aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* In compression wrappers add an overflow check before calling mallocJack Lloyd2016-02-131-3/+21
| | | | | | | | | | If malloc fails, don't save the size that was attempted. Otherwise a failing malloc followed by a free(nullptr) would zero a block of memory equal to the failed allocation starting from the null address. It's not clear if zlib,bzip2,lzma expect the return of the malloc function to be zero but LZMA at least seems to read from it before writing. Zero it.
* Add --with-valgrindJack Lloyd2016-02-132-6/+6
|
* Fix Coverity findings in McEliece codeJack Lloyd2016-02-093-14/+20
| | | | | | | | Initialize variables in constructor in gf2m_decomp_rootfind_state Add asserts on the degree where a positive value was assumed. How polyn_gf2m handles the degree needs some work but this should do for now.
* Add asserts to help out CoverityJack Lloyd2016-02-092-0/+4
| | | | | | It somehow deduces an input that is both > 0 and for which high_bit never finds a bit set and returns 0. In both cases that would lead to block being 0 and a negative shift.
* Check result of dynamic_castJack Lloyd2016-02-091-10/+17
| | | | | | Unlikely to fail in this case but anything's possible. Found by Coverity
* Removes randomization from choice of keys in X509 test.Jack Lloyd2016-02-091-17/+15
| | | | | | | Would be better to iterate over all of the key types for this type of coverage. Avoids Coverity dead code warning on the error-case throw.
* Fix memory leaks in FFI testsJack Lloyd2016-02-091-7/+16
| | | | | | | | | | Some tests only deallocated in the branch where some other test on the object succeeded. The ECDH FFI test didn't deallocate any of its objects, which was missed by valgrind before now because the test was not being run. Found by Coverity scanner
* Avoid Coverity false positiveJack Lloyd2016-02-091-1/+5
| | | | | | | | It assumes unpoison is expecting a pointer to T and sizeof(T), but the sizeof is evaluated in unpoison but only in the case of building with valgrind. Just call the valgrind API again directly
* Don't leave member variables uninitialized. Found by Coverity scanner.Jack Lloyd2016-02-091-1/+1
|
* GlobalMemoryStatusEx is on XP GH #419Jack Lloyd2016-02-091-2/+2
|
* Merge pull request #421 from neusdan/pvs-studio2Jack Lloyd2016-02-098-10/+9
|\ | | | | PVS-Studio fixes
| * V816 It is more efficient to catch exception by reference rather than by ↵Daniel Neus2016-02-087-8/+8
| | | | | | | | value. asn1_time.cpp 159
| * V814 Decreased performance. The 'strlen' function was called multiple times ↵Daniel Neus2016-02-081-2/+1
|/ | | | inside the body of a loop. test_compression.cpp 78
* Merge pull request #418 from cordney/patch-2Jack Lloyd2016-02-071-16/+16
|\ | | | | Update iOS build instructions
| * Update iOS build instructionsRené Korthaus2016-02-071-16/+16
|/ | | When building for iOS, you want to build for all three architectures, so you can run your app on an iOS device and on the simulator.
* Make SRP6 support optional in TLSJack Lloyd2016-02-0710-20/+72
| | | | | | | | Remove SRP_SHA from the default policy, since normal applications do not need it. Removes nullptr initializers of unique_ptrs in the Server_Key_Exchange constructor, that's the default unique_ptr already.
* Utils needs librt dependency due to calling clock_gettimeJack Lloyd2016-02-071-0/+4
| | | | Was previously on hres_timer entropy source
* Add explicit fork check to HMAC_RNGJack Lloyd2016-02-076-85/+118
| | | | | | | | | | | Add OS functions get_process_id, get_processor_timestamp, and get_system_timestamp_ns. HMAC_RNG uses the pid call to detect forks to initiate a reseed. It also adds the output of all three functions (the pid, the CPU cycle counter, and the system timestamp) into the PRF input. Calls the new OS timer functions from hres_timer entropy source. Removes the call to QPC in es_win32 which is mostly redundant with the one in hres_timer.
* Remove support for the TLS min fragment length extension.Jack Lloyd2016-02-0711-147/+18
|
* GH #417 Remove TLS heartbeat supportJack Lloyd2016-02-0716-292/+1
|\
| * Remove TLS heartbeat support.Jack Lloyd2016-02-0716-292/+1
|/ | | | | The signature of the alert callback remains unchanged to avoid breaking applications, though now the buffer parameter is never set.
