| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
It somehow deduces an input that is both > 0 and for which high_bit
never finds a bit set and returns 0. In both cases that would lead to
block being 0 and a negative shift.
|
|
|
|
|
|
|
|
| |
It assumes unpoison is expecting a pointer to T and sizeof(T), but the
sizeof is evaluated in unpoison but only in the case of building with
valgrind.
Just call the valgrind API again directly
|
| |
|
| |
|
|
|
|
| |
value. asn1_time.cpp 159
|
|
|
|
|
|
|
|
| |
Remove SRP_SHA from the default policy, since normal applications do
not need it.
Removes nullptr initializers of unique_ptrs in the Server_Key_Exchange
constructor, that's the default unique_ptr already.
|
|
|
|
| |
Was previously on hres_timer entropy source
|
|
|
|
|
|
|
|
|
|
|
| |
Add OS functions get_process_id, get_processor_timestamp, and
get_system_timestamp_ns. HMAC_RNG uses the pid call to detect forks to
initiate a reseed. It also adds the output of all three functions (the
pid, the CPU cycle counter, and the system timestamp) into the PRF input.
Calls the new OS timer functions from hres_timer entropy source.
Removes the call to QPC in es_win32 which is mostly redundant with the
one in hres_timer.
|
| |
|
|
|
|
|
| |
The signature of the alert callback remains unchanged to avoid
breaking applications, though now the buffer parameter is never set.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Thinking it over I've realized this was not a good move; XP may be EOLed but is
still widely used and even VS 2015 still supports targeting XP. It's not really
the same situation as going to extra efforts for supporting SunOS 5.1 or VAX/VMS,
instead it actively broke support for something which is still widely deployed.
And for those building for XP the options are patch out the call (GH #416) or
disable win32_stats altogether in their build. I'd like to prevent downstream
distributors from having to patch, because that can get messy. And while the
design of CryptGenRandom is not disclosed it apparently has changed over time
and at one point (IIRC) used RC4 to generate outputs, so if there is any OS that
could use some extra help generating seed material it is XP.
There may be future code that really makes use of APIs added after XP - CryptoNG,
TPM support, etc and then people targetting XP will have to compile out those
modules. But it doesn't make sense to break it here for this small gain.
|
|
|
|
|
|
| |
Consistent speed up of about ~5% on my machine.
Also tried moving all the A[] values to local registers, was slower.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The check on each individual size in curve_mul is too strict since
we rely on redc(x*1) during the on the curve computation.
Fix an off by one in ressol which caused it to occasionally reject
valid values.
Updating version 1.11.28 since existing 1.11.27 tag already pushed :(
Fix an off-by-one in ressol which would cause it to occasionly
give up too early.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If affine coordinates larger than the prime modulus were given,
a later multiplication could overflow the size of an allocated
output buffer, which was sized based on the size of the prime.
This will cause an overflow into either the system heap or if the
mlock/mmap pool allocator is in use, then into the adjacent key
material stored in the pool.
Reported by Alex Gaynor who found it with AFL
Also fix a one word overwrite in P-521 reduction. Found with AFL
|
|
|
|
|
|
|
| |
It first computed the first i for q**(2**i) == 1, then checked that i
was smaller than s. Given a composite modulus (for which the algorithm
does not work), the loop might do a very large amount of work before
returning the failure.
|
| |
|
|\ |
|
| | |
|
| | |
|
| | |
|
| | |
|
|/
|
|
|
|
| |
As best I can tell it wasn't actually possible for the value to be
used uninitialized, since it was initialized if m_outer_summands > 1
and only used if m_outer_summands was at least 2.
|
|
|
|
|
|
|
|
|
|
| |
Remove -Wsuggest-attribute=noreturn from maintainer mode flags as it
seems like outside of the assertion failure macro any other suggestion
would always be a false positive (an unimplemented function or the like).
Or at least, if such a function needing noreturn to assist with static
analysis is added in the future it will be obvious, by virtue of the
static analyzer warnings which occur due to the missing noreturn
preventing the analyzer from understanding code flow.
|
|
|
|
| |
Remove bogus virtual destructor on Entropy_Accumulator (has no virtuals)
|
|
|
|
| |
Works around a libstdc++ bug when fuzzing with libFuzzer
|
|\
| |
| |
| |
| |
| | |
By adopting MemoryStatusEx, this drops support for XP and Server 2003
which do not implement this API. This is considered a feature as these
versions are already EOLed by Microsoft.
|
| |
| |
| |
| |
| | |
* GetTickCount is replaced by GetTickCount64(): see https://msdn.microsoft.com/en-us/library/windows/desktop/ms724408(v=vs.85).aspx for details
* GlobalMemoryStatus is replaced by GlobalMemoryStatusEx: see https://msdn.microsoft.com/en-us/library/windows/desktop/aa366589(v=vs.85).aspx for details
|
|\ \ |
|
| | | |
|
|\ \ \ |
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
In some cases this can offer better optimization, via devirtualization.
And it lets the user know the class is not intended for derivation.
Some discussion in GH #402
|
|\ \ \ |
|
| |/ / |
|
|/ / |
|
|\ \
| | |
| | |
| | |
| | | |
# Conflicts:
# src/build-data/cc/gcc.txt
|
| | | |
|
| | |
| | |
| | |
| | | |
found by gcc with -Wsuggest-override
|
| | | |
|
| | |
| | |
| | |
| | | |
In addition don't declare virtual functions noreturn
|
|/ / |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This avoids a scan over the entire 0 - 0xFFFF space which is mostly
empty, by instead keeping a second list in tls_suite_info which is
exactly the keys for which the switch statement has values.
This scan is only ever done once (when first needed) but removing it
is sufficient to increase AFL's throuhput by 4x since it goes through
a full startup on each test.
|
| |
| |
| |
| | |
fix PVS-Studio perfomance warnings
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Expose provider param in PK_Key_Agreement API
Handle multiple providers in key agreement tests
Fix some funky formatting of P-521 EC points in ecdh.vec which was
being rejected by OpenSSL; for whatever reason the CAVS file had
the affine coords with far more leading zeros than necessary.
|
| |
| |
| |
| |
| |
| |
| | |
Has the same effect as using ctgrind, but without requiring a
custom-compiled valgrind binary.
Add ct checking annotations to the SSSE3 AES code.
|
| |
| |
| |
| | |
Interop tested with mbed TLS
|
| |
| |
| |
| |
| |
| | |
There was a special case for small scalars which managed to forget
that the integer 3 also fits into two bits. Found by adding a new set
of ECC point mul tests for the NIST curves.
|
| |
| |
| |
| |
| |
| | |
Aligning the calls makes it easier to read the index travel
Add a date to the generated output file
|
| |
| |
| |
| | |
j is never more than 30 in this loop
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bug found by Daniel Neus
The function wasn't being used anywhere in the library (and was only
added in 1.11.20) so it seems easier to remove than fix. And removing
it serves to put any user on notice that something bad happened;
Daniel tested this as returning just 0 when bits >= 32 with his
system's compiler.
|