diff options
| -rw-r--r-- | src/alloc/locking_allocator/locking_allocator.cpp | 4 | ||||
| -rw-r--r-- | src/block/aes_ni/aes_ni.cpp | 60 | ||||
| -rw-r--r-- | src/build-data/buildh.in | 3 | ||||
| -rw-r--r-- | src/tls/tls_policy.h | 13 |
4 files changed, 48 insertions, 32 deletions
diff --git a/src/alloc/locking_allocator/locking_allocator.cpp b/src/alloc/locking_allocator/locking_allocator.cpp index 5d01eafb1..f00a1585a 100644 --- a/src/alloc/locking_allocator/locking_allocator.cpp +++ b/src/alloc/locking_allocator/locking_allocator.cpp @@ -77,8 +77,8 @@ void* mlock_allocator::allocate(size_t num_elems, size_t elem_size) if(n / elem_size != num_elems) return nullptr; // overflow! - if(n >= m_poolsize) - return nullptr; // bigger than the whole pool! + if(n > m_poolsize || n > BOTAN_MLOCK_ALLOCATOR_MAX_ALLOCATION) + return nullptr; std::lock_guard<std::mutex> lock(m_mutex); diff --git a/src/block/aes_ni/aes_ni.cpp b/src/block/aes_ni/aes_ni.cpp index c6567518e..c752d359c 100644 --- a/src/block/aes_ni/aes_ni.cpp +++ b/src/block/aes_ni/aes_ni.cpp @@ -35,7 +35,7 @@ void aes_192_key_expansion(__m128i* K1, __m128i* K2, __m128i key2_with_rcon, key1 = _mm_xor_si128(key1, key2_with_rcon); *K1 = key1; - _mm_storeu_si128((__m128i*)out, key1); + _mm_storeu_si128(reinterpret_cast<__m128i*>(out), key1); if(last) return; @@ -105,10 +105,10 @@ __m128i aes_256_key_expansion(__m128i key, __m128i key2) */ void AES_128_NI::encrypt_n(const byte in[], byte out[], size_t blocks) const { - const __m128i* in_mm = (const __m128i*)in; - __m128i* out_mm = (__m128i*)out; + const __m128i* in_mm = reinterpret_cast<const __m128i*>(in); + __m128i* out_mm = reinterpret_cast<__m128i*>(out); - const __m128i* key_mm = (const __m128i*)&EK[0]; + const __m128i* key_mm = reinterpret_cast<const __m128i*>(&EK[0]); __m128i K0 = _mm_loadu_si128(key_mm); __m128i K1 = _mm_loadu_si128(key_mm + 1); @@ -181,10 +181,10 @@ void AES_128_NI::encrypt_n(const byte in[], byte out[], size_t blocks) const */ void AES_128_NI::decrypt_n(const byte in[], byte out[], size_t blocks) const { - const __m128i* in_mm = (const __m128i*)in; - __m128i* out_mm = (__m128i*)out; + const __m128i* in_mm = reinterpret_cast<const __m128i*>(in); + __m128i* out_mm = reinterpret_cast<__m128i*>(out); - const __m128i* key_mm = (const __m128i*)&DK[0]; + const __m128i* key_mm = reinterpret_cast<const __m128i*>(&DK[0]); __m128i K0 = _mm_loadu_si128(key_mm); __m128i K1 = _mm_loadu_si128(key_mm + 1); @@ -263,7 +263,7 @@ void AES_128_NI::key_schedule(const byte key[], size_t) #define AES_128_key_exp(K, RCON) \ aes_128_key_expansion(K, _mm_aeskeygenassist_si128(K, RCON)) - __m128i K0 = _mm_loadu_si128((const __m128i*)(key)); + __m128i K0 = _mm_loadu_si128(reinterpret_cast<const __m128i*>(key)); __m128i K1 = AES_128_key_exp(K0, 0x01); __m128i K2 = AES_128_key_exp(K1, 0x02); __m128i K3 = AES_128_key_exp(K2, 0x04); @@ -275,7 +275,7 @@ void AES_128_NI::key_schedule(const byte key[], size_t) __m128i K9 = AES_128_key_exp(K8, 0x1B); __m128i K10 = AES_128_key_exp(K9, 0x36); - __m128i* EK_mm = (__m128i*)&EK[0]; + __m128i* EK_mm = reinterpret_cast<__m128i*>(&EK[0]); _mm_storeu_si128(EK_mm , K0); _mm_storeu_si128(EK_mm + 1, K1); _mm_storeu_si128(EK_mm + 2, K2); @@ -290,7 +290,7 @@ void AES_128_NI::key_schedule(const byte key[], size_t) // Now generate decryption keys - __m128i* DK_mm = (__m128i*)&DK[0]; + __m128i* DK_mm = reinterpret_cast<__m128i*>(&DK[0]); _mm_storeu_si128(DK_mm , K10); _mm_storeu_si128(DK_mm + 1, _mm_aesimc_si128(K9)); _mm_storeu_si128(DK_mm + 2, _mm_aesimc_si128(K8)); @@ -318,10 +318,10 @@ void AES_128_NI::clear() */ void AES_192_NI::encrypt_n(const byte in[], byte out[], size_t blocks) const { - const __m128i* in_mm = (const __m128i*)in; - __m128i* out_mm = (__m128i*)out; + const __m128i* in_mm = reinterpret_cast<const __m128i*>(in); + __m128i* out_mm = reinterpret_cast<__m128i*>(out); - const __m128i* key_mm = (const __m128i*)&EK[0]; + const __m128i* key_mm = reinterpret_cast<const __m128i*>(&EK[0]); __m128i K0 = _mm_loadu_si128(key_mm); __m128i K1 = _mm_loadu_si128(key_mm + 1); @@ -400,10 +400,10 @@ void AES_192_NI::encrypt_n(const byte in[], byte out[], size_t blocks) const */ void AES_192_NI::decrypt_n(const byte in[], byte out[], size_t blocks) const { - const __m128i* in_mm = (const __m128i*)in; - __m128i* out_mm = (__m128i*)out; + const __m128i* in_mm = reinterpret_cast<const __m128i*>(in); + __m128i* out_mm = reinterpret_cast<__m128i*>(out); - const __m128i* key_mm = (const __m128i*)&DK[0]; + const __m128i* key_mm = reinterpret_cast<const __m128i*>(&DK[0]); __m128i K0 = _mm_loadu_si128(key_mm); __m128i K1 = _mm_loadu_si128(key_mm + 1); @@ -485,8 +485,8 @@ void AES_192_NI::key_schedule(const byte key[], size_t) EK.resize(52); DK.resize(52); - __m128i K0 = _mm_loadu_si128((const __m128i*)(key)); - __m128i K1 = _mm_loadu_si128((const __m128i*)(key + 8)); + __m128i K0 = _mm_loadu_si128(reinterpret_cast<const __m128i*>(key)); + __m128i K1 = _mm_loadu_si128(reinterpret_cast<const __m128i*>(key + 8)); K1 = _mm_srli_si128(K1, 8); load_le(&EK[0], key, 6); @@ -508,9 +508,9 @@ void AES_192_NI::key_schedule(const byte key[], size_t) #undef AES_192_key_exp // Now generate decryption keys - const __m128i* EK_mm = (const __m128i*)&EK[0]; + const __m128i* EK_mm = reinterpret_cast<const __m128i*>(&EK[0]); - __m128i* DK_mm = (__m128i*)&DK[0]; + __m128i* DK_mm = reinterpret_cast<__m128i*>(&DK[0]); _mm_storeu_si128(DK_mm , _mm_loadu_si128(EK_mm + 12)); _mm_storeu_si128(DK_mm + 1, _mm_aesimc_si128(_mm_loadu_si128(EK_mm + 11))); _mm_storeu_si128(DK_mm + 2, _mm_aesimc_si128(_mm_loadu_si128(EK_mm + 10))); @@ -540,10 +540,10 @@ void AES_192_NI::clear() */ void AES_256_NI::encrypt_n(const byte in[], byte out[], size_t blocks) const { - const __m128i* in_mm = (const __m128i*)in; - __m128i* out_mm = (__m128i*)out; + const __m128i* in_mm = reinterpret_cast<const __m128i*>(in); + __m128i* out_mm = reinterpret_cast<__m128i*>(out); - const __m128i* key_mm = (const __m128i*)&EK[0]; + const __m128i* key_mm = reinterpret_cast<const __m128i*>(&EK[0]); __m128i K0 = _mm_loadu_si128(key_mm); __m128i K1 = _mm_loadu_si128(key_mm + 1); @@ -628,10 +628,10 @@ void AES_256_NI::encrypt_n(const byte in[], byte out[], size_t blocks) const */ void AES_256_NI::decrypt_n(const byte in[], byte out[], size_t blocks) const { - const __m128i* in_mm = (const __m128i*)in; - __m128i* out_mm = (__m128i*)out; + const __m128i* in_mm = reinterpret_cast<const __m128i*>(in); + __m128i* out_mm = reinterpret_cast<__m128i*>(out); - const __m128i* key_mm = (const __m128i*)&DK[0]; + const __m128i* key_mm = reinterpret_cast<const __m128i*>(&DK[0]); __m128i K0 = _mm_loadu_si128(key_mm); __m128i K1 = _mm_loadu_si128(key_mm + 1); @@ -719,8 +719,8 @@ void AES_256_NI::key_schedule(const byte key[], size_t) EK.resize(60); DK.resize(60); - __m128i K0 = _mm_loadu_si128((const __m128i*)(key)); - __m128i K1 = _mm_loadu_si128((const __m128i*)(key + 16)); + __m128i K0 = _mm_loadu_si128(reinterpret_cast<const __m128i*>(key)); + __m128i K1 = _mm_loadu_si128(reinterpret_cast<const __m128i*>(key + 16)); __m128i K2 = aes_128_key_expansion(K0, _mm_aeskeygenassist_si128(K1, 0x01)); __m128i K3 = aes_256_key_expansion(K1, K2); @@ -742,7 +742,7 @@ void AES_256_NI::key_schedule(const byte key[], size_t) __m128i K14 = aes_128_key_expansion(K12, _mm_aeskeygenassist_si128(K13, 0x40)); - __m128i* EK_mm = (__m128i*)&EK[0]; + __m128i* EK_mm = reinterpret_cast<__m128i*>(&EK[0]); _mm_storeu_si128(EK_mm , K0); _mm_storeu_si128(EK_mm + 1, K1); _mm_storeu_si128(EK_mm + 2, K2); @@ -760,7 +760,7 @@ void AES_256_NI::key_schedule(const byte key[], size_t) _mm_storeu_si128(EK_mm + 14, K14); // Now generate decryption keys - __m128i* DK_mm = (__m128i*)&DK[0]; + __m128i* DK_mm = reinterpret_cast<__m128i*>(&DK[0]); _mm_storeu_si128(DK_mm , K14); _mm_storeu_si128(DK_mm + 1, _mm_aesimc_si128(K13)); _mm_storeu_si128(DK_mm + 2, _mm_aesimc_si128(K12)); diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index faafb1ecd..81df9a32e 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -30,6 +30,9 @@ /* How much to allocate for a buffer of no particular size */ #define BOTAN_DEFAULT_BUFFER_SIZE 1024 +/* Maximum size to allocate out of the mlock pool */ +#define BOTAN_MLOCK_ALLOCATOR_MAX_ALLOCATION 4096 + /* Multiplier on a block cipher's native parallelism */ #define BOTAN_BLOCK_CIPHER_PAR_MULT 4 diff --git a/src/tls/tls_policy.h b/src/tls/tls_policy.h index 0b7a10ca5..6a51f2bbf 100644 --- a/src/tls/tls_policy.h +++ b/src/tls/tls_policy.h @@ -171,6 +171,19 @@ class BOTAN_DLL NSA_Suite_B_128 : public Policy { return version == Protocol_Version::TLS_V12; } }; +/** +* Policy for DTLS. We require DTLS v1.2 and an AEAD mode +*/ +class BOTAN_DLL Datagram_Policy : public Policy + { + public: + std::vector<std::string> allowed_macs() const override + { return std::vector<std::string>({"AEAD"}); } + + bool acceptable_protocol_version(Protocol_Version version) const override + { return version == Protocol_Version::DTLS_V12; } + }; + } } |