Commit dbbd2544 authored by Hugo Leisink's avatar Hugo Leisink

Release 10.8.2

parent b11c8c98
cmake_minimum_required(VERSION 3.0)
project(Hiawatha VERSION 10.8.1 LANGUAGES C)
project(Hiawatha VERSION 10.8.2 LANGUAGES C)
# Compiler
set(CMAKE_C_FLAGS "-O2 -Wall -Wextra ${CMAKE_C_FLAGS}")
......
hiawatha (10.8.2) stable; urgency=low
* mbed TLS updated to 2.12.0.
* New style for directory index.
* uri_depth added to XML for directory index.
-- Hugo Leisink <hugo@leisink.net> Sat, 28 Jul 2018 09:51:07 +0200
hiawatha (10.8.1) stable; urgency=low
* mbed TLS updated to 2.8.0.
......@@ -5,7 +13,7 @@ hiawatha (10.8.1) stable; urgency=low
compliant out of the box.
* Small improvements to Let's Encrypt ACMEv2 script.
-- Hugo Leisink <hugo@leisink.net> Tue, 10 Apr 2018 21:58:41 +0100
-- Hugo Leisink <hugo@leisink.net> Tue, 10 Apr 2018 21:58:41 +0200
hiawatha (10.8) stable; urgency=low
......@@ -21,7 +29,7 @@ hiawatha (10.8) stable; urgency=low
* Bugfix: requesting non-regular files now results in a 403 instead of
blocking that thread.
-- Hugo Leisink <hugo@leisink.net> Wed, 21 Mar 2018 19:57:44 +0200
-- Hugo Leisink <hugo@leisink.net> Wed, 21 Mar 2018 19:57:44 +0100
hiawatha (10.7) stable; urgency=low
......@@ -31,7 +39,7 @@ hiawatha (10.7) stable; urgency=low
* Small improvements.
* Bugfix: error in handling renewal scripts in Let's Encrypt script.
-- Hugo Leisink <hugo@leisink.net> Mon, 16 Oct 2017 19:31:54 +0200
-- Hugo Leisink <hugo@leisink.net> Mon, 16 Oct 2017 19:31:54 +0100
hiawatha (10.6) stable; urgency=low
......
......@@ -19,63 +19,82 @@
h1 {
font-size:200%;
color:#6878e0;
text-align:center;
}
h2 {
font-size:150%;
}
h1, h2 {
letter-spacing:5px;
max-width:800px;
max-width:900px;
margin:15px auto;
}
table {
width:100%;
max-width:800px;
max-width:900px;
margin:0 auto;
padding:20px;
border-spacing:0;
border:1px solid #c0c0c0;
background-color:#f4f4f4;
box-shadow:6px 12px 15px 5px #808080;
border-radius:15px;
box-shadow:6px 12px 10px #808080;
}
table th, table td {
padding:10px 30px;
}
thead th {
border-bottom:2px solid #e0e0e0;
background-color:#6878e0;
color:#ffffff;
letter-spacing:1px;
text-align:left;
font-size:13px;
font-weight:400;
}
thead th.timestamp {
width:175px;
}
thead th.size {
width:140px;
thead th.filename {
border-top-left-radius:15px;
}
tbody td {
border-bottom:1px solid #e0e0e0;
padding:2px 15px;
}
tbody tr:hover td {
background-color:#ffffc0;
background-color:#ffffe0;
cursor:pointer;
}
tbody tr:nth-child(even) {
background-color:#e8e8f0;
background-color:#f8f8ff;
}
tbody tr:nth-child(odd) {
background-color:#f0f0f8;
background-color:#ffffff;
}
tbody td.size {
text-align:right;
}
tbody td.dir a {
color:#0000ff;
tbody td.dir {
