aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* Add asserts to help out CoverityJack Lloyd2016-02-092-0/+4
| | | | | | It somehow deduces an input that is both > 0 and for which high_bit never finds a bit set and returns 0. In both cases that would lead to block being 0 and a negative shift.
* Avoid Coverity false positiveJack Lloyd2016-02-091-1/+5
| | | | | | | | It assumes unpoison is expecting a pointer to T and sizeof(T), but the sizeof is evaluated in unpoison but only in the case of building with valgrind. Just call the valgrind API again directly
* Don't leave member variables uninitialized. Found by Coverity scanner.Jack Lloyd2016-02-091-1/+1
|
* GlobalMemoryStatusEx is on XP GH #419Jack Lloyd2016-02-091-2/+2
|
* V816 It is more efficient to catch exception by reference rather than by ↵Daniel Neus2016-02-086-7/+7
| | | | value. asn1_time.cpp 159
* Make SRP6 support optional in TLSJack Lloyd2016-02-0710-20/+72
| | | | | | | | Remove SRP_SHA from the default policy, since normal applications do not need it. Removes nullptr initializers of unique_ptrs in the Server_Key_Exchange constructor, that's the default unique_ptr already.
* Utils needs librt dependency due to calling clock_gettimeJack Lloyd2016-02-071-0/+4
| | | | Was previously on hres_timer entropy source
* Add explicit fork check to HMAC_RNGJack Lloyd2016-02-076-85/+118
| | | | | | | | | | | Add OS functions get_process_id, get_processor_timestamp, and get_system_timestamp_ns. HMAC_RNG uses the pid call to detect forks to initiate a reseed. It also adds the output of all three functions (the pid, the CPU cycle counter, and the system timestamp) into the PRF input. Calls the new OS timer functions from hres_timer entropy source. Removes the call to QPC in es_win32 which is mostly redundant with the one in hres_timer.
* Remove support for the TLS min fragment length extension.Jack Lloyd2016-02-0711-147/+18
|
* Remove TLS heartbeat support.Jack Lloyd2016-02-0715-290/+1
| | | | | The signature of the alert callback remains unchanged to avoid breaking applications, though now the buffer parameter is never set.
* Remove redundant initialization. Closes GH #399Jack Lloyd2016-02-071-1/+0
|
* Revert GH #365 Replace deprecated Win API calls in Win32_EntropySourceJack Lloyd2016-02-061-3/+3
| | | | | | | | | | | | | | | | | | Thinking it over I've realized this was not a good move; XP may be EOLed but is still widely used and even VS 2015 still supports targeting XP. It's not really the same situation as going to extra efforts for supporting SunOS 5.1 or VAX/VMS, instead it actively broke support for something which is still widely deployed. And for those building for XP the options are patch out the call (GH #416) or disable win32_stats altogether in their build. I'd like to prevent downstream distributors from having to patch, because that can get messy. And while the design of CryptGenRandom is not disclosed it apparently has changed over time and at one point (IIRC) used RC4 to generate outputs, so if there is any OS that could use some extra help generating seed material it is XP. There may be future code that really makes use of APIs added after XP - CryptoNG, TPM support, etc and then people targetting XP will have to compile out those modules. But it doesn't make sense to break it here for this small gain.
* Order the accesses to A[] in the Keccak permutation.Jack Lloyd2016-02-061-17/+17
| | | | | | Consistent speed up of about ~5% on my machine. Also tried moving all the A[] values to local registers, was slower.
* Fix two bugs in 1.11.27 which caused test failures.1.11.28Jack Lloyd2016-02-012-4/+1
| | | | | | | | | | | | | The check on each individual size in curve_mul is too strict since we rely on redc(x*1) during the on the curve computation. Fix an off by one in ressol which caused it to occasionally reject valid values. Updating version 1.11.28 since existing 1.11.27 tag already pushed :( Fix an off-by-one in ressol which would cause it to occasionly give up too early.
