diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/asn1/ber_dec.h | 2 | ||||
| -rw-r--r-- | src/lib/block/threefish_512/threefish_512_avx2/threefish_512_avx2.cpp | 12 | ||||
| -rw-r--r-- | src/lib/block/xtea/xtea.cpp | 4 | ||||
| -rw-r--r-- | src/lib/pk_pad/emsa.cpp | 4 | ||||
| -rw-r--r-- | src/lib/pubkey/ecies/ecies.cpp | 6 | ||||
| -rw-r--r-- | src/lib/rng/hmac_drbg/hmac_drbg.h | 42 | ||||
| -rw-r--r-- | src/lib/tls/tls_cbc/tls_cbc.cpp | 30 | ||||
| -rw-r--r-- | src/lib/tls/tls_policy.cpp | 4 | ||||
| -rw-r--r-- | src/lib/utils/os_utils.cpp | 2 | ||||
| -rw-r--r-- | src/lib/x509/ocsp.cpp | 2 | ||||
| -rw-r--r-- | src/lib/x509/x509path.cpp | 2 | ||||
| -rw-r--r-- | src/lib/x509/x509path.h | 2 |
12 files changed, 55 insertions, 57 deletions
diff --git a/src/lib/asn1/ber_dec.h b/src/lib/asn1/ber_dec.h index 0f2fb4607..b2fd61ffd 100644 --- a/src/lib/asn1/ber_dec.h +++ b/src/lib/asn1/ber_dec.h @@ -125,7 +125,7 @@ class BOTAN_PUBLIC_API(2,0) BER_Decoder final * @param out POD type reference where to copy object value * @param type_tag ASN1_Tag enum to assert type on object read * @param class_tag ASN1_Tag enum to assert class on object read (default: CONTEXT_SPECIFIC) - * @return this reference + * @return this reference */ template <typename T> BER_Decoder& get_next_value(T &out, diff --git a/src/lib/block/threefish_512/threefish_512_avx2/threefish_512_avx2.cpp b/src/lib/block/threefish_512/threefish_512_avx2/threefish_512_avx2.cpp index cbdd09c20..0ceea2d7f 100644 --- a/src/lib/block/threefish_512/threefish_512_avx2/threefish_512_avx2.cpp +++ b/src/lib/block/threefish_512/threefish_512_avx2/threefish_512_avx2.cpp @@ -60,13 +60,13 @@ inline void rotate_keys(__m256i& R0, __m256i& R1, __m256i R2) X0 is X2 from the last round X1 becomes (X0[4],X1[1:3]) X2 becomes (X1[4],X2[1:3]) - - Uses 3 permutes and 2 blends, is there a faster way? + + Uses 3 permutes and 2 blends, is there a faster way? */ __m256i T0 = _mm256_permute4x64_epi64(R0, _MM_SHUFFLE(0,0,0,0)); __m256i T1 = _mm256_permute4x64_epi64(R1, _MM_SHUFFLE(0,3,2,1)); __m256i T2 = _mm256_permute4x64_epi64(R2, _MM_SHUFFLE(0,3,2,1)); - + R0 = _mm256_blend_epi32(T1, T0, 0xC0); R1 = _mm256_blend_epi32(T2, T1, 0xC0); } @@ -180,7 +180,7 @@ void Threefish_512::avx2_encrypt_n(const uint8_t in[], uint8_t out[], size_t blo const __m256i* in_mm = reinterpret_cast<const __m256i*>(in); __m256i* out_mm = reinterpret_cast<__m256i*>(out); - + while(blocks >= 2) { __m256i X0 = _mm256_loadu_si256(in_mm++); @@ -215,7 +215,7 @@ void Threefish_512::avx2_encrypt_n(const uint8_t in[], uint8_t out[], size_t blo blocks -= 2; } - + for(size_t i = 0; i != blocks; ++i) { __m256i X0 = _mm256_loadu_si256(in_mm++); @@ -403,7 +403,7 @@ void Threefish_512::avx2_decrypt_n(const uint8_t in[], uint8_t out[], size_t blo blocks -= 2; } - + for(size_t i = 0; i != blocks; ++i) { __m256i X0 = _mm256_loadu_si256(in_mm++); diff --git a/src/lib/block/xtea/xtea.cpp b/src/lib/block/xtea/xtea.cpp index 679ad4cfb..7d815529f 100644 --- a/src/lib/block/xtea/xtea.cpp +++ b/src/lib/block/xtea/xtea.cpp @@ -42,7 +42,7 @@ void XTEA::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const store_be(out + 4*BLOCK_SIZE*i, L0, R0, L1, R1, L2, R2, L3, R3); } - + BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks_left; ++i) { uint32_t L, R; @@ -90,7 +90,7 @@ void XTEA::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const store_be(out + 4*BLOCK_SIZE*i, L0, R0, L1, R1, L2, R2, L3, R3); } - + BOTAN_PARALLEL_FOR(size_t i = 0; i < blocks_left; ++i) { uint32_t L, R; diff --git a/src/lib/pk_pad/emsa.cpp b/src/lib/pk_pad/emsa.cpp index eaae898f3..4b02776c2 100644 --- a/src/lib/pk_pad/emsa.cpp +++ b/src/lib/pk_pad/emsa.cpp @@ -100,7 +100,7 @@ EMSA* get_emsa(const std::string& algo_spec) } } } - + if(req.algo_name() == "PSS" || req.algo_name() == "PSSR" || req.algo_name() == "EMSA-PSS" || @@ -200,5 +200,3 @@ std::string hash_for_emsa(const std::string& algo_spec) } } - - diff --git a/src/lib/pubkey/ecies/ecies.cpp b/src/lib/pubkey/ecies/ecies.cpp index 864e0b72a..54055de7a 100644 --- a/src/lib/pubkey/ecies/ecies.cpp +++ b/src/lib/pubkey/ecies/ecies.cpp @@ -240,7 +240,7 @@ ECIES_Encryptor::ECIES_Encryptor(const