aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* add missing overridesDaniel Neus2016-01-081-1/+1
| | | | found by gcc with -Wsuggest-override
* Precompile the list of TLS ciphersuitesJack Lloyd2016-01-063-294/+458
| | | | | | | | | | This avoids a scan over the entire 0 - 0xFFFF space which is mostly empty, by instead keeping a second list in tls_suite_info which is exactly the keys for which the switch statement has values. This scan is only ever done once (when first needed) but removing it is sufficient to increase AFL's throuhput by 4x since it goes through a full startup on each test.
* String comparision fixesDaniel Neus2016-01-0427-48/+48
| | | | fix PVS-Studio perfomance warnings
* Add ECDH via OpenSSLJack Lloyd2016-01-044-18/+121
| | | | | | | | | | Expose provider param in PK_Key_Agreement API Handle multiple providers in key agreement tests Fix some funky formatting of P-521 EC points in ecdh.vec which was being rejected by OpenSSL; for whatever reason the CAVS file had the affine coords with far more leading zeros than necessary.
* Use valgrind's memcheck API for checking const time annotationsJack Lloyd2016-01-032-15/+59
| | | | | | | Has the same effect as using ctgrind, but without requiring a custom-compiled valgrind binary. Add ct checking annotations to the SSSE3 AES code.
* Add extended master secret extension (RFC 7627) to TLSJack Lloyd2016-01-0310-12/+118
| | | | Interop tested with mbed TLS
* Fix PointGFp multiplication bugJack Lloyd2016-01-031-18/+0
| | | | | | There was a special case for small scalars which managed to forget that the integer 3 also fits into two bits. Found by adding a new set of ECC point mul tests for the NIST curves.
* Prettify mp_comba a bitJack Lloyd2016-01-011-44/+44
| | | | | | Aligning the calls makes it easier to read the index travel Add a date to the generated output file
* Add cast to a suspcious looking (but actually ok in this case) shift in MARSJack Lloyd2016-01-011-1/+1
| | | | j is never more than 30 in this loop
* Remove RNG::gen_mask, which had undefined behavior when bits >= 32Jack Lloyd2016-01-011-12/+0
| | | | | | | | | | Bug found by Daniel Neus The function wasn't being used anywhere in the library (and was only added in 1.11.20) so it seems easier to remove than fix. And removing it serves to put any user on notice that something bad happened; Daniel tested this as returning just 0 when bits >= 32 with his system's compiler.
* Drop seed_tabJack Lloyd2016-01-011-192/+0
| | | | | (Two part commit with 64caa9a to work around git's insane implied rename system)
* Inline SEED's sbox tablesJack Lloyd2016-01-012-33/+203
| | | | Simpler, and a bit faster also it seems (but not fast)
* Merge pull request #381 from cordney/fix-load-unencryped-key-from-berJack Lloyd2015-12-312-31/+99
|\ | | | | Fix loading of unencrypted, BER encoded private keys via PKCS8 api
| * Fix loading of unencrypted, BER encoded private keys via PKCS8 apiRené Korthaus2015-12-252-31/+99
| |
* | Use memcpy instead of misaligned pointer casts for reading words.Jack Lloyd2015-12-312-80/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It works on x86, but C says it is undefined and it makes UBSan unhappy. Happily, this memcpy approach probably also works fine under processors which previously used the byte-at-a-time approach such as ARM. But for right now using memcpy here is still gated under the processor alignment flags. In my tests recent GCC and Clang seemed to produce basically identical code for either approach when using -O3; I imagine most compilers these days are very good at analyzing/inlining/unrolling memcpys. Also remove the manually unrolled versions of xor_buf, which caused problems with GCC and -O3 due to it vectorizing the loads into (aligned) SSE2 loads, which would fail when a misaligned pointer was passed. Which always seemed kind of bogus to me, but I guess that's what undefined behavior is for. Enable -O3 for GCC. With this change the test suite is clean under GCC ASan+UBSan and Clang ASan+UBSan, with the exception of one failure due to a bug in libstdc++ (GCC bug 60734) when compiled by Clang.
* | Add missing assignment in DataSource::discard_nextJack Lloyd2015-12-311-0/+1
| | | | | | | | Reported on the mailing list by Falko
* | Move McEliece KEM operation into the same file as the key type.Jack Lloyd2015-12-262-74/+65
| | | | | | | | | | | | | | Otherwise we run into the old problem in the static non-amalgamation build of the operation not being loaded even though the key itself was referenced; since now the operation is loaded as a by-product of referencing the key type (as with other impls) everything works out.
