read of uninitialized data in
...
rsa_rsassa_pss_verify()
2013-12-31 11:43:01 +01:00
Paul Bakker
6992eb762c
Fixed potential overflow in certificate size in ssl_write_certificate()
2013-12-31 11:38:33 +01:00
Paul Bakker
6ea1a95ce8
Added missing MPI_CHK() around some statements
2013-12-31 11:17:14 +01:00
Paul Bakker
5bc07a3d30
Prepped for 1.3.3
2013-12-31 10:57:44 +01:00
Paul Bakker
00f5c52bfe
Added cast to socket() return value to prevent Windows warning
2013-12-31 10:45:16 +01:00
Paul Bakker
c73879139e
Merged ECP memory usage optimizations
2013-12-31 10:33:47 +01:00
Paul Bakker
53e1513fea
Initialize ebx and edx in padlock functions
2013-12-31 09:46:09 +01:00
Manuel Pégourié-Gonnard
26bc1c0f5d
Fix a few unchecked return codes in EC
2013-12-30 19:33:33 +01:00
Paul Bakker
93759b048f
Made AES-NI bit-size specific key expansion functions static
2013-12-30 19:20:06 +01:00
Manuel Pégourié-Gonnard
9e4191c3e7
Add another option to reduce EC memory usage
...
Also document speed/memory trade-offs better.
2013-12-30 19:16:05 +01:00
Manuel Pégourié-Gonnard
70896a023e
Add statistics about number of allocated blocks
2013-12-30 19:16:05 +01:00
Paul Bakker
ec4bea7eee
Forced cast to unsigned int for %u format in ecp_selftest()
2013-12-30 19:04:47 +01:00
Manuel Pégourié-Gonnard
1f789b8348
Lessen peak memory usage in EC by freeing earlier
...
Cuts peak usage by 25% :)
2013-12-30 17:36:54 +01:00
Manuel Pégourié-Gonnard
72c172a13d
Save some small memory allocations inside ecp_mul()
2013-12-30 16:04:55 +01:00
Paul Bakker
f0fc2a27b0
Properly put the pragma comment for the MSVC linker in defines
2013-12-30 15:42:43 +01:00
Paul Bakker
92bcadb110
Removed 'z' length modifier from low-value size_t in ecp_selftest()
2013-12-30 15:37:17 +01:00
Paul Bakker
e7f5133590
Fixed superfluous return value in aesni.c
2013-12-30 15:32:02 +01:00
Paul Bakker
0d0de92156
Only specify done label in aes.c when AES-NI is possible
2013-12-30 15:29:04 +01:00
Paul Bakker
956c9e063d
Reduced the input / output overhead with 200+ bytes and covered corner
...
case
The actual input / output buffer overhead is only 301 instead of 512.
This requires a proper check on the padding_idx to prevent out of bounds
reads.
Previously a remote party could potentially trigger an access error and
thus stop the application when sending a malicious packet having
MAX_CONTENT_LEN of data, 32 bytes of MAC and a decrypted padlen of .
This would result in reading from in_ctr + 13 + 32 + MAX_CONTENT_LEN - 1 - 1
for 256 bytes (including fake padding check). Or 13 + 32 bytes over the
buffer length.