PK_Key_Agreement_Key& private_key, { if(ecies_params.compression_type() != PointGFp::UNCOMPRESSED) { - // ISO 18033: step d + // ISO 18033: step d // convert only if necessary; m_eph_public_key_bin has been initialized with the uncompressed format m_eph_public_key_bin = m_params.domain().OS2ECP(m_eph_public_key_bin).encode(ecies_params.compression_type()); } @@ -372,7 +372,7 @@ secure_vector<uint8_t> ECIES_Decryptor::do_decrypt(uint8_t& valid_mask, const ui throw Decoding_Error("ECIES decryption: received public key is not on the curve"); } - // ISO 18033: step e (and step f because get_affine_x (called by ECDH_KA_Operation::raw_agree) + // ISO 18033: step e (and step f because get_affine_x (called by ECDH_KA_Operation::raw_agree) // throws Illegal_Transformation if the point is zero) const SymmetricKey secret_key = m_ka.derive_secret(other_public_key_bin, other_public_key); @@ -395,7 +395,7 @@ secure_vector<uint8_t> ECIES_Decryptor::do_decrypt(uint8_t& valid_mask, const ui { m_cipher->start(m_iv.bits_of()); } - + try { // the decryption can fail: diff --git a/src/lib/rng/hmac_drbg/hmac_drbg.h b/src/lib/rng/hmac_drbg/hmac_drbg.h index edf38b684..6ead498fc 100644 --- a/src/lib/rng/hmac_drbg/hmac_drbg.h +++ b/src/lib/rng/hmac_drbg/hmac_drbg.h @@ -44,16 +44,16 @@ class BOTAN_PUBLIC_API(2,0) HMAC_DRBG final : public Stateful_RNG * to perform the periodic reseeding * @param reseed_interval specifies a limit of how many times * the RNG will be called before automatic reseeding is performed - * @param max_number_of_bytes_per_request requests that are in size higher - * than max_number_of_bytes_per_request are treated as if multiple single + * @param max_number_of_bytes_per_request requests that are in size higher + * than max_number_of_bytes_per_request are treated as if multiple single * requests of max_number_of_bytes_per_request size had been made. * In theory SP 800-90A requires that we reject any request for a DRBG * output longer than max_number_of_bytes_per_request. To avoid inconveniencing - * the caller who wants an output larger than max_number_of_bytes_per_request, - * instead treat these requests as if multiple requests of - * max_number_of_bytes_per_request size had been made. NIST requires for - * HMAC_DRBG that every implementation set a value no more than 2**19 bits - * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for + * the caller who wants an output larger than max_number_of_bytes_per_request, + * instead treat these requests as if multiple requests of + * max_number_of_bytes_per_request size had been made. NIST requires for + * HMAC_DRBG that every implementation set a value no more than 2**19 bits + * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for * example every 512 bit automatic reseeding occurs. */ HMAC_DRBG(std::unique_ptr<MessageAuthenticationCode> prf, @@ -71,16 +71,16 @@ class BOTAN_PUBLIC_API(2,0) HMAC_DRBG final : public Stateful_RNG * @param entropy_sources will be polled to perform reseeding periodically * @param reseed_interval specifies a limit of how many times * the RNG will be called before automatic reseeding is performed. - * @param max_number_of_bytes_per_request requests that are in size higher - * than max_number_of_bytes_per_request are treated as if multiple single + * @param max_number_of_bytes_per_request requests that are in size higher + * than max_number_of_bytes_per_request are treated as if multiple single * requests of max_number_of_bytes_per_request size had been made. * In theory SP 800-90A requires that we reject any request for a DRBG * output longer than max_number_of_bytes_per_request. To avoid inconveniencing - * the caller who wants an output larger than max_number_of_bytes_per_request, - * instead treat these requests as if multiple requests of - * max_number_of_bytes_per_request size had been made. NIST requires for - * HMAC_DRBG that every implementation set a value no more than 2**19 bits - * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for + * the caller who wants an output larger than max_number_of_bytes_per_request, + * instead treat these requests as if multiple requests of + * max_number_of_bytes_per_request size had been made. NIST requires for + * HMAC_DRBG that every implementation set