* Remove dead write. Closes GH #401Jack Lloyd2016-02-071-2/+5
|
* Remove redundant initialization. Closes GH #399Jack Lloyd2016-02-071-1/+0
|
* Revert GH #365 Replace deprecated Win API calls in Win32_EntropySourceJack Lloyd2016-02-061-3/+3
| | | | | | | | | | | | | | | | | | Thinking it over I've realized this was not a good move; XP may be EOLed but is still widely used and even VS 2015 still supports targeting XP. It's not really the same situation as going to extra efforts for supporting SunOS 5.1 or VAX/VMS, instead it actively broke support for something which is still widely deployed. And for those building for XP the options are patch out the call (GH #416) or disable win32_stats altogether in their build. I'd like to prevent downstream distributors from having to patch, because that can get messy. And while the design of CryptGenRandom is not disclosed it apparently has changed over time and at one point (IIRC) used RC4 to generate outputs, so if there is any OS that could use some extra help generating seed material it is XP. There may be future code that really makes use of APIs added after XP - CryptoNG, TPM support, etc and then people targetting XP will have to compile out those modules. But it doesn't make sense to break it here for this small gain.
* Bump version to 1.11.29 preJack Lloyd2016-02-062-1/+6
|
* Update todoJack Lloyd2016-02-061-11/+15
| | | | [ci skip]
* Order the accesses to A[] in the Keccak permutation.Jack Lloyd2016-02-061-17/+17
| | | | | | Consistent speed up of about ~5% on my machine. Also tried moving all the A[] values to local registers, was slower.
* Add info for 1.10.12 releaseJack Lloyd2016-02-032-3/+28
| | | | [ci skip]
* Fix two bugs in 1.11.27 which caused test failures.1.11.28Jack Lloyd2016-02-016-7/+15
| | | | | | | | | | | | | The check on each individual size in curve_mul is too strict since we rely on redc(x*1) during the on the curve computation. Fix an off by one in ressol which caused it to occasionally reject valid values. Updating version 1.11.28 since existing 1.11.27 tag already pushed :( Fix an off-by-one in ressol which would cause it to occasionly give up too early.
* Update news for 1.11.27 release1.11.27Jack Lloyd2016-02-013-10/+24
|
* Fix heap overflow in ECC point multiplicationJack Lloyd2016-02-017-5/+110
| | | | | | | | | | | | | | If affine coordinates larger than the prime modulus were given, a later multiplication could overflow the size of an allocated output buffer, which was sized based on the size of the prime. This will cause an overflow into either the system heap or if the mlock/mmap pool allocator is in use, then into the adjacent key material stored in the pool. Reported by Alex Gaynor who found it with AFL Also fix a one word overwrite in P-521 reduction. Found with AFL
* Fix (nearly) infinite loop in RESSOL (modular square root).Jack Lloyd2016-02-014-8/+56
| | | | | | | It first computed the first i for q**(2**i) == 1, then checked that i was smaller than s. Given a composite modulus (for which the algorithm does not work), the loop might do a very large amount of work before returning the failure.
* Fix indentJack Lloyd2016-01-301-171/+193
|
* Add Blake2b hash function (GH #413 by cynecx)Jack Lloyd2016-01-305-0/+3388
|\
| * Blake2b: use rotate_right instead of a macrocynecx2016-01-271-7/+5
| |
| * Blake2b: Fix for MSVCcynecx2016-01-261-5/+3
| |
| * Blake2b: Add copyright & fix header guardcynecx2016-01-262-3/+17
| |
| * Blake2b: add 'abc' test vectorcynecx2016-01-261-0/+3
| |
| * Add Blake2b hash functioncynecx2016-01-265-0/+3375
| |
* | Guard use of X9.31 RNG in macro checkJack Lloyd2016-01-291-3/+5
| |
* | Avoid -Wmaybe-uninitialized warning under GCC 5.3Jack Lloyd2016-01-291-4/+6
| | | | | | | | | | | | As best I can tell it wasn't actually possible for the value to be used uninitialized, since it was initialized if m_outer_summands > 1 and only used if m_outer_summands was at least 2.
* | Maintainer mode shouldn't always imply ASan since it interferes withJack Lloyd2016-01-291-3/+0
| | | | | | | | valgrind and throws off benchmarks.
* | Fix buffer sizes in speed. Avoid repeated MAC keyingsJack Lloyd2016-01-291-12/+8
| |
* | Add time tests for all RNG typesJack Lloyd2016-01-261-11/+68
|/
* Add speed test for entropy sourcesJack Lloyd2016-01-171-6/+31
|
* Add missing overrides and fix -Wpedantic 'extra ;' warningsJack Lloyd2016-01-177-33/+33
| | | | | | | | | | Remove -Wsuggest-attribute=noreturn from maintainer mode flags as it seems like outside of the assertion failure macro any other suggestion would always be a false positive (an unimplemented function or the like). Or at least, if such a function needing noreturn to assist with static analysis is added in the future it will be obvious, by virtue of the static analyzer warnings which occur due to the missing noreturn preventing the analyzer from understanding code flow.
* Merge GH #410 enable -WpedanticJack Lloyd2016-01-173-3/+3
|\
| * Enable -Wpedantic on gcc and clangRené Korthaus2016-01-133-3/+3
| |
* | Bump version to 1.11.27 preJack Lloyd2016-01-172-1/+16
| |
* | Avoid test failures in KEM when KDF is not found.Jack Lloyd2016-01-172-19/+44
| | | | | | | | GH #369
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-23 20:20:15 +0000