| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In GCC 4.7 and 4.8, Wshadow also warns if a local variable conflicts
with a member function. This was changed in GCC 4.9 (GCC bugzilla
57709) but causes a lot of warnings on Travis which is on 4.8. Clang's
Wshadow behaves like GCC 4.9
The worst offendor was Exception's constructor argument being named
`what` which conflicts with the member function of the same name,
being in a public header this causes so many warnings the Travis log
files are truncated.
This fixes Exception and a couple of others. Fixing all cases would be
a slog that I'm not up for right at the moment.
|
| |
|
|
|
|
|
|
|
| |
Not optimized and relies on asm support for const time word_add/word_sub
instructions.
Fix a bug introduced in 46e9a89 - unpoison needs to call the valgrind
API with the pointer rather than the reference. Caused values not to
be unpoisoned.
|
| |
|
|
|
|
|
|
| |
It assumes unpoison is expecting a pointer to T and sizeof(T), but the
sizeof is evaluated in unpoison but only in the case of building with
valgrind.
Just call the valgrind API again directly
|
| |
|
|
| |
Was previously on hres_timer entropy source
|
| |
|
|
|
|
|
|
|
|
|
| |
Add OS functions get_process_id, get_processor_timestamp, and
get_system_timestamp_ns. HMAC_RNG uses the pid call to detect forks to
initiate a reseed. It also adds the output of all three functions (the
pid, the CPU cycle counter, and the system timestamp) into the PRF input.
Calls the new OS timer functions from hres_timer entropy source.
Removes the call to QPC in es_win32 which is mostly redundant with the
one in hres_timer.
|
| | |
|
| |\
| |
| |
| |
| | |
# Conflicts:
# src/build-data/cc/gcc.txt
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
In addition don't declare virtual functions noreturn
|
| |/ |
|
| |
|
|
| |
fix PVS-Studio perfomance warnings
|
| |
|
|
|
|
|
| |
Has the same effect as using ctgrind, but without requiring a
custom-compiled valgrind binary.
Add ct checking annotations to the SSSE3 AES code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It works on x86, but C says it is undefined and it makes UBSan
unhappy. Happily, this memcpy approach probably also works fine under
processors which previously used the byte-at-a-time approach such as
ARM. But for right now using memcpy here is still gated under the
processor alignment flags.
In my tests recent GCC and Clang seemed to produce basically identical
code for either approach when using -O3; I imagine most compilers
these days are very good at analyzing/inlining/unrolling memcpys.
Also remove the manually unrolled versions of xor_buf, which caused
problems with GCC and -O3 due to it vectorizing the loads into
(aligned) SSE2 loads, which would fail when a misaligned pointer was
passed. Which always seemed kind of bogus to me, but I guess that's
what undefined behavior is for. Enable -O3 for GCC.
With this change the test suite is clean under GCC ASan+UBSan and
Clang ASan+UBSan, with the exception of one failure due to a bug in
libstdc++ (GCC bug 60734) when compiled by Clang.
|
| |
|
|
| |
Reported on the mailing list by Falko
|
| |\
| |
| | |
Some trivial compiler and PVS-Studio warning fixes
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
| |
Calling memset, memmove, memcpy with an undefined or null pointer,
even with length zero, causes undefined behavior. Prevent that from
happening within the functions that call these dangerous things
since allowing a caller to pass length == 0 with null or just
past the end and not have things explode is nice.
Oh C, you so crazy.
|
| |
|
|
|
|
|
| |
Having the code diffused all over the place was ugly and would
not scale well to multiple alternative providers.
GH #368
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The command line tools' origin as a collection of examples and test
programs glued together led to some unfortunate problems; lots of
hardcoded values, missing parameters, and obsolete crypto.
Adds a small library for writing command line programs of the sort
needed here (cli.h), which cuts the length of many of the commands in
half and makes commands more pleasant to write and extend.
Generalizes a lot of the commands also, eg previously only
signing/verification with DSA/SHA-1 was included!
Removes the fuzzer entry point since that's fairly useless outside of
an instrumented build.
Removes the in-library API for benchmarking.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
As the alternatives are unfortunate for applications trying to catch
all library errors, and it seems deriving from std::runtime_error
causes problems with MSVC DLLs (GH #340)
Effectively reverts 2837e915d82e43
|
| |
|
|
|
|
|
|
| |
Provide abstractions for the locking allocator (allocate and free
locked pages) to decouple it from the platform dependent code. Should
make it easy to write a Windows version using VirtualAlloc+VirtualLock.