a value no more than 2**19 bits + * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for * example every 512 bit automatic reseeding occurs. */ HMAC_DRBG(std::unique_ptr<MessageAuthenticationCode> prf, @@ -101,16 +101,16 @@ class BOTAN_PUBLIC_API(2,0) HMAC_DRBG final : public Stateful_RNG * @param entropy_sources will be polled to perform reseeding periodically * @param reseed_interval specifies a limit of how many times * the RNG will be called before automatic reseeding is performed. - * @param max_number_of_bytes_per_request requests that are in size higher - * than max_number_of_bytes_per_request are treated as if multiple single + * @param max_number_of_bytes_per_request requests that are in size higher + * than max_number_of_bytes_per_request are treated as if multiple single * requests of max_number_of_bytes_per_request size had been made. * In theory SP 800-90A requires that we reject any request for a DRBG * output longer than max_number_of_bytes_per_request. To avoid inconveniencing - * the caller who wants an output larger than max_number_of_bytes_per_request, - * instead treat these requests as if multiple requests of - * max_number_of_bytes_per_request size had been made. NIST requires for - * HMAC_DRBG that every implementation set a value no more than 2**19 bits - * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for + * the caller who wants an output larger than max_number_of_bytes_per_request, + * instead treat these requests as if multiple requests of + * max_number_of_bytes_per_request size had been made. NIST requires for + * HMAC_DRBG that every implementation set a value no more than 2**19 bits + * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for * example every 512 bit automatic reseeding occurs. */ HMAC_DRBG(std::unique_ptr<MessageAuthenticationCode> prf, diff --git a/src/lib/tls/tls_cbc/tls_cbc.cpp b/src/lib/tls/tls_cbc/tls_cbc.cpp index d63729611..aa54194a3 100644 --- a/src/lib/tls/tls_cbc/tls_cbc.cpp +++ b/src/lib/tls/tls_cbc/tls_cbc.cpp @@ -269,46 +269,46 @@ size_t TLS_CBC_HMAC_AEAD_Decryption::output_length(size_t) const } /* -* This function performs additional compression calls in order -* to protect from the Lucky 13 attack. It adds new compression +* This function performs additional compression calls in order +* to protect from the Lucky 13 attack. It adds new compression * function calls over dummy data, by computing additional HMAC updates. * * The countermeasure was described (in a similar way) in the Lucky 13 paper. -* +* * Background: * - One SHA-1/SHA-256 compression is performed with 64 bytes of data. * - HMAC adds 8 byte length field and padding (at least 1 byte) so that we have: * - 0 - 55 bytes: 1 compression * - 56 - 55+64 bytes: 2 compressions * - 56+64 - 55+2*64 bytes: 3 compressions ... -* - For SHA-384, this works similarly, but we have 128 byte blocks and 16 byte +* - For SHA-384, this works similarly, but we have 128 byte blocks and 16 byte * long length field. This results in: * - 0 - 111 bytes: 1 compression * - 112 - 111+128 bytes: 2 compressions ... -* +* * The implemented countermeasure works as follows: * 1) It computes max_compressions: number of maximum compressions performed on * the decrypted data -* 2) It computes current_compressions: number of compressions performed on the +* 2) It computes current_compressions: number of compressions performed on the * decrypted data, after padding has been removed -* 3) If current_compressions != max_compressions: It invokes an HMAC update -* over dummy data so that (max_compressions - current_compressions) +* 3) If current_compressions != max_compressions: It invokes an HMAC update +* over dummy data so that (max_compressions - current_compressions) * compressions are performed. Otherwise, it invokes an HMAC update so that * no compressions are performed. -* +* * Note that the padding validation in Botan is always performed over * min(plen,256) bytes, see the function check_tls_cbc_padding. This differs * from the countermeasure described in the paper. -* +* * Note that the padding length padlen does also count the last byte * of the decrypted plaintext. This is different from the Lucky 13 paper. -* -* This countermeasure leaves