* Fix heap overflow in ECC point multiplicationJack Lloyd2016-02-014-4/+24
| | | | | | | | | | | | | | If affine coordinates larger than the prime modulus were given, a later multiplication could overflow the size of an allocated output buffer, which was sized based on the size of the prime. This will cause an overflow into either the system heap or if the mlock/mmap pool allocator is in use, then into the adjacent key material stored in the pool. Reported by Alex Gaynor who found it with AFL Also fix a one word overwrite in P-521 reduction. Found with AFL
* Fix (nearly) infinite loop in RESSOL (modular square root).Jack Lloyd2016-02-011-8/+12
| | | | | | | It first computed the first i for q**(2**i) == 1, then checked that i was smaller than s. Given a composite modulus (for which the algorithm does not work), the loop might do a very large amount of work before returning the failure.
* Fix indentJack Lloyd2016-01-301-171/+193
|
* Add Blake2b hash function (GH #413 by cynecx)Jack Lloyd2016-01-304-0/+274
|\
| * Blake2b: use rotate_right instead of a macrocynecx2016-01-271-7/+5
| |
| * Blake2b: Fix for MSVCcynecx2016-01-261-5/+3
| |
| * Blake2b: Add copyright & fix header guardcynecx2016-01-262-3/+17
| |
| * Add Blake2b hash functioncynecx2016-01-264-0/+264
| |
* | Avoid -Wmaybe-uninitialized warning under GCC 5.3Jack Lloyd2016-01-291-4/+6
|/ | | | | | As best I can tell it wasn't actually possible for the value to be used uninitialized, since it was initialized if m_outer_summands > 1 and only used if m_outer_summands was at least 2.
* Add missing overrides and fix -Wpedantic 'extra ;' warningsJack Lloyd2016-01-173-28/+28
| | | | | | | | | | Remove -Wsuggest-attribute=noreturn from maintainer mode flags as it seems like outside of the assertion failure macro any other suggestion would always be a false positive (an unimplemented function or the like). Or at least, if such a function needing noreturn to assist with static analysis is added in the future it will be obvious, by virtue of the static analyzer warnings which occur due to the missing noreturn preventing the analyzer from understanding code flow.
* Make Entropy_Sources and Entropy_Accumulator final.Jack Lloyd2016-01-171-4/+2
| | | | Remove bogus virtual destructor on Entropy_Accumulator (has no virtuals)
* Avoid set<Ciphersuite>Jack Lloyd2016-01-171-6/+7
| | | | Works around a libstdc++ bug when fuzzing with libFuzzer
* Merge GH #365 Replace deprecated Windows API calls in Win32_EntropySourceJack Lloyd2016-01-131-3/+3
|\ | | | | | | | | | | By adopting MemoryStatusEx, this drops support for XP and Server 2003 which do not implement this API. This is considered a feature as these versions are already EOLed by Microsoft.
