| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
If the input lengths are exact multiples of 16 bytes then no padding
should be added. Previously 16 bytes of zero padding were added instead.
|
|
|
|
|
|
|
| |
Previously RSA and ElGamal stripped off leading zeros which were then
assumed by the padding decoders. Instead have them produce ciphertexts
with leading zeros. Changes EME_Raw to strip leading zeros to match
existing behavior.
|
|
|
|
|
| |
Performs content checks on the value (expected length, expected bytes)
and in constant time returns either the decrypted value or a random value.
|
|
|
|
|
|
|
|
|
| |
Remove support for weak ECC curves (anything under P-256) from TLS.
This includes secp256k1 since we don't take advantage of the special
form for any performance advantage; might as well use P-256.
The manual still mentioned that it was possible to use MD5 in
Policy::allowed_macs, but all HMAC-MD5 suites are already removed.
|
|
|
|
|
| |
Otherwise a MITM who can in real time break any supported ECC curve can
downgrade us.
|
|
|
|
| |
Avoids the test vector contortions in RSA-KEM
|
|\ |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
Add flags --policy, --print-certs, --tls1.0, --tls1.1, --tls1.2
Update todo
|
| |
| |
| |
| |
| | |
Could attempt to allocate (size_t)-1 words with predicably bad_alloc
results.
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | | |
get_system_timestamp_ns()
GH #422
|
|\ \ \ |
|
| | | | |
|
| |/ /
| | |
| | |
| | | |
equivalent to mlock on Unix to prevent swapping out of memory
|
|/ / |
|
| |
| |
| |
| | |
Prohibit unix_procs in BSI policy. See discussion in GH #446
|
| | |
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A module policy is a file specifying three types of modules: ones which
are required, ones which are prohibited, and ones which should be used
if otherwise available (this is mostly for platform specific modules).
Finally there are whatever modules which exist in the library of which
the policy makes no mention. These will be included if an explicit
dependency of some other module pulls them in (so there is no reason
to mention base, utils, ... in the file) but skipped otherwise.
For example policy 'sane' does not mention 'utils' or 'twofish' either
way. Since utils is a dependency of other modules which are included,
but Twofish does not. However unlike an explicitly prohibited module,
not mentioned can still be requested as part of the build (here with
--enable-module=twofish)
Also fixes some test bugs noticed by compiling in different build
configs. DLIES test didn't check that the KDF and MAC existed. Adds a
typedef for MessageAuthenticationCode because typing it twice in a
single line in the DLIES test made me think it's way too long. :) Also
fix some fuzzer build problems. Due to a copy and paste bug the PKCS
certificate (it was not).
Inspired by GH #439
|
|\ \ \
| | | |
| | | |
| | | | |
The Intel RNG may fail if heavily contended, so retry as needed.
|
| | | |
| | | |
| | | |
| | | | |
prevents filtering out any 0x00000000 outputs from RDRAND/RDSEED
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* no spaces around if(), for() etc
* snake_case for plain functions
* anonymous namespace function instead private and static
* don't propagate failed poll to the calling application
* RdRand retires configurable in build.h
|
| | | |
| | | |
| | | |
| | | |
| | | | |
* Make it configurable how often RdRand and RdSeed is polled
* Make it configurable how many RdSeed retries are executed
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Makes it possible for an application to interpret some extension not
supported by the library.
|
| | |_|/
| |/| |
| | | |
| | | | |
+Extensions now uses std::unique_ptr
|
|\ \ \ \ |
|
| |\ \ \ \ |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
division by zero found by clang-analyzer
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
in aes_schedule_transform found by clang-analyzer
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
clang-analyzer
|
| | | | | | |
|
| | |/ / /
| |/| | | |
|
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | | |
Previously the signature hashes and algos info was used to set the v1.2
signature_algorithms extension, but if the counterparty ignored the
extension and sent something else, we wouldn't notice.
|
| | | |
| | | |
| | | |
| | | | |
GH #438
|
| |_|/
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
I think we maybe want these to be converting constructors, and adding
explicit here breaks code like ECDSA_PrivateKey(rng, "secp256r1")
which seems like a reasonable thing to support IMO
|
| | |
| | |
| | |
| | | |
explicit.
|
|\ \ \
| | | |
| | | | |
Fix a typo in os_utils that prevents retrieval of the current process id on Windows
|
| |/ /
| | |
| | |
| | | |
windows
|
|/ /
| |
| |
| |
| | |
Feels kind of nasty, but it sucks more to have CI builds break because
of random failures.
|
|\ \
| | |
| | | |
Improvements in X.509 cert handling for python bindings. Add Python code coverage report.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add implementation for ffi botan_x509_cert_get_public_key().
Add subject_dn() function to python x509_cert class.
Have python x509_cert constructor take a buffer alternatively.
Have python x509_cert functions time_starts() and time_expires() return
a python timestamp.
|
| | |
| | |
| | |
| | |
| | | |
The result of fuzzing with AFL for a while, then running cmin on the
result.
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In GCC 4.7 and 4.8, Wshadow also warns if a local variable conflicts
with a member function. This was changed in GCC 4.9 (GCC bugzilla
57709) but causes a lot of warnings on Travis which is on 4.8. Clang's
Wshadow behaves like GCC 4.9
The worst offendor was Exception's constructor argument being named
`what` which conflicts with the member function of the same name,
being in a public header this causes so many warnings the Travis log
files are truncated.
This fixes Exception and a couple of others. Fixing all cases would be
a slog that I'm not up for right at the moment.
|