aboutsummaryrefslogtreecommitdiffstats
path: root/src/pk_pad
Commit message (Collapse)AuthorAgeFilesLines
* Fix various issues flagged by cppcheck. Nothing too interesting.lloyd2012-08-131-2/+2
|
* Replace 0 and NULL pointer constants with nullptr. Also fix an oldlloyd2012-05-181-2/+2
| | | | style cast in secmem.h
* Fairly huge update that replaces the old secmem types with std::vectorlloyd2012-05-1821-116/+135
| | | | | | using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed.
* propagate from branch 'net.randombit.botan' (head ↵lloyd2012-05-181-1/+4
|\ | | | | | | | | | | 6332543aa5a8a4cc13662008ff9ac0f0016d9a4d) to branch 'net.randombit.botan.cxx11' (head 5517c9f8f6d1990f269afb94f569a97a80c5a5f4)
| * NR_Verification_Operation::verify_mr would return false if the inputlloyd2012-05-181-1/+4
| | | | | | | | | | | | | | | | | | | | was not the right size for a signature (following DSA). This would silently convert to an empty vector which we would treat as a valid message on the return. However the EMSA checks will always fail so not a huge problem. While checking this out I noticed that an empty value for EMSA4 would result in us reading memory we didn't own.
* | First step towards replacing the existing containers with std::vectorlloyd2012-05-185-10/+10
|/ | | | | | with a custom allocator; remove the 3 argument version of MemoryRegion::copy, replacing with freestanding buffer_insert function.
* Search for the delimiter bytes in OAEP using a loop that doesn't havelloyd2011-05-051-25/+34
| | | | | | | conditionals to help avoid timing anylsis. Unfortunately GCC is too smart for us and compiles it to jumps anyway; probably would need to put the delim search into its own function and pass variables by volatile pointers to force the compiler to do what we want.
* Make MemoryRegion::set protected, change all callerslloyd2010-10-291-25/+20
|
* EME1::HASH_LENGTH was always exactly the output size of the hash, butlloyd2010-10-282-18/+16
| | | | | | Phash is a vector we were keeping around which has an actual hash output, so just access Phash.size() and avoid the need to carry an extra size_t around.
* Use output_length() instead of OUTPUT_LENGTH pseudo-propertylloyd2010-10-135-9/+9
|
* Use size_t instead of u32bit in pk_padlloyd2010-10-1219-109/+109
|
* Update all uses of MemoryRegion::append to use either push_back or operator+=lloyd2010-09-152-2/+2
|
* Implicit conversionslloyd2010-09-141-1/+1
|
* Remove more uses of vector to pointer implicit conversionslloyd2010-09-134-14/+20
|
* More vector->pointer conversion removals.lloyd2010-09-132-3/+2
| | | | | | | | | | | Add RandomNumberGenerator::random_vec, which takes an length n and returns a new SecureVector with randomized contents of that size. This nicely covers most of the cases where randomize was being called on a vector, and is a little cleaner in the code as well, instead of vec.resize(length); rng.randomize(&vec[0], vec.size()); we just write vec = rng.random_vec(length);
* Anywhere where we use MemoryRegion::begin to get access to the raw pointerlloyd2010-09-131-2/+2
| | | | | representation (rather than in an interator context), instead use &buf[0], which works for both MemoryRegion and std::vector
* Rename MemoryRegion::destroy to MemoryRegion::clear to match STLlloyd2010-09-081-3/+3
|
* Big, invasive but mostly automated change, with a further attempt atlloyd2010-09-072-4/+2
| | | | | | | | | | | | | | harmonising MemoryRegion with std::vector: The MemoryRegion::clear() function would zeroise the buffer, but keep the memory allocated and the size unchanged. This is very different from STL's clear(), which is basically the equivalent to what is called destroy() in MemoryRegion. So to be able to replace MemoryRegion with a std::vector, we have to rename destroy() to clear() and we have to expose the current functionality of clear() in some other way, since vector doesn't support this operation. Do so by adding a global function named zeroise() which takes a MemoryRegion which is zeroed. Remove clear() to ensure all callers are updated.
* Doxygenlloyd2010-06-216-14/+34
|
* Doxygenlloyd2010-06-216-28/+122
|
* More Doxygen updates/fixeslloyd2010-06-159-15/+18
|
* Put PKCS hash ids in anon namespacelloyd2010-06-021-21/+22
|
* Partially protect OAEP decoding against a timing attack. Possibilitylloyd2010-05-121-12/+28
| | | | | | | | of this pointed out by Falko Strenzke. The timing differences between different error conditions could lead to attacks even with the same error message. Instead use a (mostly) straightline implementation. However scanning for the delim byte is still timing/input dependenant, so this is not a 100% fix.
* Fix EMSA_Raw in the case where the original input had leading 0 bytes.lloyd2010-04-211-1/+19
|
* Clean up exceptions. Remove some unused ones like Config_Error. Makelloyd2010-01-051-1/+1
| | | | | | | Invalid_Argument just a typedef for std::invalid_argument. Make Botan::Exception a typedef for std::runtime_error. Make Memory_Exhaustion a public exception, and use it in other places where memory allocations can fail.
