aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2009-01-21 00:05:29 +0000
committerlloyd <[email protected]>2009-01-21 00:05:29 +0000
commit4100ef089155e54c3db347dbb939957de90e41ea (patch)
tree28f184d1e73c474839d4974c40e4e6190624c0ae
parent46185bb0a734a29610b469635121f81eb18cf2ab (diff)
parentbc9f1bba06234d7d3c58e6fa5fe53192a805ba02 (diff)
merge of '17ebb8fd6cdfe0a743092b2bf5b039a351cc23be'
and '76da4a953201fc0f0b510ea82d5a3986ec8ab44a'
-rwxr-xr-xconfigure.pl2
-rw-r--r--doc/api.tex6
-rw-r--r--doc/log.txt8
-rwxr-xr-xdoc/scripts/dist.sh5
-rw-r--r--readme.txt2
-rw-r--r--src/entropy/unix_procs/es_unix.cpp1
-rw-r--r--src/pk_pad/eme1/eme1.cpp8
-rw-r--r--src/pubkey/dl_group/dl_group.h2
-rw-r--r--src/pubkey/pubkey/pkcs8.cpp14
9 files changed, 31 insertions, 17 deletions
diff --git a/configure.pl b/configure.pl
index 99ec8aa8b..7adf536e5 100755
--- a/configure.pl
+++ b/configure.pl
@@ -13,7 +13,7 @@ use Sys::Hostname;
my $MAJOR_VERSION = 1;
my $MINOR_VERSION = 8;
-my $PATCH_VERSION = 0;
+my $PATCH_VERSION = 1;
my $VERSION_STRING = "$MAJOR_VERSION.$MINOR_VERSION.$PATCH_VERSION";
diff --git a/doc/api.tex b/doc/api.tex
index fce676c7d..c1469418a 100644
--- a/doc/api.tex
+++ b/doc/api.tex
@@ -3086,10 +3086,6 @@ Web Site: \url{http://botan.randombit.net}
Copyright \copyright 2000-2008, Jack Lloyd
-This work is licensed under the Creative Commons
-Attribution-ShareAlike 2.5 License. To view a copy of this license,
-visit \url{http://creativecommons.org/licenses/by-sa/2.5/} or send a
-letter to Creative Commons, 543 Howard Street, 5th Floor, San
-Francisco, California, 94105, USA.
+Licensed under the same terms as the Botan source
\end{document}
diff --git a/doc/log.txt b/doc/log.txt
index 14aac5a70..d0393d750 100644
--- a/doc/log.txt
+++ b/doc/log.txt
@@ -1,5 +1,11 @@
-* 1.8.0-pre, 2008-12-??
+* 1.8.1, 2009-01-20
+ - Avoid a valgrind warning in es_unix.cpp on 32-bit Linux
+ - Fix memory leak in PKCS8 load_key and encrypt_key
+ - Relicense api.tex from CC-By-SA 2.5 to BSD
+ - Fix botan-config on MacOS X, Solaris
+
+* 1.8.0, 2008-12-08
- Fix compilation on Solaris with GCC
* 1.7.24, 2008-12-01
diff --git a/doc/scripts/dist.sh b/doc/scripts/dist.sh
index 5410b43ec..d66066173 100755
--- a/doc/scripts/dist.sh
+++ b/doc/scripts/dist.sh
@@ -60,6 +60,5 @@ read -a PASSWORD -p "Enter PGP password (or ^C to skip signatures): "
echo $PASSWORD | gpg --batch --armor -b --passphrase-fd 0 -u $KEY_ID Botan-$VERSION.tgz
echo $PASSWORD | gpg --batch --armor -b --passphrase-fd 0 -u $KEY_ID Botan-$VERSION.tbz
-mv Botan-$VERSION.tgz* $WEB_DIR/files/botan/archive/v1.7
-mv Botan-$VERSION.tbz* $WEB_DIR/files/botan/archive/v1.7
-mv -f log.txt $WEB_DIR/botan/log.txt
+mv Botan-$VERSION.tgz* $WEB_DIR/files/botan/v1.8
+mv Botan-$VERSION.tbz* $WEB_DIR/files/botan/v1.8
diff --git a/readme.txt b/readme.txt
index 7e53f96dd..de14f98fa 100644
--- a/readme.txt
+++ b/readme.txt
@@ -1,4 +1,4 @@
-Botan 1.8.0-pre 2008-12-??
