aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* Make OpenSSL ECDSA and RSA request only until they can be testedJack Lloyd2015-10-191-2/+2
|
* Add missing BOTAN_DLL to Decompression_Filter. GH #304Jack Lloyd2015-10-191-1/+1
|
* Break up openssl providerJack Lloyd2015-10-1910-23/+46
| | | | | | For RSA, RC4, and ECDSA put the openssl versions in the same directory as the base version. They just rely on a macro check for the openssl module to test for the desire to use OpenSSL.
* Cleanups in ct and oaepJack Lloyd2015-10-172-96/+23
| | | | In OAEP expand the const time block to cover MGF1 also
* Make PKCS #1 and OAEP decoding constant time to avoid oracle attacksJack Lloyd2015-10-169-168/+300
| | | | | | | | via timing channels. Add annotations for checking constant-time code using ctgrind to PKCS #1 and OAEP, as well as IDEA and Curve25519 which were already written as constant time code.
* Merge pull request #298 from tiwoc/arm64Simon Warta2015-10-161-2/+2
|\ | | | | Support for 64 bit ARM
| * Initial support for 64 bit ARMDaniel Seither2015-10-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds support for 64 bit ARM cores as used in many high-end phones such as all iPhones beginning with the 5s. While these newer phones still run 32 bit ARM code, Apple doesn't allow apps to be submitted to the app store if they don't provide a 64 bit build. This commit adds a new arm64 arch and renames arm to arm32 to stay consistent with the other architectures. The name arm can still be used for configuring because it has been added as an alias for arm32. Additionally, the one piece of ARM inline assembly that can be found in Botan doesn't work on 64 bit ARM, so I use the solution that has been proposed in #180: Use __builtin_bswap32 instead of inline assembly.
* | Fix compile of ffi when tls is disabled. GH #300Jack Lloyd2015-10-151-3/+8
| |
* | MSVC build fixJack Lloyd2015-10-152-9/+10
| |
* | Add prime and dl_group command line tools.Jack Lloyd2015-10-151-14/+42
| | | | | | | | | | | | Some cleanups in random_prime. Increase probability in prime tests from 1/2**64 to 1/2**128. Also break out of the sieve loop early if it has failed.
* | Prohibit creating a DL_Group smaller than 1024 bitsJack Lloyd2015-10-151-2/+2
| |
* | Periodically reinitialize the blinding sequence instead of alwaysJack Lloyd2015-10-152-13/+39
| | | | | | | | deriving it by squaring the previous value.
* | Add System_RNG which is an instantiatable RNG that uses the system RNGJack Lloyd2015-10-153-25/+33
| | | | | | | | | | | | Previously you couldn't have an unique_ptr<RNG> that might point to either a system rng or an autoseed rng depending on availability. That was already needed in ffi and is useful elsewhere.
* | Add support for RSA signing and verification via OpenSSLJack Lloyd2015-10-141-13/+131
| |
* | Expose providers for public key operationsJack Lloyd2015-10-143-47/+66
| | | | | | | | | | | | | | | | For PK_Encryptor and company they are requested via a new provider param to the constructors. The speed command gets a --provider option so you can see benchmark results with the different versions.
* | Build fixJack Lloyd2015-10-142-2/+3
| |
* | Add null pointer check to pbes2_decrypt, fix message in pbes2_encryptJack Lloyd2015-10-141-1/+3
| |
* | Move DataSource to utils and rewrite PEM encoding to avoid filtersJack Lloyd2015-10-149-17/+33
|/ | | | | Removes filters as as an internal dependency pretty much entirely (outside of some dusty corners in misc).
* Add missing null pointer check to PBES2Jack Lloyd2015-10-111-0/+3
|
* Fix bcrypt testJack Lloyd2015-10-031-1/+3
|
* Add McEliece keygen and MCEIES to C89 API. Plus random fiddlingJack Lloyd2015-10-013-32/+212
|
* Export X.509 certificates to ffi and pythonJack Lloyd2015-10-014-15/+267
| | | | Missing path validation, probably other things
* Merge pull request #286 from randombit/mce-cleanupJack Lloyd2015-09-3026-1202/+987
|\ | | | | Cleanup and document McEliece implementation
| * McEliece cleanupsJack Lloyd2015-09-2926-1202/+987
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove and consolidate various headers Reduce memory usage of GF2m_Field by sharing the log and exponent tables across all instances of a particular word size. Remove McEliece_Public_Operation and McEliece_Private_Operation which were difficult to use safely. Instead only the KEM operations are exposed. Add McEliece_PublicKey::random_plaintext_element Add command line `mce` tool and some McEliece documentation Convert the speed program to check McEliece keys of the suggested size Add McEliece KATs for both key generation and KEM Fix HMAC_DRBG constructor which derefed a pointer before its time
* | Merge pull request #288 from tiwoc/darwin_secrandomJack Lloyd2015-09-254-0/+84
|\ \ | | | | | | Add the Darwin_SecRandom entropy source
| * | Add the Darwin_SecRandom entropy sourceDaniel Seither2015-09-254-0/+84
| | | | | | | | | | | | | | | | | | | | | It uses the SecRandomCopyBytes function from the Security framework of OS X and iOS. We need this because it is the official way to get cryptographically secure random numbers on iOS, where /dev/random is not accessible due to sandboxing.