Exposes max mlock limit as a build.h toggle
|
| |
|
|
|
|
|
|
| |
Take the value from build.h if we have no way of getting it dynamically.
Fixes an infinite loop in AES on non-x86 introduced in ebf2164a,
as otherwise it does for(size_t i = 0; i != ...; i += 0) {}
while iterating over the TE tables.
|
| | |
|
| |
|
|
| |
Also fix a few cast and zero-as-nullptr warnings in the AltiVec header
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The only reason mul128.h was included in mp_types.h was for the
definition of dword. But dword is only needed by the generic version
of mp_madd, which is an internal header. So move both the inclusion
of the header and the dword definition to there.
Previously mul128.h was very public (mp_types.h to bigint.h to rsa.h,
for example) and use of __int128 causes problems in pedantic mode. So
additionally, prefer using the TI attribute version since GCC does not
complain about that. Clang's -Wpedantic does not seem to care about it
either way.
GH #330
|
| |
|
|
| |
DB::spin now returns the number of rows affected
|
| |
|
|
|
|
|
|
|
|
|
| |
The tests previously had used 4 to 6 different schemes internally (the vec file
reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests
which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a
design that works everywhere, and update all the things.
Fix also a few bugs found by the test changes: SHA-512-256 name incorrect,
OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy
was wrong.
|
| | |
|
| |\
| |
| | |
TLS improvements
|
| | | |
|
| | |
| |
| |
| | |
Convert to a const time algo
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use constant time operations when checking CBC padding in TLS decryption
Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes
from working: on decode the session id and hello cookie would be
swapped, causing confusion between client and server.
Various changes in the service of finding the above DTLS bug that
should have been done before now anyway - better control of handshake
timeouts (via TLS::Policy), better reporting of handshake state in the
case of an error, and finally expose the facility for per-message
application callbacks.
|
| |\ \
| |/
|/| |
Fix cert validation bugs found by x509test.
|
| | |
| |
| |
| | |
Add test suite with certs from x509test
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was already close, but the carry loop would break early and
selecting which value to copy out was indexed on the borrow bit. Have
the carry loop run through, and add a const-time conditional copy
operation and use that to copy the output.
Convert ct_utils to CT namespace. Templatize the utils, which I was
hesitant to do initially but is pretty useful when dealing with
arbitrary word sizes.
Remove the poison macros, replace with inline funcs which reads
cleaner at the call site.
|
| | |
|
| |
|
|
|
|
| |
For RSA, RC4, and ECDSA put the openssl versions in the same directory
as the base version. They just rely on a macro check for the openssl
module to test for the desire to use OpenSSL.
|
| |
|
|
| |
In OAEP expand the const time block to cover MGF1 also
|
| |
|
|
|
|
|
|
| |
via timing channels.
Add annotations for checking constant-time code using ctgrind to
PKCS #1 and OAEP, as well as IDEA and Curve25519 which were already
written as constant time code.
|
| |\
| |
| | |
Support for 64 bit ARM
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds support for 64 bit ARM cores as used in many high-end phones
such as all iPhones beginning with the 5s. While these newer phones
still run 32 bit ARM code, Apple doesn't allow apps to be submitted to
the app store if they don't provide a 64 bit build.
This commit adds a new arm64 arch and renames arm to arm32 to stay
consistent with the other architectures. The name arm can still be used
for configuring because it has been added as an alias for arm32.
Additionally, the one piece of ARM inline assembly that can be found in
Botan doesn't work on 64 bit ARM, so I use the solution that has been
proposed in #180: Use __builtin_bswap32 instead of inline assembly.
|
| |/
|
|
|
| |
Removes filters as as an internal dependency pretty much entirely
(outside of some dusty corners in misc).
|
| |
|
|
|
|
|
| |
Ever tried?
auto str = "some long string";
auto str2 = str + '\n';
It's not with the brainfuck finding the bug.
|
| | |
|
| |
|
|
|
|
| |
Avoids needing to include simd_32 to see if SIMD is disabled. This
had caused a build break on Linux x86-32 as SSE2 must be enabled on
a per-file basis.
|
