| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
Only user-visible change is the removal of get_byte.h
|
| |
|
|
|
|
|
|
| |
With this change the tests pass when linked against a static library
built in the normal (non-amalgamation) fashion.
Remove the restriction in configure.py, and have circleci build the
clang static build as a non-amalg.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
rather than after. After blinding the value is always reduced mod n
so the condition is never met.
This may be the cause of RSA test failures described in GH #174
The scenario was that during randomized corruption tests we
occasionally provide an input which was greater than the modulus.
When that happened the value was effectively reduced mod n, so the
self-check would later fail, because the decrypted result (reduced mod n)
would be compared with the original (larger than n) input.
|
| |
|
|
|
|
|
|
| |
The plain PointGFp operator* now uses Montgomery ladder exclusively.
Adds a blinded point multiply algorithm which uses exponent and point
randomization, as well as a Montgomery ladder technique that takes a
random walk of the possible addition chains for k.
|
| |
|
|
| |
Only botan-cli, botan-tests and the FFI module depend on PKCS8
|
| | |
|
| |
|
|
| |
Thanks to @vlajos https://github.com/vlajos/misspell_fixer
|
| | |
|
| | |
|
| |
|
|
|
|
| |
shift promotes to signed int rather than an unsigned value. However
here we wish to use a large shift, which can cause a signed overflow.
Add static_cast to force to the desired (unsigned) type.
|
| |
|
|
| |
Fixes #146.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
as was previously done with encrypt/decrypt ops.
One feature dropped on the floor here is previously PK_Signer by
default did verification of signatures before releasing them as an
measure against fault attacks. However in addition to being expensive
this turned out to be difficult to implement with the new scheme.
|
| |
|
|
|
|
|
|
|
| |
op to use a padding scheme outside of our knowledge or control, for
instance an OpenSSL RSA op which uses OpenSSL's padding code. Similar
change for key agreement and KDFs for the same reason.
Add an EME_Raw type; previously this operation was implicit in the
code in pubkey.cpp
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This lets you amortize quite a few memory allocations (RNG, various
BigInts, etc) over many nonce generations.
Change generate_rfc6979_nonce to just instantiate one of these states,
call the function once, and return. This doesn't have any additional
overhead versus the previous implementation of this function.
Fix HMAC_DRBG to correctly reset its state to its starting position
when you call clear() on it.
|
| |
|
|
|
|
|
| |
distributing w into the exponents. This is at least a 50% speedup
across all keysizes on my laptop.
Optimization pointed out by Dr. Falko Strenzke on the mailing list.
|
| |
|
|
|
|
|
| |
a source file. Without BOTAN_DLL the LibraryInitializer was removed entirely
from the list of symbols which is not desired.
Add some casts to avoid scary sounding but (upon review) harmless warnings from MSVC
|
| |
|
|
|
|
| |
Fix two memory leaks (in TLS and modes) caused by calling get_foo and
then cloning the result before saving it (leaking the original object),
a holdover from the conversion between construction techniques in 1.11.14
|
| |
|
|
| |
higher level functions on interface handling returning a vector.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
ctypes Python wrapper that uses it. The API is intentionally designed
to have a very simple ABI (extern "C", all structs are opaque, no
memory ownership passing the FFI boundary, limited set of simple types
as args) so the ctypes wrapper is quite simple.
Currently ffi provides ciphers, hashes, MACs, RNGs, PBKDF, KDF,
bcrypt, and most public key operations.
Remove the old boost.python wrapper and all the build code for it.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Convert all uses of Algorithm_Factory and the engines to using Algo_Registry
The shared pool of entropy sources remains but is moved to EntropySource.
With that and few remaining initializations (default OIDs and aliases)
moved elsewhere, the global state is empty and init and shutdown are no-ops.
Remove almost all of the headers and code for handling the global
state, except LibraryInitializer which remains as a compatability stub.
Update seeding for blinding so only one hacky almost-global RNG
instance needs to be setup instead of across all pubkey uses (it uses
either the system RNG or an AutoSeeded_RNG if the system RNG is not
available).
|
| |
|
|
| |
Remove global PRNG.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
See github 42 for background
|
| | |
|
| |
|
|
|
| |
Update license header line to specify the terms and refer to the file,
neither of which it included before.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Add OIDS for OCB mode with various ciphers.
|
| |
|
|
|
|
| |
This uses only the c64 version from curve25519-donna; on systems that
don't have a native uint128_t type, a donna128 type stands in for just
enough 128-bit operations to satisfy donna.cpp
|
| | |
|
| | |
|
| |
|
|
|
| |
Drop the GNU MP engine. Its implementations were potentially faster in
some scenarios but not well protected against side channels.
|
| | |
|
| | |
|
| | |
|
