aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/utils
Commit message (Collapse)AuthorAgeFilesLines
* Add constant time conditional swap, add, sub for bigint wordsJack Lloyd2016-02-171-1/+1
| | | | | | | | | Not optimized and relies on asm support for const time word_add/word_sub instructions. Fix a bug introduced in 46e9a89 - unpoison needs to call the valgrind API with the pointer rather than the reference. Caused values not to be unpoisoned.
* Avoid Coverity false positiveJack Lloyd2016-02-091-1/+5
| | | | | | | | It assumes unpoison is expecting a pointer to T and sizeof(T), but the sizeof is evaluated in unpoison but only in the case of building with valgrind. Just call the valgrind API again directly
* Utils needs librt dependency due to calling clock_gettimeJack Lloyd2016-02-071-0/+4
| | | | Was previously on hres_timer entropy source
* Add explicit fork check to HMAC_RNGJack Lloyd2016-02-072-8/+104
| | | | | | | | | | | Add OS functions get_process_id, get_processor_timestamp, and get_system_timestamp_ns. HMAC_RNG uses the pid call to detect forks to initiate a reseed. It also adds the output of all three functions (the pid, the CPU cycle counter, and the system timestamp) into the PRF input. Calls the new OS timer functions from hres_timer entropy source. Removes the call to QPC in es_win32 which is mostly redundant with the one in hres_timer.
* Remove redundant initialization. Closes GH #399Jack Lloyd2016-02-071-1/+0
|
* Merge remote-tracking branch 'remotes/github/master' into noreturnDaniel Neus2016-01-097-104/+104
|\ | | | | | | | | # Conflicts: # src/build-data/cc/gcc.txt
| * Mass-prefix member vars with m_René Korthaus2016-01-087-104/+104
| |
* | move noreturn before the function declarationDaniel Neus2016-01-081-2/+2
| |
* | don't declare functions noreturn that are maybe implemented in the futureDaniel Neus2016-01-081-1/+1
| | | | | | | | In addition don't declare virtual functions noreturn
* | add BOTAN_NORETURN macro and mark those functions that do not return with itDaniel Neus2016-01-082-2/+2
|/
* String comparision fixesDaniel Neus2016-01-043-11/+11
| | | | fix PVS-Studio perfomance warnings
* Use valgrind's memcheck API for checking const time annotationsJack Lloyd2016-01-031-14/+27
| | | | | | | Has the same effect as using ctgrind, but without requiring a custom-compiled valgrind binary. Add ct checking annotations to the SSSE3 AES code.
* Use memcpy instead of misaligned pointer casts for reading words.Jack Lloyd2015-12-312-80/+44
| | | | | | | | | | | | | | | | | | | | | | It works on x86, but C says it is undefined and it makes UBSan unhappy. Happily, this memcpy approach probably also works fine under processors which previously used the byte-at-a-time approach such as ARM. But for right now using memcpy here is still gated under the processor alignment flags. In my tests recent GCC and Clang seemed to produce basically identical code for either approach when using -O3; I imagine most compilers these days are very good at analyzing/inlining/unrolling memcpys. Also remove the manually unrolled versions of xor_buf, which caused problems with GCC and -O3 due to it vectorizing the loads into (aligned) SSE2 loads, which would fail when a misaligned pointer was passed. Which always seemed kind of bogus to me, but I guess that's what undefined behavior is for. Enable -O3 for GCC. With this change the test suite is clean under GCC ASan+UBSan and Clang ASan+UBSan, with the exception of one failure due to a bug in libstdc++ (GCC bug 60734) when compiled by Clang.
