aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* Remove TLS heartbeat support.Jack Lloyd2016-02-0715-290/+1
| | | | | The signature of the alert callback remains unchanged to avoid breaking applications, though now the buffer parameter is never set.
* Remove redundant initialization. Closes GH #399Jack Lloyd2016-02-071-1/+0
|
* Revert GH #365 Replace deprecated Win API calls in Win32_EntropySourceJack Lloyd2016-02-061-3/+3
| | | | | | | | | | | | | | | | | | Thinking it over I've realized this was not a good move; XP may be EOLed but is still widely used and even VS 2015 still supports targeting XP. It's not really the same situation as going to extra efforts for supporting SunOS 5.1 or VAX/VMS, instead it actively broke support for something which is still widely deployed. And for those building for XP the options are patch out the call (GH #416) or disable win32_stats altogether in their build. I'd like to prevent downstream distributors from having to patch, because that can get messy. And while the design of CryptGenRandom is not disclosed it apparently has changed over time and at one point (IIRC) used RC4 to generate outputs, so if there is any OS that could use some extra help generating seed material it is XP. There may be future code that really makes use of APIs added after XP - CryptoNG, TPM support, etc and then people targetting XP will have to compile out those modules. But it doesn't make sense to break it here for this small gain.
* Order the accesses to A[] in the Keccak permutation.Jack Lloyd2016-02-061-17/+17
| | | | | | Consistent speed up of about ~5% on my machine. Also tried moving all the A[] values to local registers, was slower.
* Fix two bugs in 1.11.27 which caused test failures.1.11.28Jack Lloyd2016-02-012-4/+1
| | | | | | | | | | | | | The check on each individual size in curve_mul is too strict since we rely on redc(x*1) during the on the curve computation. Fix an off by one in ressol which caused it to occasionally reject valid values. Updating version 1.11.28 since existing 1.11.27 tag already pushed :( Fix an off-by-one in ressol which would cause it to occasionly give up too early.
* Fix heap overflow in ECC point multiplicationJack Lloyd2016-02-014-4/+24
| | | | | | | | | | | | | | If affine coordinates larger than the prime modulus were given, a later multiplication could overflow the size of an allocated output buffer, which was sized based on the size of the prime. This will cause an overflow into either the system heap or if the mlock/mmap pool allocator is in use, then into the adjacent key material stored in the pool. Reported by Alex Gaynor who found it with AFL Also fix a one word overwrite in P-521 reduction. Found with AFL
* Fix (nearly) infinite loop in RESSOL (modular square root).Jack Lloyd2016-02-011-8/+12
| | | | | | | It first computed the first i for q**(2**i) == 1, then checked that i was smaller than s. Given a composite modulus (for which the algorithm does not work), the loop might do a very large amount of work before returning the failure.
* Fix indentJack Lloyd2016-01-301-171/+193
|
* Add Blake2b hash function (GH #413 by cynecx)Jack Lloyd2016-01-304-0/+274
|\
| * Blake2b: use rotate_right instead of a macrocynecx2016-01-271-7/+5
| |
| * Blake2b: Fix for MSVCcynecx2016-01-261-5/+3
| |
| * Blake2b: Add copyright & fix header guardcynecx2016-01-262-3/+17
| |
| * Add Blake2b hash functioncynecx2016-01-264-0/+264
| |
* | Avoid -Wmaybe-uninitialized warning under GCC 5.3Jack Lloyd2016-01-291-4/+6
|/ | | | | | As best I can tell it wasn't actually possible for the value to be used uninitialized, since it was initialized if m_outer_summands > 1 and only used if m_outer_summands was at least 2.
* Add missing overrides and fix -Wpedantic 'extra ;' warningsJack Lloyd2016-01-173-28/+28
| | | | | | | | | | Remove -Wsuggest-attribute=noreturn from maintainer mode flags as it seems like outside of the assertion failure macro any other suggestion would always be a false positive (an unimplemented function or the like). Or at least, if such a function needing noreturn to assist with static analysis is added in the future it will be obvious, by virtue of the static analyzer warnings which occur due to the missing noreturn preventing the analyzer from understanding code flow.
