| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provides an easier way for an application to configure a list of
entropy sources they'd like to use, or add a custom entropy source to
their seeding.
Exposes some toggles for the global/default entropy sources to build.h
Adds basic entropy tests which runs the polls and does sanity checking
on the results, including compression tests if available. These are
less useful for the CSPRNG outputs but a good check for the ones
producing plain ASCII like the /proc reader.
|
|
|
|
| |
[ci skip]
|
|
|
|
| |
[ci skip]
|
|\
| |
| | |
Add myself (tiwoc) to credits.rst and license.txt
|
| | |
|
|/
|
|
| |
[ci skip]
|
|
|
|
|
|
| |
Re-encoding the server key exchange meant that any leading zeros
in the values for DHE (or SRP) would be stripped out. This would
cause the signature check to fail.
|
|
|
|
| |
DB::spin now returns the number of rows affected
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a bug which rejected any short server key exchanges. These can
occur with a plain PSK with short or empty identity hints.
Disable SHA-224 by default.
Remove some vestigal RC4 cruft.
Push more on the TLS corruption tests.
|
|
|
|
|
|
|
|
|
|
|
| |
The tests previously had used 4 to 6 different schemes internally (the vec file
reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests
which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a
design that works everywhere, and update all the things.
Fix also a few bugs found by the test changes: SHA-512-256 name incorrect,
OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy
was wrong.
|
| |
|
|
|
|
| |
[ci skip]
|
| |
|
| |
|
|
|
|
| |
[ci skip]
|
|
|
|
| |
[ci skip]
|
|
|
|
| |
[ci skip]
|
| |
|
|\
| |
| | |
TLS improvements
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use constant time operations when checking CBC padding in TLS decryption
Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes
from working: on decode the session id and hello cookie would be
swapped, causing confusion between client and server.
Various changes in the service of finding the above DTLS bug that
should have been done before now anyway - better control of handshake
timeouts (via TLS::Policy), better reporting of handshake state in the
case of an error, and finally expose the facility for per-message
application callbacks.
|
|\ \
| |/
|/| |
Update docs to avoid Shpinx errors and warnings
|
| |
| |
| |
| | |
[ci skip]
|
| |
| |
| |
| | |
[ci skip]
|
| |
| |
| |
| |
| |
| | |
Confirm http://sphinx-doc.org/domains.html#directive-cpp:enum-struct
[ci skip]
|
| |
| |
| |
| | |
[ci skip]
|
| |
| |
| |
| | |
[ci skip]
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was already close, but the carry loop would break early and
selecting which value to copy out was indexed on the borrow bit. Have
the carry loop run through, and add a const-time conditional copy
operation and use that to copy the output.
Convert ct_utils to CT namespace. Templatize the utils, which I was
hesitant to do initially but is pretty useful when dealing with
arbitrary word sizes.
Remove the poison macros, replace with inline funcs which reads
cleaner at the call site.
|
|
|
|
|
|
|
|
| |
via timing channels.
Add annotations for checking constant-time code using ctgrind to
PKCS #1 and OAEP, as well as IDEA and Curve25519 which were already
written as constant time code.
|
|
|
|
| |
Based on GH #272
|
|
|
|
|
|
| |
Some cleanups in random_prime. Increase probability in prime tests from
1/2**64 to 1/2**128. Also break out of the sieve loop early if it has
failed.
|
| |
|
|
|
|
| |
deriving it by squaring the previous value.
|
| |
|
|
|
|
|
| |
but the meaning of the option is probably easier to understand with
this name.
|
| |
|
|
|
|
| |
[ci skip]
|
|
|
|
| |
[ci skip]
|
|
|
|
| |
[ci skip]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove and consolidate various headers
Reduce memory usage of GF2m_Field by sharing the log and exponent
tables across all instances of a particular word size.
Remove McEliece_Public_Operation and McEliece_Private_Operation which
were difficult to use safely. Instead only the KEM operations are exposed.
Add McEliece_PublicKey::random_plaintext_element
Add command line `mce` tool and some McEliece documentation
Convert the speed program to check McEliece keys of the suggested size
Add McEliece KATs for both key generation and KEM
Fix HMAC_DRBG constructor which derefed a pointer before its time
|
|
|
|
| |
[ci skip]
|
| |
|
| |
|
| |
|
|
|
|
| |
[ci skip]
|
|
|
|
| |
[ci skip]
|
| |
|
|
|
|
| |
[ci skip]
|
|
|
|
| |
[ci skip]
|
|
|
|
|
| |
When building for iOS with clang, the C++ standard library
must be set to libc++ instead of libstdc++.
|
|
|
|
|
|
| |
Previously 0 was the highest priority and 255 was the lowest. But this
is really quite confusing, instead treat 0 as lowest and 255 as highest
so normal integer intuitions apply.
|