| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| | |
GH #444
|
| |
| |
| |
| |
| |
| | |
I think we maybe want these to be converting constructors, and adding
explicit here breaks code like ECDSA_PrivateKey(rng, "secp256r1")
which seems like a reasonable thing to support IMO
|
| |
| |
| |
| | |
explicit.
|
|/
|
|
| |
New key is signed with my existing key.
|
|\
| |
| | |
Fix a typo in os_utils that prevents retrieval of the current process id on Windows
|
| |
| |
| |
| | |
windows
|
|/
|
|
|
| |
Feels kind of nasty, but it sucks more to have CI builds break because
of random failures.
|
|\
| |
| | |
Improvements in X.509 cert handling for python bindings. Add Python code coverage report.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Add implementation for ffi botan_x509_cert_get_public_key().
Add subject_dn() function to python x509_cert class.
Have python x509_cert constructor take a buffer alternatively.
Have python x509_cert functions time_starts() and time_expires() return
a python timestamp.
|
| |
| |
| |
| |
| | |
The result of fuzzing with AFL for a while, then running cmin on the
result.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In GCC 4.7 and 4.8, Wshadow also warns if a local variable conflicts
with a member function. This was changed in GCC 4.9 (GCC bugzilla
57709) but causes a lot of warnings on Travis which is on 4.8. Clang's
Wshadow behaves like GCC 4.9
The worst offendor was Exception's constructor argument being named
`what` which conflicts with the member function of the same name,
being in a public header this causes so many warnings the Travis log
files are truncated.
This fixes Exception and a couple of others. Fixing all cases would be
a slog that I'm not up for right at the moment.
|
|
|
|
| |
Also adds a (not const time) implementation of almost Montgomery reduction.
|
| |
|
|
|
|
| |
[ci skip]
|
|\ |
|
| | |
|
|\ \ |
|
| |/ |
|
|\ \ |
|
| |/ |
|
|\ \
| |/
|/| |
|
| | |
|
|/ |
|
|\
| |
| | |
Add VS2015 jobs to Appveyor build
|
| | |
|
|/ |
|
|
|
|
| |
[ci skip]
|
|
|
|
|
|
| |
Removes a fair number of the power mod test cases for size and test time.
Would be better to add a randomized or fuzzer-based test. Otherwise no
change.
|
|
|
|
|
|
|
|
|
| |
Not optimized and relies on asm support for const time word_add/word_sub
instructions.
Fix a bug introduced in 46e9a89 - unpoison needs to call the valgrind
API with the pointer rather than the reference. Caused values not to
be unpoisoned.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Later checks on the record length in CCS and record handling already
rejected a zero length record but when reading an empty record,
readbuf.size() == TLS_HEADER_SIZE and so creating the pointer
byte* record_contents = &readbuf[TLS_HEADER_SIZE];
would trigger when running under (at least) GCC'S iterator debugging,
and likely other iterator checkers also.
Since no completely empty record is defined, reject it immediately at
the record layer.
Found by Juraj Somorovsky
Also correct DTLS record handling for large messages: a zero length or
too-long packet should be dropped rather than an exception being thrown.
|
|
|
|
|
|
|
|
|
|
| |
Previously MCEIES used KEM with a raw SHA-512 hash. When the KDF
oriented KEM interface was added in 72f0f0ad2a it switched to using
KDF1(SHA-512) since for a 64-byte output and no salt, the output
matches the original hash. This avoids breaking the format.
Prevents runtime failures when MCEIES is enabled in the build but KDF1
is not. GH #369
|
|
|
|
|
|
|
|
|
|
| |
If malloc fails, don't save the size that was attempted. Otherwise a
failing malloc followed by a free(nullptr) would zero a block of
memory equal to the failed allocation starting from the null address.
It's not clear if zlib,bzip2,lzma expect the return of the malloc
function to be zero but LZMA at least seems to read from it before
writing. Zero it.
|
| |
|
|
|
|
|
|
|
|
| |
Initialize variables in constructor in gf2m_decomp_rootfind_state
Add asserts on the degree where a positive value was assumed. How
polyn_gf2m handles the degree needs some work but this should do for
now.
|
|
|
|
|
|
| |
It somehow deduces an input that is both > 0 and for which high_bit
never finds a bit set and returns 0. In both cases that would lead to
block being 0 and a negative shift.
|
|
|
|
|
|
| |
Unlikely to fail in this case but anything's possible.
Found by Coverity
|
|
|
|
|
|
|
| |
Would be better to iterate over all of the key types for this type of
coverage.
Avoids Coverity dead code warning on the error-case throw.
|
|
|
|
|
|
|
|
|
|
| |
Some tests only deallocated in the branch where some other test
on the object succeeded.
The ECDH FFI test didn't deallocate any of its objects, which was
missed by valgrind before now because the test was not being run.
Found by Coverity scanner
|
|
|
|
|
|
|
|
| |
It assumes unpoison is expecting a pointer to T and sizeof(T), but the
sizeof is evaluated in unpoison but only in the case of building with
valgrind.
Just call the valgrind API again directly
|
| |
|
| |
|
|\
| |
| | |
PVS-Studio fixes
|
| |
| |
| |
| | |
value. asn1_time.cpp 159
|
|/
|
|
| |
inside the body of a loop. test_compression.cpp 78
|
|\
| |
| | |
Update iOS build instructions
|
|/
|
| |
When building for iOS, you want to build for all three architectures, so you can run your app on an iOS device and on the simulator.
|