| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
GH #726
[ci skip]
|
| |
|
|
|
| |
Also use a const time comparison for the finished message, though
I don't see any real way of exploiting that timing channel.
|
| |
|
|
|
| |
OpenSSL 1.0.2 added support for brainpool curves, so we
can use it provided the version check succeeds.
|
| |
|
|
|
|
| |
The previous assert had been already put there for the benefit
of clang-analyzer, but in Clang 3.9 it does not help. Instead
test X value directly, which works.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GH #754 exposed a bug in the non-Montgomery exponentiation case.
It turned out then when the fixed window was picked to any value
> 1, the result would be incorrect due to an off by one. This is
the one line fix in powm_fw.cpp
Also fix a bug in bigint_mul which caused incorrect results,
because the output BigInt was not being zeroed out before use. This
is only exposed in rare cases, found (somewhat indirectly) in
OSS-Fuzz #287.
Add more modular exponentiation tests, which would have caught
these issues earlier.
|
| |
|
|
| |
Technically defined, but should never be seen in practical crypto context.
|
| |
|
|
|
|
|
| |
Changes all the Public_Key derived classes ctors to take a
std::vector instead of a secure_vector for the DER encoded
public key bits. There is no point in transporting a public
key in secure storage. (GH #768)
|
| |\ |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
The unpad functions return the blocksize as padding position, if the padding is invalid.
.
|
| |\ \ |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Kind of a vestigial thing from an earlier iteration of the module
design, and never useful to specify anymore since taking all the cpp
files is what you want exactly 100% of the time.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Avoid having any files within src/lib (in any subdirs) with
the same name. That seems worth avoiding even just on the basis
of avoiding basic confusion (looked in named.cpp - no the other one...)
and may allow simplifying the build in various ways.
|
| | | |
| | |
| | |
| | | |
Some attempt at consistency
|
| |\ \ \ |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Allow custom extensions in CA-signed cert requests
Add templated getter for extensions
|
| | |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When the code was changed in b8966d0f89e, the offset was not changed,
so it would reject ciphertexts with exactly 8 bytes of random padding
(the required minimum).
Found by pkcs1 fuzzer which also had problems due to not having been
updated at the same time.
Add a test suite for decoding of PK decryption padding to cover the
problem cases.
|
| | | |
| | |
| | |
| | | |
Don't think this can't happen outside of a fuzzer test
|
| | | | |
|
| |\ \ \ |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Adds new Private_Key::private_key_info() that returns
a PKCS#8 PrivateKeyInfo structure. Renames the current
Private_Key::pkcs8_private_key() to private_key_bits().
BER_encode() just invokes private_key_info().
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Adds new Public_Key::subject_public_key() that returns
a X.509 SubjectPublicKey structure. Renames the current
Public_Key::x509_subject_public_key() to public_key_bits().
BER_encode() just invokes subject_public_key().
|
| |\ \ \ \ |
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Not a good thing to offer at this level. If you know what you
are doing for the strange special case where it is necessary,
the raw BlockCipher interface is available and probably more
convenient.
|
| |/ / /
| | |
| | |
| | | |
Reported by @neverhub in GH #758 found by libFuzzer
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I was initially thinking of Botan as somewhat closed system, but
@cordney has a legit use case of wanting to expose a TPM sign
operation, but using their internal TPM library and TPM key type.
This requires the API be exposed so the derivation can occur.
Add a comment in the header explaining that the header is not for
normal application use and directing them to pubkey.h
This basically reverts 2747e8e23aec43162
|
| | |
| |
| |
| |
| |
| |
| |
| | |
botan_rng_reseed: System_RNG write failed error 9
FFI ran 252 tests 1 FAILED
Failure 1: FFI botan_rng_reseed unexpectedly failed with error code -1
Signed-off-by: Alon Bar-Lev <[email protected]>
|
| | |
| |
| |
| |
| |
| | |
Showed up when compiling kdf.cpp with no KDFs enabled in build.
[ci skip]
|
| |\ \ |
|
| | | | |
|
| | | | |
|
| |\ \ \ |
|
| | | | | |
|
| | |/ /
|/| | |
|
| | | | |
|
| | | | |
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
All this is just standard C that the user should not touch, so it doesn't
really make sense to have it in the build.h template file.
Remove BOTAN_TARGET_CPU_HAS_KNOWN_ENDIANESS - only used twice (in loadstor.h)
and that code is clearer without it.
|
| | |/ / |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |/ / |
|