background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAABX1BMVEX39/dra2tsbGxtbW1ubm57e3t+fn5/f3+ua1Cua1G2cVO4dFS7eFW9e1a6fVe/f1e7f1i9g1m/hFnBgljDhVnFiFnGiVrHjFrDiF7HjV/IjFrIjFvJjlvKkFzLkVzMk13NlF3PlV3Oll7Pl17Rml/SnV/Pmmbfl2HTnWDUn2DUoGHVoWHWo2TZqGXZqWfRoGrToGvXqW/0rWn0t2z5tWv+uW3+vG7hrXT6zHitra2vr6+wsLCysrLJrZnLtZ/ivYbhvpDXvKrZvqn90oP33IP52oH/1orlxJPjw5nu15z45Y385pn56p3dxavjxqDjyKr/76j7763//aP05rry47z88LD89L3//77MzMzU1NTW1tbd3d399sf/+Mf48cv9+Mz9+c727dL9+dn//9v+/t3l5eXn5+fo6Ojp6en16+T48Ob9+uX//OX//uX+/up9W1D8+PX4+Pj5+fn///j///+gwhWcAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAAHdElNRQfVAxgNNRYCF8YoAAAAr0lEQVR42mNgIAwcdDT1fdMQfD/37LxEA7touIBhXEpKSoiajLiYhCNYnVZ8AhQEC1imAgVUwzz1tDVUlORlpcUEbYFqVAJ1s6C6czL5rNIYlH20i5NiwMA/l5c1kkHBSyM5FAI8YnmYIhjkXFXCvSHAPoCbMYJBxkIpyBkCzN24gAKSxoouZqYgYKJuxAHU4iQkKiUmIszPy8PNxZnPFsWQbs3GwgwFLOw2GRh+BQApPielSWe5LQAAAABJRU5ErkJggg==);
}
tbody td.file {
background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAAe1BMVEX///8WFhZAQEBLS0ldXV12dnaFhYWgoKCoqKitra27u7u8vLy9vb2+vr6/v7/AwMDBwcHCwsLDw8PExMTFxcXg4ODi4uLj4+Pk5OTl5eXm5ubn5+fo6Ojq6urr6+vs7Ozt7e3u7u7v7+/w8PDx8fH7+/v9/f3+/v4AAADSBF8OAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAAJcEhZcwAACxIAAAsSAdLdfvwAAAAHdElNRQfVAxgOIR25LXasAAAAgklEQVR42kXQ2xaCIBCFYaLjKJXaAVDQMLXe/wnDYbP615qbb+YGhCCZI8HJD7c8qi8BJq6ZT0ky0H4nJYCIpvfzsN1kGLkQ7oCR1kIYbgmWgPoG8KJhPfG+AvQOXQE+rl2c7gJwbcqeAR2ljAK01lpjtNZFglopVZZF7Mjwfz5/wA+3tg7+aWT54QAAAABJRU5ErkJggg==);
}
tbody td.file a {
tbody td.dir, tbody td.file {
background-repeat:no-repeat;
background-position:30px 8px;
padding-left:55px;
}
tbody td.dir a, tbody td.file a {
color:#4080ff;
}
tfoot td {
padding:20px 15px 0 15px;
background-color:#ececec;
}
tfoot td.totalsize {
text-align:right;
border-bottom-right-radius:15px;
}
a {
......@@ -93,27 +112,52 @@
@media (max-width:767px) {
body {
padding:25px;
padding:5px 25px;
}
h1, h2 {
letter-spacing:1px;
}
}
h1 {
font-size:160%;
letter-spacing:3px;
@media (min-width:640px) {
thead th.timestamp {
width:150px;
}
thead th.size {
border-top-right-radius:15px;
width:100px;
}
tbody td {
padding:5px 15px;
tfoot td.totalfiles {
border-bottom-left-radius:15px;
}
}
@media (max-width:511px) {
h1 {
font-size:130%;
letter-spacing:1px;
@media (max-width:639px) {
table th, table td {
display:block;
min-height:12px;
line-height:20px;
}
table tr.dir td.size {
display:none;
}
table th:nth-child(2),
table td:nth-child(2) {
padding-left:55px;
}
thead th.filename {
border-top-right-radius:15px;
}
tfoot td.totalsize {
border-bottom-left-radius:15px;
}
table tfoot td:nth-child(2) {
display:none;
}
}
......@@ -121,18 +165,19 @@
</head>
<body>
<h1><xsl:value-of select="hostname" /> : <xsl:value-of select="request_uri" /></h1>
<h1><xsl:value-of select="hostname" /></h1>
<h2><xsl:value-of select="request_uri" /></h2>
<table>
<thead>
<tr>
<th class="filename">filename</th>
<th class="timestamp">timestamp</th>
<th class="size">filesize</th>
<th class="filename">File name</th>
<th class="timestamp">Timestamp</th>
<th class="size">File size</th>
</tr>
</thead>
<tbody>
<xsl:for-each select="files/file">
<tr onClick="javascript:window.location.href='{.}'">
<tr class="{@type}" onClick="javascript:window.location.href='{.}'">
<td class="{@type}"><a href="{@url_encoded}"><xsl:value-of select="." /></a></td>
<td><xsl:value-of select="@timestamp" /></td>
<td class="size"><xsl:value-of select="@size" /></td>
......
