| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| | |
Change AutoSeeded_RNG to use SHA-384, SHA-256, SHA-3(256), or SHA-1,
whichever is available (in that order).
|
| |/
|
|
| |
Simplify algo_filt.cpp using create_or_throw
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
GMAC needs a per-message nonce specified with `start`, and other
MACs are capable of using nonces (Skein-MAC, for instance) so move
this API up to MAC class.
Change GMAC::clone to clone the owned cipher.
|
| | |
| |
| |
| |
| | |
Adds support for Galois Message Authentication Code calculation based on
GHASH, rather than GCM_Mode.
|
| | |
| |
| |
| |
| |
| | |
- Added GMAC class
- Integrated GMAC into MAC-Class test bench. Run GMAC tests using
./botan-test mac
|
| | |
| |
| |
| |
| | |
Not currently called but leaves us the opening to use them in the future
without breaking ABI.
|
| | | |
|
| | |
| |
| |
| | |
[ci skip]
|
| | | |
|
| | | |
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In this round of write some tests and find a bug, Threaded_Fork
seems to be completely broken. I don't think the semaphore approach
it uses really works (consistently) because a single worker thread
can acquire the semaphore more than once. This can be seen in the
(disabled) test of Threaded_Fork.
Not sure what to do about Threaded_Fork - it has been broken since
introduction and nobody has mentioned any problems so likely nobody has
ever used it. May actually be better to remove it entirely rather than
to fix it.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The client would attempt to resume a session, even if the session was
for a version other than what it wanted to offer. If the server
resumed with the original version, the client would then reject the
'incorrect' version. Instead, if the session is for a version other
than what we want to offer, just start a fresh handshake.
Fix resuming in the EtM case - even if the policy says otherwise,
always resume EtM sessions as EtM. Servers are required to reject a
MtE resumption on an EtM session.
The new client hello already ordered extensions to prevent an empty
extension from ever being last (working around a bug in some dumb
stack somewhere), but this was not true for the resume case. Fix that.
Beef up tests a bit - test ECDSA suites, alerts, and sqlite3 session db.
Sharing the session state across all the tests is what tipped me off
on the resumption bugs in the first place - as usual, what is not tested
does not work correctly.
|
| | |
|
| |
|
|
| |
[ci skip]
|
| |
|
|
|
|
|
|
|
| |
Check return value of read, found by Clang. See also #677
Remove unused member variable in OpenSSL ECC, found by Clang.
In ECDSA tests, if the pointer is null we should return rather
than dereferencing it. Found by Coverity.
|
| |\ |
|
| | | |
|
| | | |
|
| | | |
|
| |/
|
|
|
| |
One of the constructors initialized the member, the others did not.
Found by Coverity scanner.
|
| |
|
|
|
|
| |
The pool allocator itself is portable code, but it doesn't do anything
useful unless we have the ability to mlock/VirtualLock memory, which
is OS specific.
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| | |
Client interops with google.com, server not tested against an
independent client yet.
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
(or a countermeasure that is very similar to it).
Timing differences in the test suite show at most 120 clock cycle difference (SHA-1/256/384).
|
| | | | |
|
| | | | |
|
| |\ \ \ |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This required taking a global lock and doing a map lookup each
time an algorithm was requested (and so many times during a TLS
handshake).
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
I repent my use of global constructors.
I repent my use of global locks.
Hopefully I will never touch this code again.
:)
|
| | | |
| | |
| | |
| | |
| | |
| | | |
An invalid UTF-8 character prevented Latex
from generating a PDF document from the
doxygen-generated Latex API docs via make pdf.
|
| | | |
| | |
| | |
| | |
| | | |
If opening /dev/*random resulted in fd 0, we would both not use
that RNG and leak the file descriptor. Found with Coverity.
|
| | | |
| | |
| | |
| | | |
Nothing exciting.
|
| |\ \ \ |
|
| | |/ /
| | |
| | |
| | | |
Fix various doc building problems/warnings.
|
| |/ / |
|
| | |
| |
| |
| |
| |
| |
| | |
Previously validation asked the system clock which is not always
the correct thing (for example when using Roughtime protocol).
Had been on the todo list forever, forced into it by some of
the test certs expiring today.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously client was allowed to omit the Certificate message, a
leftover from supporting SSLv3. In all versions of TLS, an empty
message must be sent if the client does not want to use a cert.
No known security impact, but nothing we need to allow anymore.
Clean up the handshake switch a bit by using return statements.
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | | |
Updates NewHope to use that instead of the hard-coded SHAKE-128,
and adds toggle for BoringSSL compat mode using AES-128/CTR + SHA-256.
|
