aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests
Commit message (Collapse)AuthorAgeFilesLines
* Remove hamming_weight functionJack Lloyd2018-12-061-5/+4
| | | | | Unused outside of the test code and not really useful there either. Header is internal so no API breakage.
* Remove some conditional branches from divisionJack Lloyd2018-12-051-0/+2968
|
* Fix more MSVC warningsJack Lloyd2018-12-043-3/+23
|
* Fix a FFI test when threads are disabledJack Lloyd2018-12-031-1/+9
|
* Fix bug in TLS CBC unpaddingJack Lloyd2018-12-031-0/+6
| | | | | | Regression introduced in 007314c5 Found by OSS-Fuzz (bug id 11693)
* Add a constant time divide variant for dividing by uint8_tJack Lloyd2018-12-022-0/+22
| | | | | | | | | Originally wrote it for div-by-word but that ends up requiring a dword type which we don't always have. And uint8_t covers the most important cases of n = 10 and n = 58 (whenever I get around to writing base58). We could portably support up to div-by-uint32, but I don't think we need it. Nicely for n = 10, this is actually faster than the variable time division.
* Add a const-time division algorithmJack Lloyd2018-12-022-6/+23
| | | | | | | | It is stupid and slow (~50-100x slower than variable time version) but still useful for protecting critical algorithms. Not currently used, waiting for OSS-Fuzz to test it for a while before we commit to it.
* Fix a bug in bigint_sub_absJack Lloyd2018-12-021-0/+3
| | | | | | | If one of the values had leading zero words, this could end up calling bigint_sub with x_size < y_size. OSS-Fuzz 11664 and 11656
* Better debugging output when a test failsJack Lloyd2018-12-021-7/+15
| | | | Printing the output key makes it easier to find the offending test.
* Correct a bug in BigInt::operator%(word)Jack Lloyd2018-12-012-2/+17
| | | | | | If reducing a negative number modulo a power of 2, an incorrect result would be returned. This only affected the versions taking a single word as the modulo.
* Simplify BigInt addition and subtractionJack Lloyd2018-11-301-0/+24
| | | | | Addition already has to handle negative numbers so make it do double duty for subtraction.
* Fix a bug in OneAndZeros unpaddingJack Lloyd2018-11-301-0/+6
| | | | | | | Introduced in b13c0cc8590199d, it could only trigger if the block size was more than 256 bytes. In that case an invalid padding could be accepted. OSS-Fuzz 11608 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11608)
* Add CT::Mask typeJack Lloyd2018-11-281-34/+39
|
* Make exceptions easier to translate to error codesJack Lloyd2018-11-239-29/+28
| | | | | | | | | | | Avoid throwing base Botan::Exception type, as it is difficult to determine what the error is in that case. Add Exception::error_code and Exception::error_type which allows (for error code) more information about the error and (for error type) allows knowing the error type without requiring a sequence of catches. See GH #1742
* Merge GH #1743 Avoid memset/memcpy in library codeJack Lloyd2018-11-194-7/+14
|\
| * Avoid calling memset, memcpy within library codeJack Lloyd2018-11-174-7/+14
| | | | | | | | | | | | | | | | | | Prefer using wrappers in mem_utils for this. Current exception is where memcpy is being used to convert between two different types, since copy_mem requires input and output pointers have the same type. There should be a new function to handle conversion-via-memcpy operation.
* | Avoid a crank from Sonar [ci skip]Jack Lloyd2018-11-171-1/+1
|/
* Fix Sonar warningJack Lloyd2018-11-171-1/+1
|
* Run RSA blinding tests only with base providerAlexander Bluhm2018-11-081-2/+9
| | | | | Only the base provider uses blinding for RSA. So the test should run exclusively for this provider. Also use base provider explicitly.
* Compile fixJack Lloyd2018-11-071-1/+1
|
* Avoid throwing std:: exceptionsJack Lloyd2018-11-071-1/+1
| | | | | Also include <new> in mem_ops.cpp as apparently that header is where bad_alloc is defined.
* Avoid using std::invalid_argumentJack Lloyd2018-11-071-1/+1
| | | | See #1726
* Add ChaCha using SIMD_4x32Jack Lloyd2018-11-041-0/+36
| | | | | | | | | | | This allows supporting SSE2, NEON and AltiVec in a single codebase, so drop the NEON and SSE2 code. This new impl avoids having to do shuffles with every round and so is about 10% faster on Skylake. Also, fix bugs in both baseline and AVX2 implementations when the low counter overflowed. The SSE2 and NEON code were also buggy here.
