| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
GH #681
|
| |
|
|\ |
|
| |
| |
| |
| |
| | |
Change AutoSeeded_RNG to use SHA-384, SHA-256, SHA-3(256), or SHA-1,
whichever is available (in that order).
|
|/
|
|
| |
Simplify algo_filt.cpp using create_or_throw
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
GMAC needs a per-message nonce specified with `start`, and other
MACs are capable of using nonces (Skein-MAC, for instance) so move
this API up to MAC class.
Change GMAC::clone to clone the owned cipher.
|
| |
| |
| |
| |
| | |
Adds support for Galois Message Authentication Code calculation based on
GHASH, rather than GCM_Mode.
|
| |
| |
| |
| |
| |
| | |
- Added GMAC class
- Integrated GMAC into MAC-Class test bench. Run GMAC tests using
./botan-test mac
|
|\ \ |
|
| |/ |
|
| | |
|
| |
| |
| |
| |
| | |
No real way to test what/if `clear` does, but at least we know it
runs and doesn't crash which is an improvement over the status quo.
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In this round of write some tests and find a bug, Threaded_Fork
seems to be completely broken. I don't think the semaphore approach
it uses really works (consistently) because a single worker thread
can acquire the semaphore more than once. This can be seen in the
(disabled) test of Threaded_Fork.
Not sure what to do about Threaded_Fork - it has been broken since
introduction and nobody has mentioned any problems so likely nobody has
ever used it. May actually be better to remove it entirely rather than
to fix it.
|
| |
| |
| |
| |
| |
| | |
Using sqlite3 for one and memory for another meant only half of
each implementation was tested. Instead use sqlite3 for a while,
then switch to in-memory, to ensure both are covered.
|
| |
| |
| |
| |
| |
| |
| |
| | |
Otherwise we may end up trying to renegotiate EtM to MtE which is
an error. Only occured sporadically due to low timeout set on session
cache; only if we retried really quickly did it fail.
Feels kind of hacky, but disabling EtM is a corner case anyway.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The client would attempt to resume a session, even if the session was
for a version other than what it wanted to offer. If the server
resumed with the original version, the client would then reject the
'incorrect' version. Instead, if the session is for a version other
than what we want to offer, just start a fresh handshake.
Fix resuming in the EtM case - even if the policy says otherwise,
always resume EtM sessions as EtM. Servers are required to reject a
MtE resumption on an EtM session.
The new client hello already ordered extensions to prevent an empty
extension from ever being last (working around a bug in some dumb
stack somewhere), but this was not true for the resume case. Fix that.
Beef up tests a bit - test ECDSA suites, alerts, and sqlite3 session db.
Sharing the session state across all the tests is what tipped me off
on the resumption bugs in the first place - as usual, what is not tested
does not work correctly.
|
|
|
|
|
|
|
| |
The fork test actually closed the pipe early so this test had been busted.
Previously missed because the return value of read was not checked. Missed
by me in e8908d4fb671 because I changed the test but did not run it before
checking in. Hey, it compiled. :(
|
| |
|
|
|
|
|
|
|
|
|
| |
Check return value of read, found by Clang. See also #677
Remove unused member variable in OpenSSL ECC, found by Clang.
In ECDSA tests, if the pointer is null we should return rather
than dereferencing it. Found by Coverity.
|
|
|
|
| |
We were not previously hitting the 4 way unrolled loop in AES-NI in tests
|
|\ |
|
| | |
|
|/
|
|
|
|
|
| |
SoftHSMv1 included in 14.04 is too old and many tests fail,
so grabs prebuilt SoftHSMv2 binaries from www.randombit.net.
This can change to use the packaged SoftHSM in 16.04, whenever
Travis makes that available.
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| |
| | |
Client interops with google.com, server not tested against an
independent client yet.
|
|\ \ |
|
| |/ |
|
| | |
|
|/
|
|
|
|
|
| |
I repent my use of global constructors.
I repent my use of global locks.
Hopefully I will never touch this code again.
:)
|
|
|
|
|
|
|
| |
Previously validation asked the system clock which is not always
the correct thing (for example when using Roughtime protocol).
Had been on the todo list forever, forced into it by some of
the test certs expiring today.
|
|
|
|
|
| |
Updates NewHope to use that instead of the hard-coded SHAKE-128,
and adds toggle for BoringSSL compat mode using AES-128/CTR + SHA-256.
|
|
|
|
|
|
|
|
|
|
| |
Kind of a copy and paste of Keccak, but only a single copy of the
permutation at least. Keccak depends on SHA-3 instead of the reverse,
so that SHA-3 can be enabled without also bringing in an unapproved
hash function.
Updates newhope code and removes API function newhope_hash which was
an unofficial SHA-3-256.
|
|
|
|
|
| |
Test assumed EME was always there and would fail. This caused
failures with BSI policy which disables PKCS1v1.5
|
| |
|
|\ |
|
| |
| |
| |
| | |
Remove bogus includes for TLS tests
|
| | |
|
| |
| |
| |
| |
| | |
This is lame but I still cannot repro and random CI failures suck.
Eventually I will fix the API.
|
| |
| |
| |
| |
| | |
Previously it created a new AutoSeeded_RNG in each function, sometimes
without even using it.
|
|\ \
| |/
|/| |
|
| | |
|
| |
| |
| |
| | |
Some fixes for missing system_rng in ECIES and tests.
|
| |
| |
| |
| | |
Document that create_*_op is public but not for public consumption.
|
| |
| |
| |
| |
| |
| |
| | |
Verification is deterministic and public, so really no RNG is ever needed.
Change provider handling - accepts "base", "openssl", or empty, otherwise
throws a Provider_Not_Found exception.
|
|/
|
|
|
|
|
|
| |
Instead the key types exposes operations like `create_encryption_op`
which will return the relevant operation if the algorithm supports it.
Changes pubkey.h interface, now RNG is passed at init time.
Blinder previous created its own RNG, now it takes it from app.
|
|
|
|
|
| |
Now record layer only deals with an AEAD, and the weird complications
of CBC modes mostly hidden in tls_cbc.cpp
|