aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Fix McEliece key gen endian dependency.Jack Lloyd2015-10-273-20/+27
| | | | | | | | | | | The tests which generate McEliece keys using a deterministic RNG and fixed seed failed on PowerPC (or other big endian systems) because the vectors assumed we were creating elements little endian, which is what happend with rng.randomize(&u16, 2) on x86 Fix it to always be little endian. No particular reason to prefer one vs the other here (we're just trying for compatability with ourselves) and choosing little endian avoids having to regen the vectors.
* Fix dist.py to handle signed git tagsJack Lloyd2015-10-261-5/+14
| | | | [ci skip]
* Compile fixJack Lloyd2015-10-261-1/+1
|
* Merge pull request #314 from randombit/ct-tls-cbc-paddingJack Lloyd2015-10-2622-330/+878
|\ | | | | TLS improvements
| * Missing include dependencyJack Lloyd2015-10-261-1/+1
| |
| * Asan fix - referencing &vec[vec.size()] instead of vec.end()Jack Lloyd2015-10-263-39/+22
| | | | | | | | Convert to a const time algo
| * TLS improvementsJack Lloyd2015-10-2520-290/+855
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Use constant time operations when checking CBC padding in TLS decryption Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes from working: on decode the session id and hello cookie would be swapped, causing confusion between client and server. Various changes in the service of finding the above DTLS bug that should have been done before now anyway - better control of handshake timeouts (via TLS::Policy), better reporting of handshake state in the case of an error, and finally expose the facility for per-message application callbacks.
* | Add missing includeJack Lloyd2015-10-261-0/+1
| |
* | Merge pull request #313 from randombit/path-validation-fixesJack Lloyd2015-10-2654-119/+2851
|\ \ | | | | | | Fix cert validation bugs found by x509test.
| * | Disable two tests from x509test which no longer have correct dates.Jack Lloyd2015-10-262-2/+5
| | | | | | | | | | | | | | | | | | These will need to be regen'ed with corrected values. Fix for minimized builds.
| * | Fix cert validation bugs found by x509test.Jack Lloyd2015-10-2354-119/+2848
| | | | | | | | | | | | Add test suite with certs from x509test
* | | Merge pull request #306 from webmaster128/update-docsSimon Warta2015-10-262-8/+2
|\ \ \ | |_|/ |/| | Update docs to avoid Shpinx errors and warnings
| * | Update doc for issuer_dn() and subject_dn()Simon Warta2015-10-202-8/+2
| | | | | | | | | | | | [ci skip]
* | | Merge pull request #312 from randombit/const-time-montyJack Lloyd2015-10-248-121/+109
|\ \ \ | | | | | | | | Make Montgomery reduction constant time.
| * | | Make Montgomery reduction constant time.Jack Lloyd2015-10-248-121/+109
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It was already close, but the carry loop would break early and selecting which value to copy out was indexed on the borrow bit. Have the carry loop run through, and add a const-time conditional copy operation and use that to copy the output. Convert ct_utils to CT namespace. Templatize the utils, which I was hesitant to do initially but is pretty useful when dealing with arbitrary word sizes. Remove the poison macros, replace with inline funcs which reads cleaner at the call site.
* / | Test botan.py using Python2 and Python3 on Linux and OS XSimon Warta2015-10-222-0/+10
|/ /
* | Add workaround for Python 3.2/3.3 behavior in binascii. GH #305Jack Lloyd2015-10-221-1/+1
| |
* | Fix a bug in botan.py found by PyPy's ctypesJack Lloyd2015-10-221-3/+12
| | | | | | | | | | | | | | | | Add toplevel note explaining what is going on with this module. Print the interpreter version at startup [ci skip]
* | Reverted version comparison relaxation, per Jack Lloyd's comment.Uri Blumenthal2015-10-211-1/+1
| |
* | Merge branch 'master' of https://github.com/randombit/botanUri Blumenthal2015-10-204-294/+277
|\ \
| * | Fix botan.py for Python3Jack Lloyd2015-10-204-246/+270
| |/ | | | | | | | | | | | | | | | | Remove any need for callers to do version checks or encode values specially to handle Python2 vs Python3 ctypes differences. API users shouldn't have to care about that - encapsulate the differences in a few functions for handling the conversions. Add botan_cipher_query_keylen to ffi
* / Made most of botan.py run under Python3.Uri Blumenthal2015-10-201-60/+101
|/ | | | | Components that rely on the new Lambda-functions, do not run under Python3 - so they are blocked if Python3 is detected.
* FixJack Lloyd2015-10-191-2/+2
|
* Make OpenSSL ECDSA and RSA request only until they can be testedJack Lloyd2015-10-191-2/+2
|
* ECDSA KATs only work for base implJack Lloyd2015-10-191-2/+2
| | | | | OpenSSL doesn't use RFC 6979 nonces, so if openssl was enabled ECDSA tests would fail.