......@@ -2,9 +2,10 @@
<index>
<hostname>www.example.com</hostname>
<request_uri>/</request_uri>
<uri_depth>0</uri_depth>
<files>
<file type="dir" timestamp="01 Jan 2014, 12:00:00" url_encoded="directory/">directory/</file>
<file type="file" timestamp="02 Jan 2014, 14:00:00" size="100.0 kB" extension="txt" url_encoded="file.txt">file.txt</file>
<file type="dir" timestamp="01 Jan 2018, 12:00:00" url_encoded="directory/">directory</file>
<file type="file" timestamp="02 Jan 2018, 14:00:00" size="100.0 kB" extension="txt" url_encoded="file.txt">file.txt</file>
</files>
<total_size>100.0 kB</total_size>
<software>Hiawatha</software>
......
......@@ -342,7 +342,7 @@
/* Write certificates
*/
if ($cert_file == null) {
$dir = (posix_getuid() == 0) ? HIAWATHA_CERT_DIR."/" : "";
$dir = (getmyuid() == 0) ? HIAWATHA_CERT_DIR."/" : "";
$cert_file = $dir.$website_hostname.".pem";
$number = 1;
while (file_exists($cert_file)) {
......
......@@ -69,7 +69,7 @@ Example: set local_net = 192.168.1.0/24
AccessList = allow local_net, deny 0.0.0.0/0 (see AccessList for more information about this option)
.TP
.B AnonymizeIP = yes|no
Anonymize IP addresses before writing them to the access and error logfiles or sending them to the Hiawatha Monitor.
Anonymize IP addresses before writing them to the access and error logfiles.
.br
Default = no Example: AnonymizeIP = yes
.TP
......@@ -325,7 +325,7 @@ Sets the SO_SNDTIMEO value for all client connection sockets. Use 0 to disable t
.br
Default = 3 Example: SocketSendTimeout = 10
.TP
.B Syslog = [system][, exploit][, garbage][, access][, error][, all]
.B Syslog = [system][, exploit][, garbage][, access][, error][, all][;<syslog identifier>]
Log information to syslog.
.br
Example: Syslog = system, access, error
......@@ -632,8 +632,8 @@ Adds an X-Random HTTP header to the response for HTTPS connections. The header c
.br
Example: RandomHeader = 250
.TP
.B RequiredCA = ...
Use this option inside a virtualhost block if you want to make use of the SNI capabilities of Hiawatha. See the RequiredCA option in the BINDING CONFIGURATION chapter for more information.
.B RequiredCA = <CA certificate file>[, <CA CRL file>
Use the CA certificates in this file to authenticate users. Users without a certificate from one of the listed CAs will not be allowed.
.TP
.B RequiredGroup = <groupname>[, <groupname>, ...]
The <groupname> is the name of the group a user must be a member of to have access (see PasswordFile for more information).
......