* | | Remove warning: assuming signed overflow does not occurSimon Warta2015-09-251-1/+1
|/ / | | | | | | | | | | warning: assuming signed overflow does not occur when reducing constant in comparison [-Wstrict-overflow] cond1 = r0.get_degree() <= break_deg - 1;
* / Avoid concatination of charsSimon Warta2015-09-226-13/+13
|/ | | | | | | Ever tried? auto str = "some long string"; auto str2 = str + '\n'; It's not with the brainfuck finding the bug.
* Add HMAC_DRBG constructor taking a name for the MAC instead of an objJack Lloyd2015-09-222-0/+15
|
* Delete Camellia sbox header.Jack Lloyd2015-09-222-550/+1
| | | | Two part commit with bd99a4f to work around git's insane rename system.
* Inline Camellia sbox tables to source fileJack Lloyd2015-09-221-3/+530
|
* Cleanup includesJack Lloyd2015-09-223-2/+3
|
* Move boost and sqlite3 to utilsJack Lloyd2015-09-224-0/+0
|
* Move check for SIMD instructions to CPUIDJack Lloyd2015-09-216-13/+18
| | | | | | Avoids needing to include simd_32 to see if SIMD is disabled. This had caused a build break on Linux x86-32 as SSE2 must be enabled on a per-file basis.
* Merge pull request #279 from randombit/fix-static-lib-registrationJack Lloyd2015-09-21174-981/+1574
|\ | | | | Move the algorithm factory functions to T::create and move object registration to the source file for its base class. These resolve the issues which prevented successful use of a static library that was built with individual object files. Removes the restriction in configure.py which prevented building non-amalgamation static libs.
| * Remove use of lookup.h in favor of new T::create API.Jack Lloyd2015-09-2138-159/+149
| |
| * Address some review comments by Simon. GH #279Jack Lloyd2015-09-2110-22/+22
| |
| * Fix includes for opensslJack Lloyd2015-09-193-0/+4
| |
| * Internal header cleanupsJack Lloyd2015-09-1980-289/+213
| | | | | | | | Only user-visible change is the removal of get_byte.h
| * Handle dependencies re static linking. GH #279Jack Lloyd2015-09-1735-192/+291
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously we were hanging on the type destructors to pull in the relevant objects. However that fails in many simple cases where the object is never deleted. For every type involved in the algo registry add static create and providers functions to access the algo registry. Modify lookup.h to be inline and call those functions, and move a few to sub-headers (eg, get_pbkdf going to pbkdf.h). So accessing the registry involves going through the same file that handles the initialization, so there is no way to end up with missing objs.
| * Fix for minimized buildsJack Lloyd2015-09-111-1/+4
| |
| * Fix pbkdf, pk padding and ECDH registration for static linking.Jack Lloyd2015-09-1124-110/+149
| | | | | | | | | | | | | | | | With this change the tests pass when linked against a static library built in the normal (non-amalgamation) fashion. Remove the restriction in configure.py, and have circleci build the clang static build as a non-amalg.
| * Same treatment for cipher modesJack Lloyd2015-09-1013-51/+118
| |
| * Fix static lib registration for block, hash, mac, stream, kdfJack Lloyd2015-09-1080-218/+685
| | | | | | | | | | | | | | | | | | | | | | The support problems from having static libraries not work in the obvious way will be endless trouble. Instead have each set of registrations tag along in a source file for the basic type, at the cost of some extra ifdefs. On shared libs this is harmless - everything is going into the shared object anyway. With static libs, this means pulling in a single block cipher pulls in the text of all the them. But that's still strictly better than the amalgamation (which is really pulling in everything), and it works (unlike status quo).
* | Reduce likelyhood of stray pointer writes via ffi layer.Jack Lloyd2015-09-101-0/+8
|/ | | | | In error cases the output value was not intialized, so callers which ignored the error return might blindly use an uninitialized pointer.
* Add missing compression overridesSimon Warta2015-09-013-2/+3
|
* Move Credentials_Manager to TLSJack Lloyd2015-08-294-6/+1
|
* Remove alloc module; move secmem.h to base and locking_allocator to utilsJack Lloyd2015-08-2915-21/+1
|
* Fix OpenSSL RSA to better handle no padding mode.Jack Lloyd2015-08-293-10/+45
| | | | | | In raw mode pad out plaintext inputs with zeros as needed as otherwise OpenSSL rejects the input as too small. And when decrypting, strip leading zeros to match the behavior of the base implementation.
* Reverse the algorithm priority orderingJack Lloyd2015-08-2914-25/+50
| | | | | | Previously 0 was the highest priority and 255 was the lowest. But this is really quite confusing, instead treat 0 as lowest and 255 as highest so normal integer intuitions apply.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 07:24:52 +0000