* Add missing assignment in DataSource::discard_nextJack Lloyd2015-12-311-0/+1
| | | | Reported on the mailing list by Falko
* Merge pull request #378 from neusdan/warning_fixesJack Lloyd2015-12-261-1/+0
|\ | | | | Some trivial compiler and PVS-Studio warning fixes
| * some trivial compiler/PVS-Studio warning fixesDaniel Neus2015-12-221-1/+0
| |
* | Guard all std::mem* ops against any call with zero length.Jack Lloyd2015-12-252-21/+36
|/ | | | | | | | | | Calling memset, memmove, memcpy with an undefined or null pointer, even with length zero, causes undefined behavior. Prevent that from happening within the functions that call these dangerous things since allowing a caller to pass length == 0 with null or just past the end and not have things explode is nice. Oh C, you so crazy.
* Merge the openssl code together.Jack Lloyd2015-12-192-51/+0
| | | | | | | Having the code diffused all over the place was ugly and would not scale well to multiple alternative providers. GH #368
* CLI rewriteJack Lloyd2015-12-193-2/+50
| | | | | | | | | | | | | | | | | | The command line tools' origin as a collection of examples and test programs glued together led to some unfortunate problems; lots of hardcoded values, missing parameters, and obsolete crypto. Adds a small library for writing command line programs of the sort needed here (cli.h), which cuts the length of many of the commands in half and makes commands more pleasant to write and extend. Generalizes a lot of the commands also, eg previously only signing/verification with DSA/SHA-1 was included! Removes the fuzzer entry point since that's fairly useless outside of an instrumented build. Removes the in-library API for benchmarking.
* Add missing include in dyn_load.cppSimon Warta2015-12-121-0/+1
|
* Build fix. Add SQL_DB_Error exception typeJack Lloyd2015-12-112-9/+18
|
* Disable asio serial port support to avoid Darwin braindamage. GH #350Jack Lloyd2015-12-111-1/+9
|
* Missing addsJack Lloyd2015-12-116-6/+4
|
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-118-33/+44
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* Add OS utility headerJack Lloyd2015-12-056-102/+191
| | | | | | | | Provide abstractions for the locking allocator (allocate and free locked pages) to decouple it from the platform dependent code. Should make it easy to write a Windows version using VirtualAlloc+VirtualLock. Exposes max mlock limit as a build.h toggle
* Avoid ever returning 0 from CPUID::cache_line_sizeJack Lloyd2015-12-021-1/+1
| | | | | | | | Take the value from build.h if we have no way of getting it dynamically. Fixes an infinite loop in AES on non-x86 introduced in ebf2164a, as otherwise it does for(size_t i = 0; i != ...; i += 0) {} while iterating over the TE tables.
* Improve side channel attack resistance of table based AES implJack Lloyd2015-11-291-2/+17
|
* Remove bogus code from generic mp_madd header, noticed on PPC build.Jack Lloyd2015-11-231-2/+2
| | | | Also fix a few cast and zero-as-nullptr warnings in the AltiVec header
* Remove mul128.h header from public viewJack Lloyd2015-11-161-6/+6
| | | | | | | | | | | | | | | The only reason mul128.h was included in mp_types.h was for the definition of dword. But dword is only needed by the generic version of mp_madd, which is an internal header. So move both the inclusion of the header and the dword definition to there. Previously mul128.h was very public (mp_types.h to bigint.h to rsa.h, for example) and use of __int128 causes problems in pedantic mode. So additionally, prefer using the TI attribute version since GCC does not complain about that. Clang's -Wpedantic does not seem to care about it either way. GH #330
* Add remove_all to TLS session manager interfaceJack Lloyd2015-11-133-4/+10
| | | | DB::spin now returns the number of rows affected
* Update and consolidate the test framework.Jack Lloyd2015-11-112-6/+6
| | | | | | | | | | | The tests previously had used 4 to 6 different schemes internally (the vec file reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a design that works everywhere, and update all the things. Fix also a few bugs found by the test changes: SHA-512-256 name incorrect, OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy was wrong.