+Botan 1.8.1 2009-01-20
Botan is a C++ class library for performing a wide variety of
cryptographic operations.
diff --git a/src/entropy/unix_procs/es_unix.cpp b/src/entropy/unix_procs/es_unix.cpp
index cf7e0a8e5..124a08da7 100644
--- a/src/entropy/unix_procs/es_unix.cpp
+++ b/src/entropy/unix_procs/es_unix.cpp
@@ -68,6 +68,7 @@ u32bit Unix_EntropySource::fast_poll(byte buf[], u32bit length)
for(u32bit j = 0; stat_targets[j]; j++)
{
struct stat statbuf;
+ clear_mem(&statbuf, 1);
::stat(stat_targets[j], &statbuf);
buf_i = xor_into_buf(buf, buf_i, length, statbuf);
}
diff --git a/src/pk_pad/eme1/eme1.cpp b/src/pk_pad/eme1/eme1.cpp
index b5f2af6d3..e5db17df6 100644
--- a/src/pk_pad/eme1/eme1.cpp
+++ b/src/pk_pad/eme1/eme1.cpp
@@ -42,6 +42,14 @@ SecureVector<byte> EME1::pad(const byte in[], u32bit in_length,
SecureVector<byte> EME1::unpad(const byte in[], u32bit in_length,
u32bit key_length) const
{
+ /*
+ Must be careful about error messages here; if an attacker can
+ distinguish them, it is easy to use the differences as an oracle to
+ find the secret key, as described in "A Chosen Ciphertext Attack on
+ RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in
+ PKCS #1 v2.0", James Manger, Crypto 2001
+ */
+
key_length /= 8;
if(in_length > key_length)
throw Decoding_Error("Invalid EME1 encoding");
diff --git a/src/pubkey/dl_group/dl_group.h b/src/pubkey/dl_group/dl_group.h
index b999a8c04..2f59f86d9 100644
--- a/src/pubkey/dl_group/dl_group.h
+++ b/src/pubkey/dl_group/dl_group.h
@@ -145,7 +145,7 @@ class BOTAN_DLL DL_Group
* @param q the prime q
* @param g the base g
*/
- DL_Group(const BigInt& p, const BigInt& g, const BigInt& q);
+ DL_Group(const BigInt& p, const BigInt& q, const BigInt& g);
private:
static BigInt make_dsa_generator(const BigInt&, const BigInt&);
diff --git a/src/pubkey/pubkey/pkcs8.cpp b/src/pubkey/pubkey/pkcs8.cpp
index a79a616a2..179be57fe 100644
--- a/src/pubkey/pubkey/pkcs8.cpp
+++ b/src/pubkey/pubkey/pkcs8.cpp
@@ -87,7 +87,7 @@ SecureVector<byte> PKCS8_decode(DataSource& source, const User_Interface& ui,
if(is_encrypted)
{
DataSource_Memory params(pbe_alg_id.parameters);
- PBE* pbe = get_pbe(pbe_alg_id.oid, params);
+ std::auto_ptr<PBE> pbe(get_pbe(pbe_alg_id.oid, params));
User_Interface::UI_Result result = User_Interface::OK;
const std::string passphrase =
@@ -97,7 +97,8 @@ SecureVector<byte> PKCS8_decode(DataSource& source, const User_Interface& ui,
break;
pbe->set_key(passphrase);
- Pipe decryptor(pbe);
+ Pipe decryptor(pbe.release());
+
decryptor.process_msg(key_data, key_data.size());
key = decryptor.read_all();
}
@@ -172,17 +173,20 @@ void encrypt_key(const Private_Key& key,
encode(key, raw_key, RAW_BER);
raw_key.end_msg();
- PBE* pbe = get_pbe(((pbe_algo != "") ? pbe_algo : DEFAULT_PBE));
+ std::auto_ptr<PBE> pbe(get_pbe(((pbe_algo != "") ? pbe_algo : DEFAULT_PBE)));
+
pbe->new_params(rng);
pbe->set_key(pass);
- Pipe key_encrytor(pbe);
+ AlgorithmIdentifier pbe_algid(pbe->get_oid(), pbe->encode_params());
+
+ Pipe key_encrytor(pbe.release());
key_encrytor.process_msg(raw_key);
SecureVector<byte> enc_key =
DER_Encoder()
.start_cons(SEQUENCE)
- .encode(AlgorithmIdentifier(pbe->get_oid(), pbe->encode_params()))
+ .encode(pbe_algid)
.encode(key_encrytor.read_all(), OCTET_STRING)
.end_cons()
.get_contents();