| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
was not the right size for a signature (following DSA). This would
silently convert to an empty vector which we would treat as a valid
message on the return. However the EMSA checks will always fail so not
a huge problem.
While checking this out I noticed that an empty value for EMSA4 would
result in us reading memory we didn't own.
|
| |
|
|
|
|
| |
exceptions thrown in end_msg (for instance in CBC decryption when the
padding is bad) more or less screwed up the pipe completely. Allowing
reset here at least allows an escape hatch.
|
| |
|
|
|
|
|
|
| |
-ivb_rdrnd_cpuid option to toggle the bit off and on. Fortunately on
Intel processors the bit we were actually checking is also enabled by
Ivy Bridge. However it is also used on AMD Bulldozer processors to
signal half-precision floating point support so we could false
positive there.
|
| |
|
|
|
|
|
| |
didn't work on older GCC/binutils. Instead hardcode the expression for
rdrand %eax, which should work everywhere. Also, avoid including immintrin.h
unless we're going to use it, to avoid problems with older compilers that
lack that header (this caused build failures under GCC 3.4.6).
|
| |
|
|
| |
isn't working here anyway, but also broke DSA servers.
|
| |
|
|
| |
caused huge performance issues with DSA/ECDSA signing performance.
|
| |
|
|
| |
implement Camellia's F function. Roughtly 60 - 80% speedup on Nehalem.
|
| |
|
|
|
|
|
| |
processors. Tested using SDE on Linux with GCC 4.6, Intel C++ 11.1,
and Clang 3.0, all using the inline asm variant. I do not know if
current Visual C++ has the intrinsics available or not, so it's only
marked as available for those compilers at the moment.
|
| |
|
|
|
|
|
|
|
| |
Camellia exposed by the OpenSSL module is parameterized by the key
length, much as AES is, while the version in the main source uses a
single name/type for all variants. For consistency, convert to using a
key length parameterized name in our version as well. In the future
this might allow for better loop unrolling, etc but currently we don't
make use of that.
|
| |
|
|
|
|
|
| |
was broken, and after fixing that and trying to compile the module it
becamse clear that the Qt mutex did not work at all with recent Qt
versions. Taking this as a clear indicator that it is not being used,
remove it.
|
| |
|
|
| |
All reported by Patrick Pelletier.
|
| |
|
|
|
| |
list of maintainer mode flags. It produces some very useful warnings,
but also a lot of noisy junk that I really don't care about.
|
| |\
| |
| |
| | |
and 'bc49da394c675517b140a404c19094020d6e9d40'
|
| | |
| |
| |
| |
| | |
rather than one past the end. Reported by Stuart Maclean on the
mailing list.
|
| | |
| |
| |
| |
| |
| |
| | |
Much faster, especially when using 8192 bit groups as OpenSSL does by
default.
Use BOTAN_DLL symbol visibility macros.
|
| |/
|
|
|
|
|
|
|
|
|
| |
for this.
Add a new function that identifies a named SRP group from the N/g
params - this is important as we need to verify the SRP groups, the
easiest way to do that is to to force them to be a known/published
value.
Add the 1536, 3072, 4096, 6144, and 8192 bit groups from RFC 5054
|
| | |
|
| | |
|
| |
|
|
|
| |
on decoding by default, and add a comment showing how to enable it for
encoding.
|
| |
|
|
|
|
|
| |
how much we ask for on the basis of how many bits we're counting each
byte as contributing. Change /dev/*random estimate to 7 bits per byte.
Small cleanup in HMAC_RNG.
|
| |
|
|
|
| |
list of directory names (without the open DIRs) plus the one currently
active dir.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
of giving /dev/random, EGD, and CryptoAPI a full 8 bits per byte of
entropy, estimate at 6 bits.
In the proc walker, allow more files to be read, read more of any
particular file, and count each bit for 1/10 as much as before.
Reading more of the file seems especially valuable, as some files are
quite random, whereas others are very static, and this should ensure
we read more of the actually unpredictable inputs.
Prefer /dev/random over /dev/urandom
|
| |
|
|
|
|
| |
waiting for a full kilobyte. This is for the benefit of DSA/ECDSA
which want a call to add_entropy to update the state in some way,
passing just a hash input which might be as small as 20 bytes.
|
| |
|
|
| |
Cassidy, sent to the mailing list.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
by TLS (relies on the finished message check). Add a class for reading
files created by GnuTLS's srptool.
|
| |
|
|
|
| |
loop (size_t overflow), likely causing a segfault. Not exploitable as
far as I can tell, beyond the obvious crashing.
|
| |
|
|
|
| |
in the Client_Hello parser. Works, tested with GnuTLS command line
client.
|
| |
|
|
|
| |
interface but it's a plausible start. Will probably have more insights
after adding TLS hooks.
|
| | |
|
| | |
|
| |
|
|
| |
an amalgamation and the app is compiled in Unicode mode.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
explicit cast.
|
| | |
|
| |
|
|
| |
cpuid intrinsic) and older GCC (no cpuid.h before 4.3)
|
| |
|
|
| |
as they seem to understand it as of GCC 4.6 and Clang 2.9.
|
| | |
|
| |
|
|
|
| |
the same, so clearly GCC 4.6 and/or the Core i7 are very good about
renames, but might help on less capable systems.
|
| |
|
|
| |
clock types we know about that have macros defined for them.
|