* Add missing BOTAN_DLL to Decompression_Filter. GH #304Jack Lloyd2015-10-191-1/+1
|
* Break up openssl providerJack Lloyd2015-10-1910-23/+46
| | | | | | For RSA, RC4, and ECDSA put the openssl versions in the same directory as the base version. They just rely on a macro check for the openssl module to test for the desire to use OpenSSL.
* Make PKCS #1 and OAEP decryption operations constant time.Jack Lloyd2015-10-1910-174/+239
|\
| * Cleanups in ct and oaepJack Lloyd2015-10-172-96/+23
| | | | | | | | In OAEP expand the const time block to cover MGF1 also
| * Make PKCS #1 and OAEP decoding constant time to avoid oracle attacksJack Lloyd2015-10-1610-168/+306
| | | | | | | | | | | | | | | | via timing channels. Add annotations for checking constant-time code using ctgrind to PKCS #1 and OAEP, as well as IDEA and Curve25519 which were already written as constant time code.
* | Add DLL target to MSVC CI buildJack Lloyd2015-10-161-1/+7
|/
* Merge pull request #298 from tiwoc/arm64Simon Warta2015-10-165-9/+34
|\ | | | | Support for 64 bit ARM
| * Adjust gcc.txt to arm32 and arm64 archsDaniel Seither2015-10-151-1/+2
| | | | | | | | See also -march in https://gcc.gnu.org/onlinedocs/gcc/ARM-Options.html
| * Travis CI: Enable 64 bit builds for iOSDaniel Seither2015-10-131-5/+17
| | | | | | | | | | | | | | | | * Update Xcode from 6.4 to 7, which also updates the iOS SDK from 8 to 9 * Remove iOS shared library build, which is not very useful * Add 64 bit iOS static library build * Refactor build script to use xcrun instead of manually specifying a sysroot
| * Initial support for 64 bit ARMDaniel Seither2015-10-133-3/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds support for 64 bit ARM cores as used in many high-end phones such as all iPhones beginning with the 5s. While these newer phones still run 32 bit ARM code, Apple doesn't allow apps to be submitted to the app store if they don't provide a 64 bit build. This commit adds a new arm64 arch and renames arm to arm32 to stay consistent with the other architectures. The name arm can still be used for configuring because it has been added as an alias for arm32. Additionally, the one piece of ARM inline assembly that can be found in Botan doesn't work on 64 bit ARM, so I use the solution that has been proposed in #180: Use __builtin_bswap32 instead of inline assembly.
* | Fix compile of ffi when tls is disabled. GH #300Jack Lloyd2015-10-151-3/+8
| |
* | MSVC build fixJack Lloyd2015-10-152-9/+10
| |
* | Add security notifications/advisory page to website.Jack Lloyd2015-10-151-2/+2
| | | | | | | | Based on GH #272
* | Add prime and dl_group command line tools.Jack Lloyd2015-10-153-14/+175
| | | | | | | | | | | | Some cleanups in random_prime. Increase probability in prime tests from 1/2**64 to 1/2**128. Also break out of the sieve loop early if it has failed.
* | Prohibit creating a DL_Group smaller than 1024 bitsJack Lloyd2015-10-151-2/+2
| |
* | Periodically reinitialize the blinding sequence instead of alwaysJack Lloyd2015-10-153-15/+52
| | | | | | | | deriving it by squaring the previous value.
* | Add System_RNG which is an instantiatable RNG that uses the system RNGJack Lloyd2015-10-153-25/+33
| | | | | | | | | | | | Previously you couldn't have an unique_ptr<RNG> that might point to either a system rng or an autoseed rng depending on availability. That was already needed in ffi and is useful elsewhere.
* | Add support for RSA signing and verification via OpenSSLJack Lloyd2015-10-142-15/+133
| |
* | Expose providers for public key operationsJack Lloyd2015-10-147-67/+97
| | | | | | | | | | | | | | | | For PK_Encryptor and company they are requested via a new provider param to the constructors. The speed command gets a --provider option so you can see benchmark results with the different versions.
* | Build fixJack Lloyd2015-10-143-3/+5
| |
* | Add null pointer check to pbes2_decrypt, fix message in pbes2_encryptJack Lloyd2015-10-141-1/+3
| |
* | Add `--minimized-build` which does the same thing as `--no-autoload`Jack Lloyd2015-10-141-1/+1
| | | | | | | | | | but the meaning of the option is probably easier to understand with this name.
* | Move DataSource to utils and rewrite PEM encoding to avoid filtersJack Lloyd2015-10-1412-58/+46
|/ | | | | Removes filters as as an internal dependency pretty much entirely (outside of some dusty corners in misc).
* Add missing null pointer check to PBES2Jack Lloyd2015-10-111-0/+3
|
* Don't treat missing ciphers, hashes, etc as test failuresJack Lloyd2015-10-116-9/+18
| | | | | Just print an error message and return. Reduces false fails with smaller builds