aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Run coverage for python bindingsRené Korthaus2016-02-202-0/+4
|
* Remove tabRené Korthaus2016-02-201-1/+1
|
* Improvements in X.509 cert handling for python bindingsRené Korthaus2016-02-202-17/+89
| | | | | | | | Add implementation for ffi botan_x509_cert_get_public_key(). Add subject_dn() function to python x509_cert class. Have python x509_cert constructor take a buffer alternatively. Have python x509_cert functions time_starts() and time_expires() return a python timestamp.
* For odd moduli use a input-independent modular inverse algorithm.Jack Lloyd2016-02-207-62/+311
| | | | Also adds a (not const time) implementation of almost Montgomery reduction.
* Add tests and timings for inverse_modJack Lloyd2016-02-205-14/+103
|
* Update release notesJack Lloyd2016-02-201-0/+31
| | | | [ci skip]
* Merge GH #427 Fix remaining Wshadow warningsJack Lloyd2016-02-2016-106/+111
|\
| * Fix remaining Wshadow warnings and enable on gcc and clangRené Korthaus2016-02-1816-106/+111
| |
* | Merge GH #428 Add missing include guardsJack Lloyd2016-02-202-0/+10
|\ \
| * | add missing include guardsDaniel Neus2016-02-192-0/+10
| |/
* | Merge GH #429 Enable noexcept in VS 2015Jack Lloyd2016-02-201-1/+1
|\ \
| * | enable noexcept on VS 2015Daniel Neus2016-02-191-1/+1
| |/
* | Merge GH #430 Use symlinks on windows if explicitly requestedJack Lloyd2016-02-201-2/+8
|\ \ | |/ |/|
| * fix commentDaniel Neus2016-02-191-1/+1
| |
| * Use symlinks on windows if explicitly requestedDaniel Neus2016-02-191-2/+8
|/
* Merge pull request #426 from neusdan/appveyor-vs2015Jack Lloyd2016-02-171-4/+15
|\ | | | | Add VS2015 jobs to Appveyor build
| * correct appveyor matrixDaniel Neus2016-02-171-3/+7
| |
| * add VS2015 jobsDaniel Neus2016-02-171-2/+9
|/
* Fix formatting GH #415Jack Lloyd2016-02-172-24/+32
| | | | [ci skip]
* Split up BigInt testsJack Lloyd2016-02-1713-2727/+2408
| | | | | | Removes a fair number of the power mod test cases for size and test time. Would be better to add a randomized or fuzzer-based test. Otherwise no change.
* Add constant time conditional swap, add, sub for bigint wordsJack Lloyd2016-02-175-2/+233
| | | | | | | | | Not optimized and relies on asm support for const time word_add/word_sub instructions. Fix a bug introduced in 46e9a89 - unpoison needs to call the valgrind API with the pointer rather than the reference. Caused values not to be unpoisoned.
* Reject zero length TLS records out of hand.Jack Lloyd2016-02-161-4/+11
| | | | | | | | | | | | | | | | | Later checks on the record length in CCS and record handling already rejected a zero length record but when reading an empty record, readbuf.size() == TLS_HEADER_SIZE and so creating the pointer byte* record_contents = &readbuf[TLS_HEADER_SIZE]; would trigger when running under (at least) GCC'S iterator debugging, and likely other iterator checkers also. Since no completely empty record is defined, reject it immediately at the record layer. Found by Juraj Somorovsky Also correct DTLS record handling for large messages: a zero length or too-long packet should be dropped rather than an exception being thrown.
* Add KDF1 as explicit dependency in MCEIESJack Lloyd2016-02-151-0/+1
| | | | | | | | | | Previously MCEIES used KEM with a raw SHA-512 hash. When the KDF oriented KEM interface was added in 72f0f0ad2a it switched to using KDF1(SHA-512) since for a 64-byte output and no salt, the output matches the original hash. This avoids breaking the format. Prevents runtime failures when MCEIES is enabled in the build but KDF1 is not. GH #369
* In compression wrappers add an overflow check before calling mallocJack Lloyd2016-02-131-3/+21
| | | | | | | | | | If malloc fails, don't save the size that was attempted. Otherwise a failing malloc followed by a free(nullptr) would zero a block of memory equal to the failed allocation starting from the null address. It's not clear if zlib,bzip2,lzma expect the return of the malloc function to be zero but LZMA at least seems to read from it before writing. Zero it.
* Add --with-valgrindJack Lloyd2016-02-132-6/+6
|
* Fix Coverity findings in McEliece codeJack Lloyd2016-02-093-14/+20
| | | | | | | | Initialize variables in constructor in gf2m_decomp_rootfind_state Add asserts on the degree where a positive value was assumed. How polyn_gf2m handles the degree needs some work but this should do for now.
* Add asserts to help out CoverityJack Lloyd2016-02-092-0/+4
| | | | | | It somehow deduces an input that is both > 0 and for which high_bit never finds a bit set and returns 0. In both cases that would lead to block being 0 and a negative shift.
