| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mostly things that shouldn't be used (like almost Montgomery inverse,
which isn't even constant time) or are very much just for internals
(like the word-wise Montgomery inverse computation used for reduction).
Make variable time division explicit; leaves plain divide as a call
but it forwards to ct_divide now. All callers within the library are
now explicitly consttime or vartime.
Add a shortcut for modulus by one word - this hits quite often
especially in the ECC code
|
| |
|
| |
|
|
|
|
| |
GH #2356
|
|
|
|
|
|
|
| |
Replaces RDRAND_RNG, RDRAND entropy source, and DARN entropy source.
Provides also DARN-based RNG interface.
This also gives an easy path for supporting the ARMv8 RNG instructions.
|
| |
|
|
|
|
| |
Also fix warning about "insecure" getenv
|
| |
|
| |
|
|
|
|
| |
Signed-off-by: Nuno Goncalves <[email protected]>
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This shouldn't even happen if the header is still intact, but seemingly
it can: #1983 so be robust as possible.
|
|
|
|
| |
Fixes #1984
|
| |
|
|
|
|
| |
Deprecate various redundant FFI functions
|
| |
|
| |
|
|
|
|
| |
Remove unimplemented declaration botan_x509_cert_gen_selfsigned
|
|
|
|
|
| |
Also remove the TLS declarations from ffi.h for now since that
isn't supported at all.
|
|
|
|
|
|
|
|
|
| |
This makes the meaning and usage more clear.
Add a specific error type so invalid tags can be distinguished without
having to catch that specific type.
See also #1813
|
|
|
|
| |
Here the caller is assumed to have provided a buffer of sufficient size.
|
|
|
|
| |
Combines the priv check and the getenv call on one.
|
|
|
|
|
|
|
|
|
|
|
| |
Avoid throwing base Botan::Exception type, as it is difficult to
determine what the error is in that case.
Add Exception::error_code and Exception::error_type which allows
(for error code) more information about the error and (for error type)
allows knowing the error type without requiring a sequence of catches.
See GH #1742
|
| |
|
|
|
|
| |
Closes GH #1557
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several problems in CBC found by adding tests
- If you set a key, then set a nonce, then set a new key,
you could encrypt without setting a new nonce.
- It was possible to call CBC finish without setting a nonce,
which would crash.
- If you had an CBC decryption object, set a key, set a nonce, then
reset message state, it should throw because no nonce is set.
Instead it would carry on using an all-zero nonce.
Disable CommonCrypto with PKCS7 padding as it seems to have some
problem that I cannot figure out from the build logs.
This work sponsored by Ribose Inc
|
|
|
|
|
|
|
|
| |
If a function returning variable length output was called with a
null output buffer but a non-zero output buffer length, FFI layer
would call memset(nullptr, 0, buffer_len) and crash.
Caught by Coverity.
|
|
|
|
|
|
|
|
| |
Avoid any getenv toggles or reading /proc if we are setuid/setgid.
It is possible there is or will someday be some file in /proc that
is world-readable, but if read by a privileged user causes some side
effect.
|
| |
|
| |
|
|\ |
|
| | |
|
| |
| |
| |
| | |
This is a contribution of Ribose Inc (@riboseinc)
|
| |
| |
| |
| |
| | |
Downgrade min Sphinx to 1.2 again - I checked and while Sphinx 1.2
produce many warnings it does generate usable output.
|
|/
|
|
| |
See GH #1680
|
|
|
|
|
| |
It avoids having to rewrite existing logic when a new API version
is introduced.
|
|
|
|
|
| |
Fixes: dc85761ef02c ("Add path validation to FFI")
Signed-off-by: Tobias Brunner <[email protected]>
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This caused get_field, when called with a non-existing field, to
return success and set the field to a small negative integer.
|
|
|
|
| |
No reason given we know the message is going to be thrown away.
|
| |
|
| |
|
|
|
|
|
|
| |
Add/fix Doxygen comments.
Remove warning which is not really true anymore.
|
|
|
|
|
|
|
|
|
|
| |
It turned out 8 bit was very broken (failed to compile, due to
overload problems with functions taking uint8_t vs word).
16 bit words work aside from a test failure, but is really slow.
Practically speaking we are not in a position to support 16-bit CPUs
very well. And being able to assume sizeof(word) >= sizeof(uint32_t)
allows simplifying some code.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instigated by finding a bug where BigInt::encode with decimal output
would often have a leading '0' char. Which is papered over in the IO
operator, but was exposed by botan_mp_to_str which called BigInt::encode
directly.
Split BigInt::encode/decode into two versions, one taking the Base
argument and the other using the (previously default) binary base.
With a view of eventually deprecating the versions taking a base.
Add BigInt::to_dec_string() and BigInt::to_hex_string()
|