--- mbedtls/include/mbedtls/cipher.h 2018-07-26 16:33:22.000000000 +0200
+++ mbedtls/include/mbedtls/cipher.h 2018-07-27 20:28:40.091543699 +0200
@@ -47,7 +45,8 @@
#define MBEDTLS_CIPHER_MODE_WITH_PADDING
#endif
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
+ defined(MBEDTLS_CHACHA20_C)
#define MBEDTLS_CIPHER_MODE_STREAM
#endif
......@@ -4,18 +4,19 @@ project("mbed TLS" C)
option(USE_PKCS11_HELPER_LIBRARY "Build mbed TLS with the pkcs11-helper library." OFF)
option(ENABLE_ZLIB_SUPPORT "Build mbed TLS with zlib library." OFF)
set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE}
CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull"
FORCE)
string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}")
if(CMAKE_COMPILER_IS_GNUCC)
if(CMAKE_COMPILER_IS_GNU)
execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
OUTPUT_VARIABLE GCC_VERSION)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings")
execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion OUTPUT_VARIABLE GCC_VERSION)
if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op")
endif()
if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow")
endif()
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
......@@ -23,15 +24,15 @@ if(CMAKE_COMPILER_IS_GNUCC)
set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")
set(CMAKE_C_FLAGS_CHECK "-Werror -Os")
set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
endif(CMAKE_COMPILER_IS_GNUCC)
endif(CMAKE_COMPILER_IS_GNU)
if(CMAKE_COMPILER_IS_CLANG)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow")
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover -O3")
set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")
set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")
set(CMAKE_C_FLAGS_MEMSAN "-Werror -fsanitize=memory -O3")
set(CMAKE_C_FLAGS_MEMSANDBG "-Werror -fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2")
set(CMAKE_C_FLAGS_CHECK "-Werror -Os")
......@@ -43,13 +44,4 @@ else()
endif()
include_directories(include/)
if(ENABLE_ZLIB_SUPPORT)
find_package(ZLIB)
if(ZLIB_FOUND)
include_directories(${ZLIB_INCLUDE_DIR})
endif(ZLIB_FOUND)
endif(ENABLE_ZLIB_SUPPORT)
add_subdirectory(library)
This diff is collapsed.
......@@ -9,3 +9,8 @@ if(INSTALL_MBEDTLS_HEADERS)
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
endif(INSTALL_MBEDTLS_HEADERS)
# Make config.h available in an out-of-source build. ssl-opt.sh requires it.
if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
link_to_source(mbedtls)
endif()
This diff is collapsed.
......@@ -40,14 +40,14 @@
#define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED -0x0019 /**< ARC4 hardware accelerator failed. */
#if !defined(MBEDTLS_ARC4_ALT)
// Regular implementation
//
#ifdef __cplusplus
extern "C" {
#endif
#if !defined(MBEDTLS_ARC4_ALT)
// Regular implementation
//
/**
* \brief ARC4 context structure
*
......@@ -63,6 +63,10 @@ typedef struct
}
mbedtls_arc4_context;
#else /* MBEDTLS_ARC4_ALT */
#include "arc4_alt.h"
#endif /* MBEDTLS_ARC4_ALT */
/**
* \brief Initialize ARC4 context
*
......@@ -120,18 +124,6 @@ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
unsigned char *output );
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_ARC4_ALT */
#include "arc4_alt.h"
#endif /* MBEDTLS_ARC4_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Checkup routine
*
......
This diff is collapsed.
......@@ -206,6 +206,8 @@ void mbedtls_mpi_free( mbedtls_mpi *X );
/**
* \brief Enlarge to the specified number of limbs
*
* This function does nothing if the MPI is already large enough.
*
* \param X MPI to grow
* \param nblimbs The target number of limbs
*
......@@ -217,19 +219,23 @@ int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
/**
* \brief Resize down, keeping at least the specified number of limbs
*
* If \c X is smaller than \c nblimbs, it is resized up
* instead.
*
* \param X MPI to shrink
* \param nblimbs The minimum number of limbs to keep
*
* \return 0 if successful,
* MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
* (this can only happen when resizing up).
