diff options
| -rwxr-xr-x | configure.pl | 2 | ||||
| -rw-r--r-- | doc/api.tex | 6 | ||||
| -rw-r--r-- | doc/log.txt | 8 | ||||
| -rwxr-xr-x | doc/scripts/dist.sh | 5 | ||||
| -rw-r--r-- | readme.txt | 2 | ||||
| -rw-r--r-- | src/entropy/unix_procs/es_unix.cpp | 1 | ||||
| -rw-r--r-- | src/pk_pad/eme1/eme1.cpp | 8 | ||||
| -rw-r--r-- | src/pubkey/dl_group/dl_group.h | 2 | ||||
| -rw-r--r-- | src/pubkey/pubkey/pkcs8.cpp | 14 |
9 files changed, 31 insertions, 17 deletions
diff --git a/configure.pl b/configure.pl index 99ec8aa8b..7adf536e5 100755 --- a/configure.pl +++ b/configure.pl @@ -13,7 +13,7 @@ use Sys::Hostname; my $MAJOR_VERSION = 1; my $MINOR_VERSION = 8; -my $PATCH_VERSION = 0; +my $PATCH_VERSION = 1; my $VERSION_STRING = "$MAJOR_VERSION.$MINOR_VERSION.$PATCH_VERSION"; diff --git a/doc/api.tex b/doc/api.tex index fce676c7d..c1469418a 100644 --- a/doc/api.tex +++ b/doc/api.tex @@ -3086,10 +3086,6 @@ Web Site: \url{http://botan.randombit.net} Copyright \copyright 2000-2008, Jack Lloyd -This work is licensed under the Creative Commons -Attribution-ShareAlike 2.5 License. To view a copy of this license, -visit \url{http://creativecommons.org/licenses/by-sa/2.5/} or send a -letter to Creative Commons, 543 Howard Street, 5th Floor, San -Francisco, California, 94105, USA. +Licensed under the same terms as the Botan source \end{document} diff --git a/doc/log.txt b/doc/log.txt index 14aac5a70..d0393d750 100644 --- a/doc/log.txt +++ b/doc/log.txt @@ -1,5 +1,11 @@ -* 1.8.0-pre, 2008-12-?? +* 1.8.1, 2009-01-20 + - Avoid a valgrind warning in es_unix.cpp on 32-bit Linux + - Fix memory leak in PKCS8 load_key and encrypt_key + - Relicense api.tex from CC-By-SA 2.5 to BSD + - Fix botan-config on MacOS X, Solaris + +* 1.8.0, 2008-12-08 - Fix compilation on Solaris with GCC * 1.7.24, 2008-12-01 diff --git a/doc/scripts/dist.sh b/doc/scripts/dist.sh index 5410b43ec..d66066173 100755 --- a/doc/scripts/dist.sh +++ b/doc/scripts/dist.sh @@ -60,6 +60,5 @@ read -a PASSWORD -p "Enter PGP password (or ^C to skip signatures): " echo $PASSWORD | gpg --batch --armor -b --passphrase-fd 0 -u $KEY_ID Botan-$VERSION.tgz echo $PASSWORD | gpg --batch --armor -b --passphrase-fd 0 -u $KEY_ID Botan-$VERSION.tbz -mv Botan-$VERSION.tgz* $WEB_DIR/files/botan/archive/v1.7 -mv Botan-$VERSION.tbz* $WEB_DIR/files/botan/archive/v1.7 -mv -f log.txt $WEB_DIR/botan/log.txt +mv Botan-$VERSION.tgz* $WEB_DIR/files/botan/v1.8 +mv Botan-$VERSION.tbz* $WEB_DIR/files/botan/v1.8 diff --git a/readme.txt b/readme.txt index 7e53f96dd..de14f98fa 100644 --- a/readme.txt +++ b/readme.txt @@ -1,4 +1,4 @@ -Botan 1.8.0-pre 2008-12-?? +Botan 1.8.1 2009-01-20 Botan is a C++ class library for performing a wide variety of cryptographic operations. diff --git a/src/entropy/unix_procs/es_unix.cpp b/src/entropy/unix_procs/es_unix.cpp index cf7e0a8e5..124a08da7 100644 --- a/src/entropy/unix_procs/es_unix.cpp +++ b/src/entropy/unix_procs/es_unix.cpp @@ -68,6 +68,7 @@ u32bit