diff --git a/ChangeLog b/ChangeLog index 0fe3ea709..3b11f4e38 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,7 +7,7 @@ Features * Added support for GeneralizedTime in X509 parsing * Added cert_app program to allow easy reading and printing of X509 certificates from file or SSL - connection. + connection. Changes * Added const correctness for main code base @@ -16,11 +16,13 @@ Changes * Changed symmetric cipher functions to identical interface (returning int result values) * Changed ARC4 to use seperate input/output buffer + * Added reset function for HMAC context as speed-up + for specific use-cases Bug fixes * Fixed bug resulting in failure to send the last certificate in the chain in ssl_write_certificate() and - ssl_write_certificate_request() (found by fatbob) + ssl_write_certificate_request() (found by fatbob) * Added small fixes for compiler warnings on a Mac (found by Frank de Brabander) * Fixed algorithmic bug in mpi_is_prime() (found by diff --git a/include/polarssl/md2.h b/include/polarssl/md2.h index 37eef0a3a..71040eb8d 100644 --- a/include/polarssl/md2.h +++ b/include/polarssl/md2.h @@ -112,6 +112,13 @@ void md2_hmac_update( md2_context *ctx, const unsigned char *input, int ilen ); */ void md2_hmac_finish( md2_context *ctx, unsigned char output[16] ); +/** + * \brief MD2 HMAC context reset + * + * \param ctx HMAC context to be reset + */ +void md2_hmac_reset( md2_context *ctx ); + /** * \brief Output = HMAC-MD2( hmac key, input buffer ) * diff --git a/include/polarssl/md4.h b/include/polarssl/md4.h index c590736bf..24b90ec66 100644 --- a/include/polarssl/md4.h +++ b/include/polarssl/md4.h @@ -111,6 +111,13 @@ void md4_hmac_update( md4_context *ctx, const unsigned char *input, int ilen ); */ void md4_hmac_finish( md4_context *ctx, unsigned char output[16] ); +/** + * \brief MD4 HMAC context reset + * + * \param ctx HMAC context to be reset + */ +void md4_hmac_reset( md4_context *ctx ); + /** * \brief Output = HMAC-MD4( hmac key, input buffer ) * diff --git a/include/polarssl/md5.h b/include/polarssl/md5.h index 2f62ed1d5..ac28a0b41 100644 --- a/include/polarssl/md5.h +++ b/include/polarssl/md5.h @@ -113,6 +113,13 @@ void md5_hmac_update( md5_context *ctx, */ void md5_hmac_finish( md5_context *ctx, unsigned char output[16] ); +/** + * \brief MD5 HMAC context reset + * + * \param ctx HMAC context to be reset + */ +void md5_hmac_reset( md5_context *ctx ); + /** * \brief Output = HMAC-MD5( hmac key, input buffer ) * diff --git a/include/polarssl/sha1.h b/include/polarssl/sha1.h index ec084500a..060f7203c 100644 --- a/include/polarssl/sha1.h +++ b/include/polarssl/sha1.h @@ -111,6 +111,13 @@ void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, int ilen ) */ void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] ); +/** + * \brief SHA-1 HMAC context reset + * + * \param ctx HMAC context to be reset + */ +void sha1_hmac_reset( sha1_context *ctx ); + /** * \brief Output = HMAC-SHA-1( hmac key, input buffer ) * diff --git a/include/polarssl/sha2.h b/include/polarssl/sha2.h index 8b65e9f67..d9f3855ea 100644 --- a/include/polarssl/sha2.h +++ b/include/polarssl/sha2.h @@ -118,6 +118,13 @@ void sha2_hmac_update( sha2_context *ctx, const unsigned char *input, int ilen ) */ void sha2_hmac_finish( sha2_context *ctx, unsigned char output[32] ); +/** + * \brief SHA-256 HMAC context reset + * + * \param ctx