* Check result of dynamic_castJack Lloyd2016-02-091-10/+17
| | | | | | Unlikely to fail in this case but anything's possible. Found by Coverity
* Removes randomization from choice of keys in X509 test.Jack Lloyd2016-02-091-17/+15
| | | | | | | Would be better to iterate over all of the key types for this type of coverage. Avoids Coverity dead code warning on the error-case throw.
* Fix memory leaks in FFI testsJack Lloyd2016-02-091-7/+16
| | | | | | | | | | Some tests only deallocated in the branch where some other test on the object succeeded. The ECDH FFI test didn't deallocate any of its objects, which was missed by valgrind before now because the test was not being run. Found by Coverity scanner
* Avoid Coverity false positiveJack Lloyd2016-02-091-1/+5
| | | | | | | | It assumes unpoison is expecting a pointer to T and sizeof(T), but the sizeof is evaluated in unpoison but only in the case of building with valgrind. Just call the valgrind API again directly
* Don't leave member variables uninitialized. Found by Coverity scanner.Jack Lloyd2016-02-091-1/+1
|
* GlobalMemoryStatusEx is on XP GH #419Jack Lloyd2016-02-091-2/+2
|
* Merge pull request #421 from neusdan/pvs-studio2Jack Lloyd2016-02-098-10/+9
|\ | | | | PVS-Studio fixes
| * V816 It is more efficient to catch exception by reference rather than by ↵Daniel Neus2016-02-087-8/+8
| | | | | | | | value. asn1_time.cpp 159
| * V814 Decreased performance. The 'strlen' function was called multiple times ↵Daniel Neus2016-02-081-2/+1
|/ | | | inside the body of a loop. test_compression.cpp 78
* Merge pull request #418 from cordney/patch-2Jack Lloyd2016-02-071-16/+16
|\ | | | | Update iOS build instructions
| * Update iOS build instructionsRené Korthaus2016-02-071-16/+16
|/ | | When building for iOS, you want to build for all three architectures, so you can run your app on an iOS device and on the simulator.
* Make SRP6 support optional in TLSJack Lloyd2016-02-0710-20/+72
| | | | | | | | Remove SRP_SHA from the default policy, since normal applications do not need it. Removes nullptr initializers of unique_ptrs in the Server_Key_Exchange constructor, that's the default unique_ptr already.
* Utils needs librt dependency due to calling clock_gettimeJack Lloyd2016-02-071-0/+4
| | | | Was previously on hres_timer entropy source
* Add explicit fork check to HMAC_RNGJack Lloyd2016-02-076-85/+118
| | | | | | | | | | | Add OS functions get_process_id, get_processor_timestamp, and get_system_timestamp_ns. HMAC_RNG uses the pid call to detect forks to initiate a reseed. It also adds the output of all three functions (the pid, the CPU cycle counter, and the system timestamp) into the PRF input. Calls the new OS timer functions from hres_timer entropy source. Removes the call to QPC in es_win32 which is mostly redundant with the one in hres_timer.
* Remove support for the TLS min fragment length extension.Jack Lloyd2016-02-0711-147/+18
|
* GH #417 Remove TLS heartbeat supportJack Lloyd2016-02-0716-292/+1
|\
| * Remove TLS heartbeat support.Jack Lloyd2016-02-0716-292/+1
|/ | | | | The signature of the alert callback remains unchanged to avoid breaking applications, though now the buffer parameter is never set.
* Remove dead write. Closes GH #401Jack Lloyd2016-02-071-2/+5
|
* Remove redundant initialization. Closes GH #399Jack Lloyd2016-02-071-1/+0
|
* Revert GH #365 Replace deprecated Win API calls in Win32_EntropySourceJack Lloyd2016-02-061-3/+3
| | | | | | | | | | | | | | | | | | Thinking it over I've realized this was not a good move; XP may be EOLed but is still widely used and even VS 2015 still supports targeting XP. It's not really the same situation as going to extra efforts for supporting SunOS 5.1 or VAX/VMS, instead it actively broke support for something which is still widely deployed. And for those building for XP the options are patch out the call (GH #416) or disable win32_stats altogether in their build. I'd like to prevent downstream distributors from having to patch, because that can get messy. And while the design of CryptGenRandom is not disclosed it apparently has changed over time and at one point (IIRC) used RC4 to generate outputs, so if there is any OS that could use some extra help generating seed material it is XP. There may be future code that really makes use of APIs added after XP - CryptoNG, TPM support, etc and then people targetting XP will have to compile out those modules. But it doesn't make sense to break it here for this small gain.
* Bump version to 1.11.29 preJack Lloyd2016-02-062-1/+6
|
* Update todoJack Lloyd2016-02-061-11/+15
| | | | [ci skip]
* Order the accesses to A[] in the Keccak permutation.Jack Lloyd2016-02-061-17/+17
| | | | | | Consistent speed up of about ~5% on my machine. Also tried moving all the A[] values to local registers, was slower.