a difference of about 100 clock cycles (in +* +* This countermeasure leaves a difference of about 100 clock cycles (in * comparison to >1000 clock cycles observed without it). -* +* * plen represents the length of the decrypted plaintext message P * padlen represents the padding length -* +* */ void TLS_CBC_HMAC_AEAD_Decryption::perform_additional_compressions(size_t plen, size_t padlen) { @@ -327,7 +327,7 @@ void TLS_CBC_HMAC_AEAD_Decryption::perform_additional_compressions(size_t plen, // number of maximum MACed bytes const uint16_t L1 = static_cast<uint16_t>(13 + plen - tag_size()); // number of current MACed bytes (L1 - padlen) - // Here the Lucky 13 paper is different because the padlen length in the paper + // Here the Lucky 13 paper is different because the padlen length in the paper // does not count the last message byte. const uint16_t L2 = static_cast<uint16_t>(13 + plen - padlen - tag_size()); // From the paper, for SHA-256/SHA-1 compute: ceil((L1-55)/64) and ceil((L2-55)/64) diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 4c6c32d5d..4caaf623a 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -257,7 +257,7 @@ void Policy::check_peer_key_acceptable(const Public_Key& public_key) const if(keylength < expected_keylength) throw TLS_Exception(Alert::INSUFFICIENT_SECURITY, - "Peer sent " + + "Peer sent " + std::to_string(keylength) + " bit " + algo_name + " key" ", policy requires at least " + std::to_string(expected_keylength)); @@ -276,7 +276,7 @@ bool Policy::send_fallback_scsv(Protocol_Version version) const bool Policy::acceptable_protocol_version(Protocol_Version version) const { // Uses boolean optimization: - // First check the current version (left part), then if it is allowed + // First check the current version (left part), then if it is allowed // (right part) // checks are ordered according to their probability return ( diff --git a/src/lib/utils/os_utils.cpp b/src/lib/utils/os_utils.cpp index f373ece99..f64b85c18 100644 --- a/src/lib/utils/os_utils.cpp +++ b/src/lib/utils/os_utils.cpp @@ -303,7 +303,7 @@ size_t OS::get_memory_locking_limit() // According to Microsoft MSDN: // The maximum number of pages that a process can lock is equal to the number of pages in its minimum working set minus a small overhead - // In the book "Windows Internals Part 2": the maximum lockable pages are minimum working set size - 8 pages + // In the book "Windows Internals Part 2": the maximum lockable pages are minimum working set size - 8 pages // But the information in the book seems to be inaccurate/outdated // I've tested this on Windows 8.1 x64, Windows 10 x64 and Windows 7 x86 // On all three OS the value is 11 instead of 8 diff --git a/src/lib/x509/ocsp.cpp b/src/lib/x509/ocsp.cpp index 62d814702..de229d412 100644 --- a/src/lib/x509/ocsp.cpp +++ b/src/lib/x509/ocsp.cpp @@ -158,7 +158,7 @@ Certificate_Status_Code Response::verify_signature(const X509_Certificate& issue { if (m_responses.empty()) return m_dummy_response_status; - + try { std::unique_ptr<Public_Key> pub_key(issuer.subject_public_key()); diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index 9fed87f60..9d886ca7a 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -1029,7 +1029,7 @@ bool Path_Validation_Result::successful_validation() const bool Path_Validation_Result::no_warnings() const { - for(auto status_set_i : m_warnings) + for(auto status_set_i : m_warnings) if(!status_set_i.empty()) return false; return true; diff --git a/src/lib/x509/x509path.h b/src/lib/x509/x509path.h index 79ae02a10..841f1a8ef 100644 --- a/src/lib/x509/x509path.h +++ b/src/lib/x509/x509path.h @@ -205,7 +205,7 @@ class BOTAN_PUBLIC_API(2,0) Path_Validation_Result final * @param ocsp_resp additional OCSP responses to consider (eg from peer) * @return result of the path validation * note: when enabled, OCSP check is softfail by default: if the OCSP server is not -* reachable, Path_Validation_Result::successful_validation() will return true. +* reachable, Path_Validation_Result::successful_validation() will return true. * Hardfail OCSP check can be achieve by also calling Path_Validation_Result::no_warnings(). */ Path_Validation_Result BOTAN_PUBLIC_API(2,0) x509_path_validate( |