We now reset padding_idx to 0, if it's clear that it will never be a
valid padding (padlen > msg_len || msg_len + padlen + 256 > buffer_len)
2013-12-30 15:00:51 +01:00
Manuel Pégourié-Gonnard
d4588cfb6a
aesni_gcm_mult() now returns void
2013-12-30 13:54:23 +01:00
Manuel Pégourié-Gonnard
bfa3c9a85f
Remove temporary code
2013-12-30 13:53:58 +01:00
Manuel Pégourié-Gonnard
23c2f6fee5
Add AES-NI key expansion for 192 bits
2013-12-29 16:05:22 +01:00
Manuel Pégourié-Gonnard
4a5b995c26
Add AES-NI key expansion for 256 bits
2013-12-29 13:50:32 +01:00
Manuel Pégourié-Gonnard
47a3536a31
Add AES-NI key expansion for 128 bits
2013-12-29 13:28:59 +01:00
Manuel Pégourié-Gonnard
01e31bbffb
Add support for key inversion using AES-NI
2013-12-28 16:22:08 +01:00
Manuel Pégourié-Gonnard
80637c7520
Use aesni_gcm_mult() if available
2013-12-26 16:09:58 +01:00
Manuel Pégourié-Gonnard
d333f67f8c
Add aesni_gcm_mult()
2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard
9d57482280
Add comments on GCM multiplication
2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard
8eaf20b18d
Allow detection of CLMUL
2013-12-26 15:51:13 +01:00
Manuel Pégourié-Gonnard
5b685653ef
Add aesni_crypt_ecb() and use it
2013-12-25 13:03:26 +01:00
Manuel Pégourié-Gonnard
92ac76f9db
Add files for (upcoming) AES-NI support
2013-12-25 13:03:26 +01:00
Paul Bakker
1e5369c7fa
Variables in proper block or within proper defines in ssl_decrypt_buf()
2013-12-19 16:40:57 +01:00
Paul Bakker
0c0476f92d
Disable ecp_use_curve25519() if not POLARSSL_ECP_DP_M255_ENABLED
2013-12-19 16:20:53 +01:00
Paul Bakker
1a56fc96a3
Fixed x509_crt_parse_path() bug on Windows platforms
2013-12-19 13:52:33 +01:00
Manuel Pégourié-Gonnard
1321135758
Fix MingW version issue
2013-12-17 17:38:55 +01:00
Manuel Pégourié-Gonnard
ee5db1d6b9
Fix typo in previous commit
2013-12-17 16:46:19 +01:00
Manuel Pégourié-Gonnard
6a398d4234
Add missing header for windows
2013-12-17 16:10:58 +01:00
Manuel Pégourié-Gonnard
173402bb61
net_prepare() returns int
2013-12-17 15:57:05 +01:00
Paul Bakker
5a607d26b7
Merged IPv6 support in the NET module
2013-12-17 14:34:19 +01:00
Manuel Pégourié-Gonnard
fd6b4cc1db
Add forgotten SO_REUSEADDR option
2013-12-17 13:59:01 +01:00
Paul Bakker
5ab68ba679
Merged storing curves fully in ROM
2013-12-17 13:11:18 +01:00
Paul Bakker
fdf946928d
Merged support for ECDH-RSA / ECDH-ECDSA key exchanges and ciphersuites
2013-12-17 13:10:27 +01:00
Paul Bakker
77e257e958
Fixed bad check for maximum size of fragment length index
2013-12-17 13:09:12 +01:00
Paul Bakker
6c21276342
Place olen initalization after reference check in cipher_update()
2013-12-17 13:09:12 +01:00
Paul Bakker
6f0636a09f
Potential memory leak in ssl_ticket_keys_init()
2013-12-17 13:09:12 +01:00
Manuel Pégourié-Gonnard
6e315a9009
Adapt net_accept() to IPv6
2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
389ce63735
Add IPv6 support to net_bind()
2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
10934de1ca
Adapt net_connect() for IPv6
2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
2e5c3163db
Factor our some code in net.c
2013-12-17 12:00:57 +01:00
Manuel Pégourié-Gonnard
5538970d32
Add server support for ECDH key exchanges
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
d18cc57962
Add client-side support for ECDH key exchanges
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
cdff3cfda3
Add ecdh_get_params() to import from an EC key
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
25781b22e3
Add ECDH_RSA and ECDH_ECDSA ciphersuites
...
(not implemented yet)
2013-12-17 11:32:31 +01:00
Manuel Pégourié-Gonnard
69ab354239
Fix bug from stupid typo
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
14a96c5d8b
Avoid wasting memory with some curves
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
95b45b7bb2
Rename macros
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
baee5d4157
Add previously forgotten #ifdef's
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
81e1b102dc
Rm a few unneeded variables
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
1f82b041e7
Adapt ecp_group_free() to static constants
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
73cc01d7fa
Remove last non-static parts of known EC groups
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
731d08b406
Start using constants from ROM for EC groups
2013-12-17 11:27:20 +01:00
Manuel Pégourié-Gonnard
c72ac7c3ef
Fix SSLv3 handling of SHA-384 suites
...
Fixes memory corruption, introduced in
a5bdfcd
(Relax some SHA2 ciphersuite's version requirements)
2013-12-17 10:18:25 +01:00
Paul Bakker
fef3c5a652
Fixed typo in POLARSSL_PKCS1_V15 in rsa.c
2013-12-11 13:36:30 +01:00
Manuel Pégourié-Gonnard
93f41dbdfd
Fix possible issue in corner-case for ecp_mul_mx()
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
7a949d3f5b
Update comments
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
d962273594
Add #ifdef's for curve types
2013-12-05 15:58:38 +01:00