* Use 64-bit integer for seek value in stream cipher testsJack Lloyd2018-11-041-1/+1
|
* Add VarMap::get_opt_u64Jack Lloyd2018-11-042-8/+25
|
* Correct testJack Lloyd2018-11-024-3/+18
| | | | This was trying to test for issue in #1723 but was incorrect.
* Handle setting AD after a nonce correctly in AEADsJack Lloyd2018-10-311-4/+29
| | | | | | | | | | | In some cases (EAX, GCM, ChaCha20Poly1305) the mode does not handle this. However previously it handled it incorrectly by producing incorrect output. Instead reject it with an exception. Add a test that, if the mode accepts an AD before the nonce, then it must process the message correctly. This is similar to the existing test that if the mode accepts an AD before the key is set it must do the right thing with it.
* Fixes and improvments for TSS codeJack Lloyd2018-10-293-17/+200
| | | | Fix a bug (bad length field), new APIs, etc
* Add VarMap::get_req_bin_listJack Lloyd2018-10-292-2/+30
|
* Add some long Blowfish testsJack Lloyd2018-10-182-0/+14
| | | | | The test suite was not hitting the 4x unrolled Blowfish added in f7a8bd2780c
* Fix TLS signature algorithm intoleranceJack Lloyd2018-10-161-0/+10
| | | | GH #1708
* Correct error with XTS minimum block sizeJack Lloyd2018-10-151-0/+579
| | | | | | | Add tests from NIST that demonstrate the problem, as well as OpenSSL generated tests for all input sizes 16...128 bytes. Fixes GH #1706
* Remove duplicated XTS test vectorsJack Lloyd2018-10-151-25/+2
|
* move instead of copyrumcajs2018-10-144-12/+12
|
* Add an explicit OS target for EmscriptenJack Lloyd2018-10-122-5/+9
| | | | | This allows things to mostly work out of the box (#1702), and allows us to write Emscripten specific code where required.
* Fixes for building for LLVM bitcode/EmscriptenJack Lloyd2018-10-071-1/+1
| | | | GH #1702
* Add more SM2 signature testsJack Lloyd2018-10-051-0/+56
| | | | | Using the standard SM2 and P-256 curves, instead of the SM2 test curve, for both SM3 and SHA-256 hashes. All values generated with GmSSL
* Resolve a leak in OpenSSL ECDSA verification for old OpenSSLJack Lloyd2018-10-031-1/+11
| | | | | | The code was using the 1.0 API incorrectly and causing a leak. https://github.com/riboseinc/rnp/issues/757
* Remove support for Visual C++ 2013Jack Lloyd2018-10-013-4/+4
| | | | Closes GH #1557
* Handle PPC crypto bit in tests [ci skip]Jack Lloyd2018-10-011-1/+1
|
* Fix more MSVC warningsJack Lloyd2018-10-014-7/+5
|
* Merge GH #1696 Fix bugs in UUID classJack Lloyd2018-09-301-0/+73
|\
| * Move UUID to utils, test it, and fix bugs.Jack Lloyd2018-09-301-0/+73
| | | | | | | | Fixes #1695
* | Add some tests of the versioning functionsJack Lloyd2018-09-301-0/+46
|/
* Add more tests for CBC, CFB, OFB, CTR and GCMJack Lloyd2018-09-296-2/+635
| | | | From NIST CAVP, OpenSSL test data, and elsewhere
* Refactor mode tests, and correct bugs foundJack Lloyd2018-09-293-119/+168
| | | | | | | | | | | | | | | | | | | Several problems in CBC found by adding tests - If you set a key, then set a nonce, then set a new key, you could encrypt without setting a new nonce. - It was possible to call CBC finish without setting a nonce, which would crash. - If you had an CBC decryption object, set a key, set a nonce, then reset message state, it should throw because no nonce is set. Instead it would carry on using an all-zero nonce. Disable CommonCrypto with PKCS7 padding as it seems to have some problem that I cannot figure out from the build logs. This work sponsored by Ribose Inc
* Avoid null pointer write in FFIJack Lloyd2018-09-281-0/+3
| | | | | | | | If a function returning variable length output was called with a null output buffer but a non-zero output buffer length, FFI layer would call memset(nullptr, 0, buffer_len) and crash. Caught by Coverity.
* Spell check the documentationJack Lloyd2018-09-281-1/+1
|
* Merge GH #1692 Fix test failure when http_util disabledJack Lloyd2018-09-261-1/+1
|\
| * Fix x509_path_x509test failing when http_util module was not enabledJose Pereira2018-09-251-1/+1
| |