| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Still not a hard error even in maintainer mode because sometimes
system headers pull in C style casts via macros (eg MAP_FAILED).
But, it not being a hard error makes it easy to backslide.
|
|
|
|
| |
Only works for GCC and Clang
|
|
|
|
|
| |
Having a runtime endian test to verify against the build setting is
useful.
|
|
|
|
|
| |
This allows wait() to be called immediately after sync() returns, even if not
all of the waiting threads have awoken.
|
|
|
|
|
|
|
|
| |
This commit introduces a concept of a barrier, where all threads must
synchronise before continuing. Threaded Fork uses this to ensure that all
input is consumed by each sink exactly once.
Fixes #695.
|
| |
|
| |
|
|\ |
|
| | |
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
| |
Originally from https://github.com/randombit/botan-fuzzers but
merging to the main tree (without the corpus files, since I suspect
the corpus files in that repo are not useful anymore)
Adds --unsafe-fuzzer-mode which can be used to selectively disable
cryptographic checks which get in the way of fuzzer testing. This
setting is reflected in build.h and in the version string. Right
now it doesn't actually disable anything.
|
|
|
|
|
|
| |
The pool allocator itself is portable code, but it doesn't do anything
useful unless we have the ability to mlock/VirtualLock memory, which
is OS specific.
|
|
|
|
|
|
|
| |
I repent my use of global constructors.
I repent my use of global locks.
Hopefully I will never touch this code again.
:)
|
| |
|
|\ |
|
| | |
|
| | |
|
| |
| |
| |
| | |
Turns out MSVC 2013 doesn't have constexpr at all (!!)
|
|/
|
|
| |
Remove unused and empty get_byte.h
|
| |
|
|
|
|
|
|
|
| |
Verification is deterministic and public, so really no RNG is ever needed.
Change provider handling - accepts "base", "openssl", or empty, otherwise
throws a Provider_Not_Found exception.
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The Cipher_Mode::update API is more general than needed to just
support ciphers (this is due to it previously being an API of
Transform which before 8b85b780515 was Cipher_Mode's base class)
Define a less general interface `process` which either processes the
blocks in-place, producing exactly as much output as there was input,
or (SIV/CCM case) saves the entire message for processing in `finish`.
These two uses cover all current or anticipated cipher modes.
Leaves `update` for compatability with existing callers; all that is
needed is an inline function forwarding to `process`.
Removes the return type from `start` - in all cipher implementations,
this always returned an empty vector.
Adds BOTAN_ARG_CHECK macro; right now BOTAN_ASSERT is being used
for argument checking in some places, which is not right at all.
|
|/ |
|
|
|
|
|
|
|
| |
For example it used to return 0 on Linux/ARM...
If no QPC or asm version, use clock_gettime if available, or else
std::chrono::high_resolution_clock as a fallback.
|
|
|
|
| |
Altivec code assumed big-endian.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Convert Travis build configuration to a single var instead of 4 tuple.
Makes it much easier to review the builds in the Travis web UI.
Adds sanitizer builds for Clang on both Linux and OS X. Clang is a different
compiler from GCC and its sanitizers may catch things GCC does not.
I have no idea if Apple's Clang has some magic sanitizer sauce stock
LLVM does not, so maybe sanitizer build on OS X can be skipped.
Adds Linux cross compile targets for ARM32, ARM64, PPC64, and MinGW x86
using the cross compiler available in Trusty. All of them build and are
set up to run through qemu/wine. All of the tests currently fail and
so are marked as expected fail in the Travis matrix.
The ARM test runs seem to have thread problems; ARM32 thread creation just fails
with an exception, as if pthreads was disabled. All other tests pass ok for ARM32.
On Aarch64, it looks like there is a hard crash the first time the library tries
creating a thread. Both of these might be due to statically linking the binary?
I have been unable to convince Ubuntu's qemu-ppc64 to execute binaries compiled by
Ubuntu's ppc64 cross compiler. I'm downloading an Ubuntu ISO to try this in a VM.
Running under Wine exposes several issues, both in Wine and Botan. Many functions are
stubs and it appears that entropy collection fails as a result. This triggers a bug
in the FFI tests which causes a crash there.
A pox on time zones; _mkgmtime is a MSVC extension and is not available on MinGW GCC.
Add a last resort call that just uses the localzone variant instead.