HMAC context to be reset + */ +void sha2_hmac_reset( sha2_context *ctx ); + /** * \brief Output = HMAC-SHA-256( hmac key, input buffer ) * diff --git a/include/polarssl/sha4.h b/include/polarssl/sha4.h index 3a14c9164..eb35f04e7 100644 --- a/include/polarssl/sha4.h +++ b/include/polarssl/sha4.h @@ -126,6 +126,13 @@ void sha4_hmac_update( sha4_context *ctx, const unsigned char *input, int ilen ) */ void sha4_hmac_finish( sha4_context *ctx, unsigned char output[64] ); +/** + * \brief SHA-512 HMAC context reset + * + * \param ctx HMAC context to be reset + */ +void sha4_hmac_reset( sha4_context *ctx ); + /** * \brief Output = HMAC-SHA-512( hmac key, input buffer ) * diff --git a/library/md2.c b/library/md2.c index 061ebbe34..3a0d1f5aa 100644 --- a/library/md2.c +++ b/library/md2.c @@ -260,6 +260,15 @@ void md2_hmac_finish( md2_context *ctx, unsigned char output[16] ) memset( tmpbuf, 0, sizeof( tmpbuf ) ); } +/* + * MD2 HMAC context reset + */ +void md2_hmac_reset( md2_context *ctx ) +{ + md2_starts( ctx ); + md2_update( ctx, ctx->ipad, 64 ); +} + /* * output = HMAC-MD2( hmac key, input buffer ) */ diff --git a/library/md4.c b/library/md4.c index 251e63f16..564a7f9ee 100644 --- a/library/md4.c +++ b/library/md4.c @@ -356,6 +356,15 @@ void md4_hmac_finish( md4_context *ctx, unsigned char output[16] ) memset( tmpbuf, 0, sizeof( tmpbuf ) ); } +/* + * MD4 HMAC context reset + */ +void md4_hmac_reset( md4_context *ctx ) +{ + md4_starts( ctx ); + md4_update( ctx, ctx->ipad, 64 ); +} + /* * output = HMAC-MD4( hmac key, input buffer ) */ diff --git a/library/md5.c b/library/md5.c index ca994b9c1..5ab33835b 100644 --- a/library/md5.c +++ b/library/md5.c @@ -375,6 +375,15 @@ void md5_hmac_finish( md5_context *ctx, unsigned char output[16] ) memset( tmpbuf, 0, sizeof( tmpbuf ) ); } +/* + * MD5 HMAC context reset + */ +void md5_hmac_reset( md5_context *ctx ) +{ + md5_starts( ctx ); + md5_update( ctx, ctx->ipad, 64 ); +} + /* * output = HMAC-MD5( hmac key, input buffer ) */ diff --git a/library/sha1.c b/library/sha1.c index f811131fc..7f8ec6342 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -410,6 +410,15 @@ void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] ) memset( tmpbuf, 0, sizeof( tmpbuf ) ); } +/* + * SHA1 HMAC context reset + */ +void sha1_hmac_reset( sha1_context *ctx ) +{ + sha1_starts( ctx ); + sha1_update( ctx, ctx->ipad, 64 ); +} + /* * output = HMAC-SHA-1( hmac key, input buffer ) */ diff --git a/library/sha2.c b/library/sha2.c index 87f02ea58..8f920ce44 100644 --- a/library/sha2.c +++ b/library/sha2.c @@ -417,6 +417,15 @@ void sha2_hmac_finish( sha2_context *ctx, unsigned char output[32] ) memset( tmpbuf, 0, sizeof( tmpbuf ) ); } +/* + * SHA-256 HMAC context reset + */ +void sha2_hmac_reset( sha2_context *ctx ) +{ + sha2_starts( ctx, ctx->is224 ); + sha2_update( ctx, ctx->ipad, 64 ); +} + /* * output = HMAC-SHA-256( hmac key, input buffer ) */ diff --git a/library/sha4.c b/library/sha4.c index c21454398..699cca7ae 100644 --- a/library/sha4.c +++ b/library/sha4.c @@ -416,6 +416,15 @@ void sha4_hmac_finish( sha4_context *ctx, unsigned char output[64] ) memset( tmpbuf, 0, sizeof( tmpbuf ) ); } +/* + * SHA-512 HMAC context reset + */ +void sha4_hmac_reset( sha4_context *ctx ) +{ + sha4_starts( ctx, ctx->is384 ); + sha4_update( ctx, ctx->ipad, 128 ); +} + /* * output = HMAC-SHA-512( hmac key, input buffer ) */