| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
GH #726
[ci skip]
|
|
|
|
| |
[ci skip]
|
|
|
|
|
| |
Also use a const time comparison for the finished message, though
I don't see any real way of exploiting that timing channel.
|
|
|
|
| |
[ci skip]
|
|\ |
|
| | |
|
|\ \ |
|
| |/
| |
| |
| |
| | |
OpenSSL 1.0.2 added support for brainpool curves, so we
can use it provided the version check succeeds.
|
|/
|
|
|
|
|
|
|
| |
Some attempts at reducing overhead in ECC math tests, unclear if
really changed anything for my machine but probably can't hurt.
Fix LLVM build flags
[ci skip]
|
|\
| |
| |
| | |
[ci skip]
|
| |
| |
| |
| | |
- Adapted (ec)dh group sizes
|
| |
| |
| |
| |
| |
| | |
The previous assert had been already put there for the benefit
of clang-analyzer, but in Clang 3.9 it does not help. Instead
test X value directly, which works.
|
| |
| |
| |
| |
| |
| |
| | |
Matches how OpenSSL/BoringSSL fuzzers work which is useful because fuzzer
corpus can be cross-pollinated among implementations.
[ci skip]
|
| |
| |
| |
| | |
[ci skip]
|
| |
| |
| |
| | |
[ci skip]
|
|\ \ |
|
| | | |
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
GH #754 exposed a bug in the non-Montgomery exponentiation case.
It turned out then when the fixed window was picked to any value
> 1, the result would be incorrect due to an off by one. This is
the one line fix in powm_fw.cpp
Also fix a bug in bigint_mul which caused incorrect results,
because the output BigInt was not being zeroed out before use. This
is only exposed in rare cases, found (somewhat indirectly) in
OSS-Fuzz #287.
Add more modular exponentiation tests, which would have caught
these issues earlier.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add explicit length limitations, to prevent the fuzzer from just
giving us increasingly long inputs until timeout occurs due
to non-linear algorithms.
Use LLVM fuzzer interface in all cases, and just have AFL driver
call that API when a define is set to include a main function.
OSS-Fuzz will be using the LLVM API, regardless of the fuzzing engine.
[ci skip]
|
| |
| |
| |
| | |
[ci skip]
|
|\ \
| | |
| | |
| | | |
[ci skip]
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The license text is getting quite long due to including all the contributors,
and literally the *only* thing we require for people to use Botan is to
distribute the license text. So it should be succinct and save paper.
Adds an authors.txt file.
[ci skip]
|
| | | |
|
| | |
| | |
| | |
| | | |
Technically defined, but should never be seen in practical crypto context.
|
| | | |
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes all the Public_Key derived classes ctors to take a
std::vector instead of a secure_vector for the DER encoded
public key bits. There is no point in transporting a public
key in secure storage. (GH #768)
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add a check that the same header is not both public and internal.
[ci skip]
|
|/ / / |
|
|\ \ \
| |/ /
|/| | |
|
| | | |
|
| |/
| |
| |
| |
| |
| | |
The unpad functions return the blocksize as padding position, if the padding is invalid.
.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OSS-Fuzz just gave us a gigantic input and then timed out.
In practice ressol is only called with specific primes of various
common ECC parameter sets, so limit to 768 bits max.
[ci skip]
|
| |
| |
| |
| |
| |
| | |
Chromium oss-fuzz bug 275
[ci skip]
|
| | |
|
| |
| |
| |
| |
| |
| | |
Seemingly /dev/urandom not accessible in ClusterFuzz env
[ci skip]
|
| | |
|
|\ \ |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
Kind of a vestigial thing from an earlier iteration of the module
design, and never useful to specify anymore since taking all the cpp
files is what you want exactly 100% of the time.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Avoid having any files within src/lib (in any subdirs) with
the same name. That seems worth avoiding even just on the basis
of avoiding basic confusion (looked in named.cpp - no the other one...)
and may allow simplifying the build in various ways.
|
| | |
| | |
| | |
| | | |
Some attempt at consistency
|
|\ \ \ |
|
| | | | |
|