* Make Entropy_Sources and Entropy_Accumulator final.Jack Lloyd2016-01-171-4/+2
| | | | Remove bogus virtual destructor on Entropy_Accumulator (has no virtuals)
* Avoid set<Ciphersuite>Jack Lloyd2016-01-171-6/+7
| | | | Works around a libstdc++ bug when fuzzing with libFuzzer
* Merge GH #365 Replace deprecated Windows API calls in Win32_EntropySourceJack Lloyd2016-01-131-3/+3
|\ | | | | | | | | | | By adopting MemoryStatusEx, this drops support for XP and Server 2003 which do not implement this API. This is considered a feature as these versions are already EOLed by Microsoft.
| * Replace deprecated Win API calls in Win32_EntropySourceDaniel Neus2015-12-161-3/+3
| | | | | | | | | | * GetTickCount is replaced by GetTickCount64(): see https://msdn.microsoft.com/en-us/library/windows/desktop/ms724408(v=vs.85).aspx for details * GlobalMemoryStatus is replaced by GlobalMemoryStatusEx: see https://msdn.microsoft.com/en-us/library/windows/desktop/aa366589(v=vs.85).aspx for details
* | Merge GH #409 Add Microsoft SmartcardLogon extended key usage OIDJack Lloyd2016-01-121-0/+2
|\ \
| * | Add Microsoft SmartcardLogon extended key usage OIDRené Korthaus2016-01-121-0/+2
| | |
* | | Merge GH #408 Add final attribute on many classesJack Lloyd2016-01-12122-211/+213
|\ \ \
| * | | Add final attribute to many classesJack Lloyd2016-01-10122-211/+213
| |/ / | | | | | | | | | | | | | | | | | | In some cases this can offer better optimization, via devirtualization. And it lets the user know the class is not intended for derivation. Some discussion in GH #402
* | | Merge GH #407 Add m_ prefix to more member variablesJack Lloyd2016-01-124-109/+109
|\ \ \
| * | | Prefix more member vars with m_ prefixRené Korthaus2016-01-114-109/+109
| |/ /
* / / Get rid of "extra ';'" warnings and force semicolon after macrosSimon Warta2016-01-111-4/+1
|/ /
* | Merge remote-tracking branch 'remotes/github/master' into noreturnDaniel Neus2016-01-09206-2973/+3004
|\ \ | | | | | | | | | | | | # Conflicts: # src/build-data/cc/gcc.txt
| * | Mass-prefix member vars with m_René Korthaus2016-01-08205-2972/+3003
| | |
| * | add missing overridesDaniel Neus2016-01-081-1/+1
| | | | | | | | | | | | found by gcc with -Wsuggest-override
* | | move noreturn before the function declarationDaniel Neus2016-01-081-2/+2
| | |
* | | don't declare functions noreturn that are maybe implemented in the futureDaniel Neus2016-01-084-5/+5
| | | | | | | | | | | | In addition don't declare virtual functions noreturn
* | | add BOTAN_NORETURN macro and mark those functions that do not return with itDaniel Neus2016-01-085-6/+6
|/ /
* | Precompile the list of TLS ciphersuitesJack Lloyd2016-01-063-294/+458
| | | | | | | | | | | | | | | | | | | | This avoids a scan over the entire 0 - 0xFFFF space which is mostly empty, by instead keeping a second list in tls_suite_info which is exactly the keys for which the switch statement has values. This scan is only ever done once (when first needed) but removing it is sufficient to increase AFL's throuhput by 4x since it goes through a full startup on each test.
* | String comparision fixesDaniel Neus2016-01-0427-48/+48
| | | | | | | | fix PVS-Studio perfomance warnings
* | Add ECDH via OpenSSLJack Lloyd2016-01-044-18/+121
| | | | | | | | | | | | | | | | | | | | Expose provider param in PK_Key_Agreement API Handle multiple providers in key agreement tests Fix some funky formatting of P-521 EC points in ecdh.vec which was being rejected by OpenSSL; for whatever reason the CAVS file had the affine coords with far more leading zeros than necessary.