* Remove unused xor_buf.h (internal header merged into mem_ops.h)Jack Lloyd2015-10-271-144/+0
|
* Merge pull request #314 from randombit/ct-tls-cbc-paddingJack Lloyd2015-10-261-1/+53
|\ | | | | TLS improvements
| * Missing include dependencyJack Lloyd2015-10-261-1/+1
| |
| * Asan fix - referencing &vec[vec.size()] instead of vec.end()Jack Lloyd2015-10-261-0/+16
| | | | | | | | Convert to a const time algo
| * TLS improvementsJack Lloyd2015-10-251-0/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Use constant time operations when checking CBC padding in TLS decryption Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes from working: on decode the session id and hello cookie would be swapped, causing confusion between client and server. Various changes in the service of finding the above DTLS bug that should have been done before now anyway - better control of handshake timeouts (via TLS::Policy), better reporting of handshake state in the case of an error, and finally expose the facility for per-message application callbacks.
* | Merge pull request #313 from randombit/path-validation-fixesJack Lloyd2015-10-262-1/+24
|\ \ | |/ |/| Fix cert validation bugs found by x509test.
| * Fix cert validation bugs found by x509test.Jack Lloyd2015-10-232-1/+24
| | | | | | | | Add test suite with certs from x509test
* | Make Montgomery reduction constant time.Jack Lloyd2015-10-241-71/+48
|/ | | | | | | | | | | | | | It was already close, but the carry loop would break early and selecting which value to copy out was indexed on the borrow bit. Have the carry loop run through, and add a const-time conditional copy operation and use that to copy the output. Convert ct_utils to CT namespace. Templatize the utils, which I was hesitant to do initially but is pretty useful when dealing with arbitrary word sizes. Remove the poison macros, replace with inline funcs which reads cleaner at the call site.
* Make OpenSSL ECDSA and RSA request only until they can be testedJack Lloyd2015-10-191-2/+2
|
* Break up openssl providerJack Lloyd2015-10-192-0/+51
| | | | | | For RSA, RC4, and ECDSA put the openssl versions in the same directory as the base version. They just rely on a macro check for the openssl module to test for the desire to use OpenSSL.
* Cleanups in ct and oaepJack Lloyd2015-10-171-87/+12
| | | | In OAEP expand the const time block to cover MGF1 also
* Make PKCS #1 and OAEP decoding constant time to avoid oracle attacksJack Lloyd2015-10-164-125/+209
| | | | | | | | via timing channels. Add annotations for checking constant-time code using ctgrind to PKCS #1 and OAEP, as well as IDEA and Curve25519 which were already written as constant time code.
* Merge pull request #298 from tiwoc/arm64Simon Warta2015-10-161-2/+2
|\ | | | | Support for 64 bit ARM
| * Initial support for 64 bit ARMDaniel Seither2015-10-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds support for 64 bit ARM cores as used in many high-end phones such as all iPhones beginning with the 5s. While these newer phones still run 32 bit ARM code, Apple doesn't allow apps to be submitted to the app store if they don't provide a 64 bit build. This commit adds a new arm64 arch and renames arm to arm32 to stay consistent with the other architectures. The name arm can still be used for configuring because it has been added as an alias for arm32. Additionally, the one piece of ARM inline assembly that can be found in Botan doesn't work on 64 bit ARM, so I use the solution that has been proposed in #180: Use __builtin_bswap32 instead of inline assembly.
* | Move DataSource to utils and rewrite PEM encoding to avoid filtersJack Lloyd2015-10-143-0/+393
|/ | | | | Removes filters as as an internal dependency pretty much entirely (outside of some dusty corners in misc).
* Avoid concatination of charsSimon Warta2015-09-221-1/+1
| | | | | | | Ever tried? auto str = "some long string"; auto str2 = str + '\n'; It's not with the brainfuck finding the bug.
* Move boost and sqlite3 to utilsJack Lloyd2015-09-224-0/+220
|
* Move check for SIMD instructions to CPUIDJack Lloyd2015-09-215-6/+15
| | | | | | Avoids needing to include simd_32 to see if SIMD is disabled. This had caused a build break on Linux x86-32 as SSE2 must be enabled on a per-file basis.
* Internal header cleanupsJack Lloyd2015-09-196-18/+143
| | | | Only user-visible change is the removal of get_byte.h