| * Replace deprecated Win API calls in Win32_EntropySourceDaniel Neus2015-12-161-3/+3
| | | | | | | | | | * GetTickCount is replaced by GetTickCount64(): see https://msdn.microsoft.com/en-us/library/windows/desktop/ms724408(v=vs.85).aspx for details * GlobalMemoryStatus is replaced by GlobalMemoryStatusEx: see https://msdn.microsoft.com/en-us/library/windows/desktop/aa366589(v=vs.85).aspx for details
* | Merge GH #409 Add Microsoft SmartcardLogon extended key usage OIDJack Lloyd2016-01-121-0/+2
|\ \
| * | Add Microsoft SmartcardLogon extended key usage OIDRené Korthaus2016-01-121-0/+2
| | |
* | | Merge GH #408 Add final attribute on many classesJack Lloyd2016-01-12122-211/+213
|\ \ \
| * | | Add final attribute to many classesJack Lloyd2016-01-10122-211/+213
| |/ / | | | | | | | | | | | | | | | | | | In some cases this can offer better optimization, via devirtualization. And it lets the user know the class is not intended for derivation. Some discussion in GH #402
* | | Merge GH #407 Add m_ prefix to more member variablesJack Lloyd2016-01-124-109/+109
|\ \ \
| * | | Prefix more member vars with m_ prefixRené Korthaus2016-01-114-109/+109
| |/ /
* / / Get rid of "extra ';'" warnings and force semicolon after macrosSimon Warta2016-01-111-4/+1
|/ /
* | Merge remote-tracking branch 'remotes/github/master' into noreturnDaniel Neus2016-01-09206-2973/+3004
|\ \ | | | | | | | | | | | | # Conflicts: # src/build-data/cc/gcc.txt
| * | Mass-prefix member vars with m_René Korthaus2016-01-08205-2972/+3003
| | |
| * | add missing overridesDaniel Neus2016-01-081-1/+1
| | | | | | | | | | | | found by gcc with -Wsuggest-override
* | | move noreturn before the function declarationDaniel Neus2016-01-081-2/+2
| | |
* | | don't declare functions noreturn that are maybe implemented in the futureDaniel Neus2016-01-084-5/+5
| | | | | | | | | | | | In addition don't declare virtual functions noreturn
* | | add BOTAN_NORETURN macro and mark those functions that do not return with itDaniel Neus2016-01-085-6/+6
|/ /
* | Precompile the list of TLS ciphersuitesJack Lloyd2016-01-063-294/+458
| | | | | | | | | | | | | | | | | | | | This avoids a scan over the entire 0 - 0xFFFF space which is mostly empty, by instead keeping a second list in tls_suite_info which is exactly the keys for which the switch statement has values. This scan is only ever done once (when first needed) but removing it is sufficient to increase AFL's throuhput by 4x since it goes through a full startup on each test.
* | String comparision fixesDaniel Neus2016-01-0427-48/+48
| | | | | | | | fix PVS-Studio perfomance warnings
* | Add ECDH via OpenSSLJack Lloyd2016-01-044-18/+121
| | | | | | | | | | | | | | | | | | | | Expose provider param in PK_Key_Agreement API Handle multiple providers in key agreement tests Fix some funky formatting of P-521 EC points in ecdh.vec which was being rejected by OpenSSL; for whatever reason the CAVS file had the affine coords with far more leading zeros than necessary.
* | Use valgrind's memcheck API for checking const time annotationsJack Lloyd2016-01-032-15/+59
| | | | | | | | | | | | | | Has the same effect as using ctgrind, but without requiring a custom-compiled valgrind binary. Add ct checking annotations to the SSSE3 AES code.
* | Add extended master secret extension (RFC 7627) to TLSJack Lloyd2016-01-0310-12/+118
| | | | | | | | Interop tested with mbed TLS
* | Fix PointGFp multiplication bugJack Lloyd2016-01-031-18/+0
| | | | | | | | | | | | There was a special case for small scalars which managed to forget that the integer 3 also fits into two bits. Found by adding a new set of ECC point mul tests for the NIST curves.
* | Prettify mp_comba a bitJack Lloyd2016-01-011-44/+44
| | | | | | | | | | | | Aligning the calls makes it easier to read the index travel Add a date to the generated output file
* | Add cast to a suspcious looking (but actually ok in this case) shift in MARSJack Lloyd2016-01-011-1/+1
| | | | | | | | j is never more than 30 in this loop
* | Remove RNG::gen_mask, which had undefined behavior when bits >= 32Jack Lloyd2016-01-011-12/+0
| | | | | | | | | | | | | | | | | | | | Bug found by Daniel Neus The function wasn't being used anywhere in the library (and was only added in 1.11.20) so it seems easier to remove than fix. And removing it serves to put any user on notice that something bad happened; Daniel tested this as returning just 0 when bits >= 32 with his system's compiler.