| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
Bug found by Daniel Neus
The function wasn't being used anywhere in the library (and was only
added in 1.11.20) so it seems easier to remove than fix. And removing
it serves to put any user on notice that something bad happened;
Daniel tested this as returning just 0 when bits >= 32 with his
system's compiler.
|
|
|
|
|
|
|
|
| |
As the alternatives are unfortunate for applications trying to catch
all library errors, and it seems deriving from std::runtime_error
causes problems with MSVC DLLs (GH #340)
Effectively reverts 2837e915d82e43
|
|
|
|
| |
Defaults should be fine for everyone but it makes the values more transparent
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provides an easier way for an application to configure a list of
entropy sources they'd like to use, or add a custom entropy source to
their seeding.
Exposes some toggles for the global/default entropy sources to build.h
Adds basic entropy tests which runs the polls and does sanity checking
on the results, including compression tests if available. These are
less useful for the CSPRNG outputs but a good check for the ones
producing plain ASCII like the /proc reader.
|
|
|
|
|
|
|
|
|
|
|
| |
The tests previously had used 4 to 6 different schemes internally (the vec file
reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests
which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a
design that works everywhere, and update all the things.
Fix also a few bugs found by the test changes: SHA-512-256 name incorrect,
OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy
was wrong.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use constant time operations when checking CBC padding in TLS decryption
Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes
from working: on decode the session id and hello cookie would be
swapped, causing confusion between client and server.
Various changes in the service of finding the above DTLS bug that
should have been done before now anyway - better control of handshake
timeouts (via TLS::Policy), better reporting of handshake state in the
case of an error, and finally expose the facility for per-message
application callbacks.
|
|
|
|
|
|
| |
Previously you couldn't have an unique_ptr<RNG> that might point to
either a system rng or an autoseed rng depending on availability. That
was already needed in ffi and is useful elsewhere.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove and consolidate various headers
Reduce memory usage of GF2m_Field by sharing the log and exponent
tables across all instances of a particular word size.
Remove McEliece_Public_Operation and McEliece_Private_Operation which
were difficult to use safely. Instead only the KEM operations are exposed.
Add McEliece_PublicKey::random_plaintext_element
Add command line `mce` tool and some McEliece documentation
Convert the speed program to check McEliece keys of the suggested size
Add McEliece KATs for both key generation and KEM
Fix HMAC_DRBG constructor which derefed a pointer before its time
|
| |
|
| |
|
|
|
|
| |
Only user-visible change is the removal of get_byte.h
|
|
|
|
|
|
|
|
| |
The plain PointGFp operator* now uses Montgomery ladder exclusively.
Adds a blinded point multiply algorithm which uses exponent and point
randomization, as well as a Montgomery ladder technique that takes a
random walk of the possible addition chains for k.
|
| |
|
|
|
|
|
|
| |
The android.txt is a copy of linux.txt minus the getsid feature
(Android's libc, Bionic, doesn't support it) and the alias linux-gnu. It
is supported anywhere where linux is supported.
|
|
|
|
| |
There's no OS file in src/build-data/os for tru64
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This lets you amortize quite a few memory allocations (RNG, various
BigInts, etc) over many nonce generations.
Change generate_rfc6979_nonce to just instantiate one of these states,
call the function once, and return. This doesn't have any additional
overhead versus the previous implementation of this function.
Fix HMAC_DRBG to correctly reset its state to its starting position
when you call clear() on it.
|
| |
|
|
|
|
|
|
| |
Fix two memory leaks (in TLS and modes) caused by calling get_foo and
then cloning the result before saving it (leaking the original object),
a holdover from the conversion between construction techniques in 1.11.14
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Convert all uses of Algorithm_Factory and the engines to using Algo_Registry
The shared pool of entropy sources remains but is moved to EntropySource.
With that and few remaining initializations (default OIDs and aliases)
moved elsewhere, the global state is empty and init and shutdown are no-ops.
Remove almost all of the headers and code for handling the global
state, except LibraryInitializer which remains as a compatability stub.
Update seeding for blinding so only one hacky almost-global RNG
instance needs to be setup instead of across all pubkey uses (it uses
either the system RNG or an AutoSeeded_RNG if the system RNG is not
available).
|
|
|
|
| |
Remove global PRNG.
|
|
|
|
| |
See github 42 for background
|
|
|
|
|
| |
Update license header line to specify the terms and refer to the file,
neither of which it included before.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
in auto_rng for a working entropy source as in situations where it
doesn't work almost none of the library builds. Disable boost by
default from the library. Github issue 34.
Unrelated - remove long dead Tru64 as a target.
|
| |
|
| |
|
| |
|
|
|
|
| |
error of generating an amalagamation build with all of them disabled.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
If no entropy sources at all are enabled in the build, throw an exception
immediately rather than having the poll mysteriously fail.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add `website` target to makefile.
Some progress towards fixing minimized builds.
TLS now hard requires ECDSA and GCM since otherwise a minimized build
has only insecure options.
Remove boost_thread dependency in command line tool
|
|
|