* Make many more headers internal-only.lloyd2009-12-161-1/+1
| | | | | | | | | | | | | Fixes for the amalgamation generator for internal headers. Remove BOTAN_DLL exporting macros from all internal-only headers; the classes/functions there don't need to be exported, and avoiding the PIC/GOT indirection can be a big win. Add missing BOTAN_DLLs where necessary, mostly gfpmath and cvc For GCC, use -fvisibility=hidden and set BOTAN_DLL to the visibility __attribute__ to export those classes/functions.
* Full working amalgamation build, plus internal-only headers concept.lloyd2009-12-1610-67/+0
|
* Remove the 'realname' attribute on all modules and cc/cpu/os info files.lloyd2009-10-2910-20/+0
| | | | | Pretty much useless and unused, except for listing the module names in build.h and the short versions totally suffice for that.
* Remove all exception specifications. The way these are designed in C++ islloyd2009-10-2211-13/+13
| | | | | | just too fragile and not that useful. Something like Java's checked exceptions might be nice, but simply killing the process entirely if an unexpected exception is thrown is not exactly useful for something trying to be robust.
* Move some files around to break up dependencies between directorieslloyd2009-07-162-0/+5
|
* Add a script that reads the output of print_deps.py and rewriteslloyd2009-07-157-9/+22
| | | | | | the info.txt files with the right module dependencies. Apply it across the codebase.
* Thomas Moschny passed along a request from the Fedora packagers which camelloyd2009-03-3021-198/+240
| | | | | | | | | | | | | | | up during the Fedora submission review, that each source file include some text about the license. One handy Perl script later and each file now has the line Distributed under the terms of the Botan license after the copyright notices. While I was in there modifying every file anyway, I also stripped out the remainder of the block comments (lots of astericks before and after the text); this is stylistic thing I picked up when I was first learning C++ but in retrospect it is not a good style as the structure makes it harder to modify comments (with the result that comments become fewer, shorter and are less likely to be updated, which are not good things).
* Add a ref to a paper describing a chosen ciphertext attack on OAEPlloyd2008-12-081-0/+8
| | | | since it is relevant to the implementation.
* Fix name of function in exception throwlloyd2008-11-301-1/+1
|
* In EMSA3_Raw::raw_data, clear message buffer (reset) before returninglloyd2008-11-281-1/+3
|
* Add a variant of EMSA3 called EMSA3_Raw which does not hash the data orlloyd2008-11-282-46/+123
| | | | | | | add a digest identifier. This was a feature requested on the mailing list. Apparently this scheme is called CKM_RSA_PKCS in PKCS #11, and is supported by a number of libraries, including QCA.
* Add SHA-224 hash ids for EMSA2/X9.31 and EMSA3/PKCS #1 v1.5 public keylloyd2008-11-281-3/+14
| | | | signature padding schemes.
* Rickard Bondesson reported on the mailing list that he had noticedlloyd2008-11-281-11/+13
| | | | | | | | | | | | | | a discrepency between OpenSSL and Botan when generating SHA-512/EMSA3 signatures. In fact it turns out that the EMSA3 identifier for SHA-512 contained a typo and was incorrect. Unfortunately this means that SHA-512/EMSA3 signatures generated by Botan up until now will not be accepted by other implementations, and the signatures by other implementations would not be accepted by Botan. Currently I am not making any provision for backwards compatability with the old incorrect hash identifier, since I am assuming/guessing that SHA-512/EMSA3 is not a very common combination.
* Split pk_pad.h into eme.h and emsa.hlloyd2008-11-1011-33/+50
|
* Split base.h into block_cipher.h and stream_cipher.hlloyd2008-11-081-1/+1
| | | | | | It turned out many files were including base.h merely to get other includes (like types.h, secmem.h, and exceptn.h). Those have been changed to directly include the files containing the declarations that code needs.
* Move the declaration of the HashFunction base class to a new header hash.hlloyd2008-11-085-0/+5
| | | | (from base.h)
* Put pk_pad.{h,cpp} from core into pk_pad/ dir (cleaner I think)lloyd2008-10-263-0/+116
|
* Add BSI variant of EMSA1, from InSiTolloyd2008-10-084-0/+73
|
* Split kdf.h and kdf.cpp from core/ to kdf/kdf_baselloyd2008-10-081-6/+5
| | | | Update dependencies as needed.
* Remove lookup from Randpool, HMAC, CMAC, CBC-MAC, TLS-PRF, and PBKDF2lloyd2008-09-301-1/+0
|
* Remove lookup/libstate dependency on Lion, KDF1, KDF2, EMSA[1-4]lloyd2008-09-308-29/+16
|
* Remove dependency on lookup.h from EME1. Now hardcoded to use MGF1 (thelloyd2008-09-303-7/+13
| | | | | only implemented MGF in Botan, and the only standardized MGF I even know of) with the same hash as generated Phash (you would always want this anyway).
* Move KDF, EME, and EMSA base classes from pubkey to core to remove alloyd2008-09-297-7/+9
| | | | false dependency on BigInt in the KDF/padding code.
* Rename all modinfo.txt files to info.txt, since they are all (none) oflloyd2008-09-298-0/+0
| | | | | them modules now. In any case there is no distinction so info.txt seems better.
* Remove more dependencies on the global state object.lloyd2008-09-293-12/+13
| | | | | | | New argument to X509_CRL constructor, a boolean that specifies if an exception should be thrown upon encountering an unknown extension type marked as critical. Previously this was controlled globally via the x509/crl/unknown_critical policy flag.