*/
int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
/**
* \brief Copy the contents of Y into X
*
* \param X Destination MPI
* \param Y Source MPI
* \param X Destination MPI. It is enlarged if necessary.
* \param Y Source MPI.
*
* \return 0 if successful,
* MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
......
......@@ -46,14 +46,14 @@
#define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */
#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
#if !defined(MBEDTLS_BLOWFISH_ALT)
// Regular implementation
//
#ifdef __cplusplus
extern "C" {
#endif
#if !defined(MBEDTLS_BLOWFISH_ALT)
// Regular implementation
//
/**
* \brief Blowfish context structure
*/
......@@ -64,6 +64,10 @@ typedef struct
}
mbedtls_blowfish_context;
#else /* MBEDTLS_BLOWFISH_ALT */
#include "blowfish_alt.h"
#endif /* MBEDTLS_BLOWFISH_ALT */
/**
* \brief Initialize Blowfish context
*
......@@ -172,7 +176,46 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
/**
* \brief Blowfish-CTR buffer encryption/decryption
*
* Warning: You have to keep the maximum use of your counter in mind!
* \warning You must never reuse a nonce value with the same key. Doing so
* would void the encryption for the two messages encrypted with
* the same nonce and key.
*
* There are two common strategies for managing nonces with CTR:
*
* 1. You can handle everything as a single message processed over
* successive calls to this function. In that case, you want to
* set \p nonce_counter and \p nc_off to 0 for the first call, and
* then preserve the values of \p nonce_counter, \p nc_off and \p
* stream_block across calls to this function as they will be
* updated by this function.
*
* With this strategy, you must not encrypt more than 2**64
* blocks of data with the same key.
*
* 2. You can encrypt separate messages by dividing the \p
* nonce_counter buffer in two areas: the first one used for a
* per-message nonce, handled by yourself, and the second one
* updated by this function internally.
*
* For example, you might reserve the first 4 bytes for the
* per-message nonce, and the last 4 bytes for internal use. In that
* case, before calling this function on a new message you need to
* set the first 4 bytes of \p nonce_counter to your chosen nonce
* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
* stream_block to be ignored). That way, you can encrypt at most
* 2**32 messages of up to 2**32 blocks each with the same key.
*
* The per-message nonce (or information sufficient to reconstruct
* it) needs to be communicated with the ciphertext and must be unique.
* The recommended way to ensure uniqueness is to use a message
* counter.
*
* Note that for both stategies, sizes are measured in blocks and
* that a Blowfish block is 8 bytes.
*
* \warning Upon return, \p stream_block contains sensitive data. Its
* content must not be written to insecure storage and should be
* securely discarded as soon as it's no longer needed.
*
* \param ctx Blowfish context
* \param length The length of the data
......@@ -200,8 +243,4 @@ int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
}
#endif
#else /* MBEDTLS_BLOWFISH_ALT */
#include "blowfish_alt.h"
#endif /* MBEDTLS_BLOWFISH_ALT */
#endif /* blowfish.h */
......@@ -51,7 +51,14 @@
/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
#if defined(__GNUC__) && \
( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 )
#if defined(__i386__)
/*
* Disable use of the i386 assembly code below if option -O0, to disable all
* compiler optimisations, is passed, detected with __OPTIMIZE__
* This is done as the number of registers used in the assembly code doesn't
* work with the -O0 option.
*/
#if defined(__i386__) && defined(__OPTIMIZE__)
#define MULADDC_INIT \
asm( \
......@@ -144,7 +151,7 @@
"movl %%esi, %3 \n\t" \
: "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
: "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
: "eax", "ecx", "edx", "esi", "edi" \
: "eax", "ebx", "ecx", "edx", "esi", "edi" \
);
#else
......@@ -156,7 +163,7 @@
"movl %%esi, %3 \n\t" \
: "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
: "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
: "eax", "ecx", "edx", "esi", "edi" \
: "eax", "ebx", "ecx", "edx", "esi", "edi" \
);
#endif /* SSE2 */
#endif /* i386 */
......@@ -523,7 +530,7 @@
"swi r3, %2 \n\t" \
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
: "r3", "r4" "r5", "r6", "r7", "r8", \
: "r3", "r4", "r5", "r6", "r7", "r8", \
"r9", "r10", "r11", "r12", "r13" \
);
......