Unix_EntropySource::fast_poll(byte buf[], u32bit length) for(u32bit j = 0; stat_targets[j]; j++) { struct stat statbuf; + clear_mem(&statbuf, 1); ::stat(stat_targets[j], &statbuf); buf_i = xor_into_buf(buf, buf_i, length, statbuf); } diff --git a/src/pk_pad/eme1/eme1.cpp b/src/pk_pad/eme1/eme1.cpp index b5f2af6d3..e5db17df6 100644 --- a/src/pk_pad/eme1/eme1.cpp +++ b/src/pk_pad/eme1/eme1.cpp @@ -42,6 +42,14 @@ SecureVector<byte> EME1::pad(const byte in[], u32bit in_length, SecureVector<byte> EME1::unpad(const byte in[], u32bit in_length, u32bit key_length) const { + /* + Must be careful about error messages here; if an attacker can + distinguish them, it is easy to use the differences as an oracle to + find the secret key, as described in "A Chosen Ciphertext Attack on + RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in + PKCS #1 v2.0", James Manger, Crypto 2001 + */ + key_length /= 8; if(in_length > key_length) throw Decoding_Error("Invalid EME1 encoding"); diff --git a/src/pubkey/dl_group/dl_group.h b/src/pubkey/dl_group/dl_group.h index b999a8c04..2f59f86d9 100644 --- a/src/pubkey/dl_group/dl_group.h +++ b/src/pubkey/dl_group/dl_group.h @@ -145,7 +145,7 @@ class BOTAN_DLL DL_Group * @param q the prime q * @param g the base g */ - DL_Group(const BigInt& p, const BigInt& g, const BigInt& q); + DL_Group(const BigInt& p, const BigInt& q, const BigInt& g); private: static BigInt make_dsa_generator(const BigInt&, const BigInt&); diff --git a/src/pubkey/pubkey/pkcs8.cpp b/src/pubkey/pubkey/pkcs8.cpp index a79a616a2..179be57fe 100644 --- a/src/pubkey/pubkey/pkcs8.cpp +++ b/src/pubkey/pubkey/pkcs8.cpp @@ -87,7 +87,7 @@ SecureVector<byte> PKCS8_decode(DataSource& source, const User_Interface& ui, if(is_encrypted) { DataSource_Memory params(pbe_alg_id.parameters); - PBE* pbe = get_pbe(pbe_alg_id.oid, params); + std::auto_ptr<PBE> pbe(get_pbe(pbe_alg_id.oid, params)); User_Interface::UI_Result result = User_Interface::OK; const std::string passphrase = @@ -97,7 +97,8 @@ SecureVector<byte> PKCS8_decode(DataSource& source, const User_Interface& ui, break; pbe->set_key(passphrase); - Pipe decryptor(pbe); + Pipe decryptor(pbe.release()); + decryptor.process_msg(key_data, key_data.size()); key = decryptor.read_all(); } @@ -172,17 +173,20 @@ void encrypt_key(const Private_Key& key, encode(key, raw_key, RAW_BER); raw_key.end_msg(); - PBE* pbe = get_pbe(((pbe_algo != "") ? pbe_algo : DEFAULT_PBE)); + std::auto_ptr<PBE> pbe(get_pbe(((pbe_algo != "") ? pbe_algo : DEFAULT_PBE))); + pbe->new_params(rng); pbe->set_key(pass); - Pipe key_encrytor(pbe); + AlgorithmIdentifier pbe_algid(pbe->get_oid(), pbe->encode_params()); + + Pipe key_encrytor(pbe.release()); key_encrytor.process_msg(raw_key); SecureVector<byte> enc_key = DER_Encoder() .start_cons(SEQUENCE) - .encode(AlgorithmIdentifier(pbe->get_oid(), pbe->encode_params())) + .encode(pbe_algid) .encode(key_encrytor.read_all(), OCTET_STRING) .end_cons() .get_contents(); |