* | Remove debug printsJack Lloyd2015-12-261-4/+0
| |
* | Merge pull request #378 from neusdan/warning_fixesJack Lloyd2015-12-266-9/+7
|\ \ | | | | | | Some trivial compiler and PVS-Studio warning fixes
| * | initialize private members in rc4 headerDaniel Neus2015-12-232-5/+4
| | |
| * | some trivial compiler/PVS-Studio warning fixesDaniel Neus2015-12-225-5/+4
| | |
* | | Add generalized KEM interfaceJack Lloyd2015-12-2611-102/+367
| | | | | | | | | | | | | | | | | | Convert McEliece KEM to use it Add RSA-KEM
* | | Export mgf1_mask GH #380Jack Lloyd2015-12-251-3/+3
| | |
* | | Guard all std::mem* ops against any call with zero length.Jack Lloyd2015-12-252-21/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Calling memset, memmove, memcpy with an undefined or null pointer, even with length zero, causes undefined behavior. Prevent that from happening within the functions that call these dangerous things since allowing a caller to pass length == 0 with null or just past the end and not have things explode is nice. Oh C, you so crazy.
* | | Remove mp_mulop.cppJack Lloyd2015-12-256-93/+42
| |/ |/| | | | | | | | | It had two functions, both only called from one place (mp_karat.cpp). Both multiple and square ops were O(n**2), so drop square and just call mul in mp_karat.cpp for either case
* | Fix a few clang warnings. Set clang sanitizer flagsJack Lloyd2015-12-241-1/+1
|/
* Remove debug printfJack Lloyd2015-12-211-1/+0
|
* Throw Lookup_Error instead of bare Exception when creating an obj failsJack Lloyd2015-12-201-24/+24
| | | | | | | in the algo factory. Fixes remaining issues of GH #369 - test_pubkey.cpp was expecting Lookup_Error when something isn't found.
* Add TPM v1.2 support (RSA keygen/signing, RNG)Jack Lloyd2015-12-194-0/+754
|
* Deprecate lookup.h functions GH #366Jack Lloyd2015-12-191-1/+19
|
* Move estimate of RDRAND/RDSEED entropy to build.hJack Lloyd2015-12-192-22/+2
| | | | GH #370 for background
* Merge pull request #370 from neusdan/rdseedJack Lloyd2015-12-194-0/+118
|\ | | | | Add support for Intel RdSeed instruction
| * add support for Intel RdSeedDaniel Neus2015-12-184-0/+118
| |
* | Remove unused word8_muladd from MSVC x86-32 asmJack Lloyd2015-12-191-84/+0
| | | | | | | | GH #363
* | Merge the openssl code together.Jack Lloyd2015-12-1910-37/+17
| | | | | | | | | | | | | | Having the code diffused all over the place was ugly and would not scale well to multiple alternative providers. GH #368
* | Remove all remaining uses of throwing a std:: exception directlyJack Lloyd2015-12-197-16/+17
| | | | | | | | See GH #340 and 6b9a3a5 for background
* | CLI rewriteJack Lloyd2015-12-197-205/+50
|/ | | | | | | | | | | | | | | | | | The command line tools' origin as a collection of examples and test programs glued together led to some unfortunate problems; lots of hardcoded values, missing parameters, and obsolete crypto. Adds a small library for writing command line programs of the sort needed here (cli.h), which cuts the length of many of the commands in half and makes commands more pleasant to write and extend. Generalizes a lot of the commands also, eg previously only signing/verification with DSA/SHA-1 was included! Removes the fuzzer entry point since that's fairly useless outside of an instrumented build. Removes the in-library API for benchmarking.
* Enable RdRand on Windows/MSVCDaniel Neus2015-12-161-0/+1
|
* Add missing include in dyn_load.cppSimon Warta2015-12-121-0/+1
|
* Build fix. Add SQL_DB_Error exception typeJack Lloyd2015-12-112-9/+18
|
* Disable asio serial port support to avoid Darwin braindamage. GH #350Jack Lloyd2015-12-111-1/+9
|
* Missing addsJack Lloyd2015-12-1123-29/+27
|
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-1172-167/+178
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* Minor sanity updates for OctetStringSimon Warta2015-12-092-23/+24
|
* Add OS utility headerJack Lloyd2015-12-056-102/+191
| | | | | | | | Provide abstractions for the locking allocator (allocate and free locked pages) to decouple it from the platform dependent code. Should make it easy to write a Windows version using VirtualAlloc+VirtualLock. Exposes max mlock limit as a build.h toggle
* Make portable GCM multiply operation run in constant time.Jack Lloyd2015-12-041-9/+16
| | | | Checked with ctgrind
* Merge pull request #321 from matejk/fix_algo_registry_locking_windowsJack Lloyd2015-12-041-6/+54
|\ | | | | Algo_Registry: Use CRITICAL_SECTION on Windows to prevent hang during initialization
| * Added myself to credits/copyright.Matej Kenda2015-11-201-0/+1
| |
| * Merged two sections of Botan namespace as suggested by randombit. ↵Matej Kenda2015-11-191-5/+4
| | | | | | | | Preprocessing sections are now split in two.
| * Merge branch 'master' of github.com:randombit/botan into ↵Matej Kenda2015-11-1932-141/+161
| |\ | | | | | | | | | fix_algo_registry_locking_windows