| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
In error cases the output value was not intialized, so callers which
ignored the error return might blindly use an uninitialized pointer.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
In raw mode pad out plaintext inputs with zeros as needed as otherwise
OpenSSL rejects the input as too small. And when decrypting, strip
leading zeros to match the behavior of the base implementation.
|
| |
|
|
|
|
| |
Previously 0 was the highest priority and 255 was the lowest. But this
is really quite confusing, instead treat 0 as lowest and 255 as highest
so normal integer intuitions apply.
|
| |
|
|
|
|
|
|
| |
No need to include the pk_utils.h header until we know ECDSA
is enabled in the build.
Move OpenSSL_Error to an internal header, was previously defined
twice when all sources were combined.
|
| |\
| |
| |
| |
| | |
Make secure_allocator conforming with C++11 allocator concept.
Add a template constructor and make the equality operators standard-compliant. Missing this broke iterator debugging with MSVC 2015.
|
| | |
| |
| | |
The equality operators need to support different specializations as well; this is also part of the standard allocator requirements.
|
| | |
| |
| | |
This is required by the Standard for an allocator. As far as I can tell, not having it breaks compilation in MSVC 2015, at least when iterator debugging is enabled. More details here: http://stackoverflow.com/q/31802806/4326278.
|
| | |
| |
| |
| | |
protocol handler was specified to the Server constructor. GH #252
|
| | |
| |
| |
| |
| | |
Unfortunately the signer cannot be tested in current framework because
OpenSSL does not use RFC 6979 deterministic signatures.
|
| | | |
|
| | |
| |
| |
| | |
Some tweaks for point multiplication using fixed windows.
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
GH #264
|
| | |
| |
| |
| |
| | |
zlib treats a nullptr output buffer as an error. This commit fixes the
failing compression tests.
|
| | |
| |
| |
| |
| |
| | |
&emptyVector[n] triggers undefined behavior because it is an out-of-
bounds access, even if n == 0. emptyVector.data() does not (but may
return nullptr).
|
| | |
| |
| |
| |
| |
| |
| |
| | |
missing on Solaris at least. On such systems it's probably safe to
assume that no amount of memory can be mlock'ed from userspace, so
just return zero to disable the allocator entirely.
GH #262
|
| | |
| |
| |
| |
| |
| | |
under Python3. Ironically there doesn't seem to be any way to portably
handle non-ASCII in a way that is compatible with Python 2.7 and 3 at
the same time.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
rather than after. After blinding the value is always reduced mod n
so the condition is never met.
This may be the cause of RSA test failures described in GH #174
The scenario was that during randomized corruption tests we
occasionally provide an input which was greater than the modulus.
When that happened the value was effectively reduced mod n, so the
self-check would later fail, because the decrypted result (reduced mod n)
would be compared with the original (larger than n) input.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The plain PointGFp operator* now uses Montgomery ladder exclusively.
Adds a blinded point multiply algorithm which uses exponent and point
randomization, as well as a Montgomery ladder technique that takes a
random walk of the possible addition chains for k.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
* Add random_prime benchmark
* Add is_prime benchmark
* Respect runtime in benchmark_transform(). This sets default runtime
from 2s to 0.5s per configuration
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
C functions must not throw but Botan::bigint_divop throws (MSVC: warning
C4297: 'Botan::bigint_divop' : function assumed not to throw an
exception but does)
* Move bigint_mul -> Botan::bigint_sqr
* Move bigint_sqr -> Botan::bigint_sqr
* Variable in unnamed namespace supersedes "static" keyword
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Break down string representations to to_string() and readable_string()
* Add m_ prefix to member variable names
* Fix order of methods
* Move comments Doxygen friendly to header
* Make set_to() private (future subjejt of refectoring); People should
use constructor
Closes #185
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
On systems where unsigned long is uint64 (typically 64 bit systems), a
string containing a number greater than 2^32-1 was sucessfully converted
to a uint64 and than reduced to uint32, causing an overflow. E.g.
to_u32bit("4294967296") was 0 and to_u32bit("4294967297") was 1.
|
| |\ \ |
|
| | | | |
|
| | |\ \
| | |/
| |/| |
Add two missing overrides and fix bug in fuzzer relating to these
|
| | | | |
|
| |/ /
| |
| |
| |
| |
| | |
Previously they were hidden away as private functions on the CurveGFp
types. This allows directly testing the reduction functions against
other computational methods.
|
| | |
| |
| |
| |
| |
| | |
defined, so don't fail. Fix XTS, as XTS always uses ciphertext
stealing the value of output_length had been incorrect in rounding up
to the block size.
|
| | |
| |
| |
| | |
Only botan-cli, botan-tests and the FFI module depend on PKCS8
|
| |\ \
| |/
|/| |
Enable use of cpuid.h with clang
|
| | | |
|
| | |
| |
| |
| |
| | |
One a read at 0 of an empty vector, the other causing allocation of an
arbitrary amount of memory.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