Adds valgrind target, remove a bogus poison in pubkey.cpp (it was effectively
asserting that all of RSA was const time which is sadly not true at all).
Moves -Wshadow to maintainer mode for GCC - GCC 4.8 has a noisy variant of -Wshadow
which warns if a parameter masks a function name, but this comes up all the time
in constructors. Later GCCs no longer warn about this (even with -Wshadow), so the
warnings are never fixed, but they cause noise in CI output and hide interesting
warnings like
warning: vec_lvsl is deprecated for little endian; use assignment for unaligned loads and stores [-Wdeprecated]
__vector unsigned char perm = vec_lvsl(0, static_cast<u32bit*>(nullptr));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change reseed interval logic to count calls to `randomize` rather than
bytes, to match SP 800-90A
Changes RNG reseeding API: there is no implicit reference to the
global entropy sources within the RNGs anymore. The entropy sources
must be supplied with the API call. Adds support for reseding directly
from another RNG (such as a system or hardware RNG).
Stateful_RNG keeps optional references to both an RNG and a set of
entropy sources. During a reseed, both sources are used if set.
These can be provided to HMAC_DRBG constructor.
For HMAC_DRBG, SP800-90A requires we output no more than 2**16 bytes
per DRBG request. We treat requests longer than that as if the caller
had instead made several sequential maximum-length requests. This
means it is possible for one or more reseeds to trigger even in the
course of generating a single (long) output (generate a 256-bit key
and use ChaCha or HKDF if this is a problem).
Adds RNG::randomize_with_ts_input which takes timestamps and uses them
as the additional_data DRBG field. Stateful_RNG overrides this to also
include the process ID and the reseed counter. AutoSeeded_RNG's
`randomize` uses this.
Officially deprecates RNG::make_rng and the Serialized_RNG construtor
which creates an AutoSeeded_RNG. With these removed, it would be
possible to perform a build with no AutoSeeded_RNG/HMAC_DRBG at all
(eg, for applications which only use the system RNG).
Tests courtesy @cordney in GH PRs #598 and #600
|
|
|
|
|
|
| |
Otherwise symlinked files are ignored.
GH #565
|
|
|
|
|
| |
Otherwise we run into problems on 64-bit CPUs with 32-bit userland.
GH #563
|
| |
|
|
|
|
|
|
|
| |
Avoids some cut and paste, also removes the need for special logic in
configure.py for handling mp module specially.
Merge SIMD classes into a single type SIMD_4x32
|
|
|
|
|
| |
Remove Entropy_Accumulator, instead have entropy sources directly
add entropy to the RNG.
|
|
|
|
|
|
|
| |
Caused Curve25519 tests to fail when compiled by Clang on ARM, may have
affected other 32-bit platforms.
GH #532
|
| |
|
| |
|
|
|
|
| |
compiler warnings
|
|
|
|
|
|
|
|
| |
OpenSSL sends an empty record before each new data record in TLS v1.0
to randomize the IV, as a countermeasure to the BEAST attack. Most
implementations use 1/(n-1) splitting for this instead.
Bug introduced with the const time changes in 1.11.23
|
|
|
|
|
|
|
| |
Previously RSA and ElGamal stripped off leading zeros which were then
assumed by the padding decoders. Instead have them produce ciphertexts
with leading zeros. Changes EME_Raw to strip leading zeros to match
existing behavior.
|
|
|
|
|
| |
Performs content checks on the value (expected length, expected bytes)
and in constant time returns either the decrypted value or a random value.
|
|\ |
|
| |
| |
| |
| |
| |
| | |
get_system_timestamp_ns()
GH #422
|
| | |
|
|/
|
|
| |
equivalent to mlock on Unix to prevent swapping out of memory
|
| |
|
|
|
|
| |
explicit.
|
|
|
|
| |
windows
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In GCC 4.7 and 4.8, Wshadow also warns if a local variable conflicts
with a member function. This was changed in GCC 4.9 (GCC bugzilla
57709) but causes a lot of warnings on Travis which is on 4.8. Clang's
Wshadow behaves like GCC 4.9
The worst offendor was Exception's constructor argument being named
`what` which conflicts with the member function of the same name,
being in a public header this causes so many warnings the Travis log
files are truncated.
This fixes Exception and a couple of others. Fixing all cases would be
a slog that I'm not up for right at the moment.
|