......@@ -42,14 +42,14 @@
#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */
#define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /**< Camellia hardware accelerator failed. */
#if !defined(MBEDTLS_CAMELLIA_ALT)
// Regular implementation
//
#ifdef __cplusplus
extern "C" {
#endif
#if !defined(MBEDTLS_CAMELLIA_ALT)
// Regular implementation
//
/**
* \brief CAMELLIA context structure
*/
......@@ -60,6 +60,10 @@ typedef struct
}
mbedtls_camellia_context;
#else /* MBEDTLS_CAMELLIA_ALT */
#include "camellia_alt.h"
#endif /* MBEDTLS_CAMELLIA_ALT */
/**
* \brief Initialize CAMELLIA context
*
......@@ -185,12 +189,54 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
/**
* \brief CAMELLIA-CTR buffer encryption/decryption
*
* Warning: You have to keep the maximum use of your counter in mind!
*
* Note: Due to the nature of CTR you should use the same key schedule for
* both encryption and decryption. So a context initialized with
* mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and MBEDTLS_CAMELLIA_DECRYPT.
*
* \warning You must never reuse a nonce value with the same key. Doing so
* would void the encryption for the two messages encrypted with
* the same nonce and key.
*
* There are two common strategies for managing nonces with CTR:
*
* 1. You can handle everything as a single message processed over
* successive calls to this function. In that case, you want to
* set \p nonce_counter and \p nc_off to 0 for the first call, and
* then preserve the values of \p nonce_counter, \p nc_off and \p
* stream_block across calls to this function as they will be
* updated by this function.
*
* With this strategy, you must not encrypt more than 2**128
* blocks of data with the same key.
*
* 2. You can encrypt separate messages by dividing the \p
* nonce_counter buffer in two areas: the first one used for a
* per-message nonce, handled by yourself, and the second one
* updated by this function internally.
*
* For example, you might reserve the first 12 bytes for the
* per-message nonce, and the last 4 bytes for internal use. In that
* case, before calling this function on a new message you need to
* set the first 12 bytes of \p nonce_counter to your chosen nonce
* value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
* stream_block to be ignored). That way, you can encrypt at most
* 2**96 messages of up to 2**32 blocks each with the same key.
*
* The per-message nonce (or information sufficient to reconstruct
* it) needs to be communicated with the ciphertext and must be unique.
* The recommended way to ensure uniqueness is to use a message
* counter. An alternative is to generate random nonces, but this
* limits the number of messages that can be securely encrypted:
* for example, with 96-bit random nonces, you should not encrypt
* more than 2**32 messages with the same key.
*
* Note that for both stategies, sizes are measured in blocks and
* that a CAMELLIA block is 16 bytes.
*
* \warning Upon return, \p stream_block contains sensitive data. Its
* content must not be written to insecure storage and should be
* securely discarded as soon as it's no longer needed.
*
* \param ctx CAMELLIA context
* \param length The length of the data
* \param nc_off The offset in the current stream_block (for resuming
......@@ -213,18 +259,6 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
unsigned char *output );
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#ifdef __cplusplus
}
#endif
#else /* MBEDTLS_CAMELLIA_ALT */
#include "camellia_alt.h"
#endif /* MBEDTLS_CAMELLIA_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Checkup routine
*
......
This diff is collapsed.
/**
* \file chacha20.h
*
* \brief This file contains ChaCha20 definitions and functions.
*
* ChaCha20 is a stream cipher that can encrypt and decrypt
* information. ChaCha was created by Daniel Bernstein as a variant of
* its Salsa cipher https://cr.yp.to/chacha/chacha-20080128.pdf
* ChaCha20 is the variant with 20 rounds, that was also standardized
* in RFC 7539.
*
* \author Daniel King <damaki.gh@gmail.com>