* | Use valgrind's memcheck API for checking const time annotationsJack Lloyd2016-01-032-15/+59
| | | | | | | | | | | | | | Has the same effect as using ctgrind, but without requiring a custom-compiled valgrind binary. Add ct checking annotations to the SSSE3 AES code.
* | Add extended master secret extension (RFC 7627) to TLSJack Lloyd2016-01-0310-12/+118
| | | | | | | | Interop tested with mbed TLS
* | Fix PointGFp multiplication bugJack Lloyd2016-01-031-18/+0
| | | | | | | | | | | | There was a special case for small scalars which managed to forget that the integer 3 also fits into two bits. Found by adding a new set of ECC point mul tests for the NIST curves.
* | Prettify mp_comba a bitJack Lloyd2016-01-011-44/+44
| | | | | | | | | | | | Aligning the calls makes it easier to read the index travel Add a date to the generated output file
* | Add cast to a suspcious looking (but actually ok in this case) shift in MARSJack Lloyd2016-01-011-1/+1
| | | | | | | | j is never more than 30 in this loop
* | Remove RNG::gen_mask, which had undefined behavior when bits >= 32Jack Lloyd2016-01-011-12/+0
| | | | | | | | | | | | | | | | | | | | Bug found by Daniel Neus The function wasn't being used anywhere in the library (and was only added in 1.11.20) so it seems easier to remove than fix. And removing it serves to put any user on notice that something bad happened; Daniel tested this as returning just 0 when bits >= 32 with his system's compiler.
* | Drop seed_tabJack Lloyd2016-01-011-192/+0
| | | | | | | | | | (Two part commit with 64caa9a to work around git's insane implied rename system)
* | Inline SEED's sbox tablesJack Lloyd2016-01-012-33/+203
| | | | | | | | Simpler, and a bit faster also it seems (but not fast)
* | Merge pull request #381 from cordney/fix-load-unencryped-key-from-berJack Lloyd2015-12-312-31/+99
|\ \ | | | | | | Fix loading of unencrypted, BER encoded private keys via PKCS8 api
| * | Fix loading of unencrypted, BER encoded private keys via PKCS8 apiRené Korthaus2015-12-252-31/+99
| | |
* | | Use memcpy instead of misaligned pointer casts for reading words.Jack Lloyd2015-12-312-80/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It works on x86, but C says it is undefined and it makes UBSan unhappy. Happily, this memcpy approach probably also works fine under processors which previously used the byte-at-a-time approach such as ARM. But for right now using memcpy here is still gated under the processor alignment flags. In my tests recent GCC and Clang seemed to produce basically identical code for either approach when using -O3; I imagine most compilers these days are very good at analyzing/inlining/unrolling memcpys. Also remove the manually unrolled versions of xor_buf, which caused problems with GCC and -O3 due to it vectorizing the loads into (aligned) SSE2 loads, which would fail when a misaligned pointer was passed. Which always seemed kind of bogus to me, but I guess that's what undefined behavior is for. Enable -O3 for GCC. With this change the test suite is clean under GCC ASan+UBSan and Clang ASan+UBSan, with the exception of one failure due to a bug in libstdc++ (GCC bug 60734) when compiled by Clang.
* | | Add missing assignment in DataSource::discard_nextJack Lloyd2015-12-311-0/+1
| | | | | | | | | | | | Reported on the mailing list by Falko
* | | Move McEliece KEM operation into the same file as the key type.Jack Lloyd2015-12-262-74/+65
| | | | | | | | | | | | | | | | | | | | | Otherwise we run into the old problem in the static non-amalgamation build of the operation not being loaded even though the key itself was referenced; since now the operation is loaded as a by-product of referencing the key type (as with other impls) everything works out.
* | | Remove debug printsJack Lloyd2015-12-261-4/+0
| | |
* | | Merge pull request #378 from neusdan/warning_fixesJack Lloyd2015-12-266-9/+7
|\ \ \ | | | | | | | | Some trivial compiler and PVS-Studio warning fixes
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 02:17:07 +0000