| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
The tests which generate McEliece keys using a deterministic RNG and
fixed seed failed on PowerPC (or other big endian systems) because the
vectors assumed we were creating elements little endian, which is
what happend with rng.randomize(&u16, 2) on x86
Fix it to always be little endian. No particular reason to prefer one vs the
other here (we're just trying for compatability with ourselves) and choosing
little endian avoids having to regen the vectors.
|
|
|
|
| |
[ci skip]
|
| |
|
|\
| |
| | |
TLS improvements
|
| | |
|
| |
| |
| |
| | |
Convert to a const time algo
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use constant time operations when checking CBC padding in TLS decryption
Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes
from working: on decode the session id and hello cookie would be
swapped, causing confusion between client and server.
Various changes in the service of finding the above DTLS bug that
should have been done before now anyway - better control of handshake
timeouts (via TLS::Policy), better reporting of handshake state in the
case of an error, and finally expose the facility for per-message
application callbacks.
|
| | |
|
|\ \
| | |
| | | |
Fix cert validation bugs found by x509test.
|
| | |
| | |
| | |
| | |
| | |
| | | |
These will need to be regen'ed with corrected values.
Fix for minimized builds.
|
| | |
| | |
| | |
| | | |
Add test suite with certs from x509test
|
|\ \ \
| |_|/
|/| | |
Update docs to avoid Shpinx errors and warnings
|
| | |
| | |
| | |
| | | |
[ci skip]
|
|\ \ \
| | | |
| | | | |
Make Montgomery reduction constant time.
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It was already close, but the carry loop would break early and
selecting which value to copy out was indexed on the borrow bit. Have
the carry loop run through, and add a const-time conditional copy
operation and use that to copy the output.
Convert ct_utils to CT namespace. Templatize the utils, which I was
hesitant to do initially but is pretty useful when dealing with
arbitrary word sizes.
Remove the poison macros, replace with inline funcs which reads
cleaner at the call site.
|
|/ / |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Add toplevel note explaining what is going on with this module.
Print the interpreter version at startup
[ci skip]
|
| | |
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
Remove any need for callers to do version checks or encode values
specially to handle Python2 vs Python3 ctypes differences. API users
shouldn't have to care about that - encapsulate the differences in a
few functions for handling the conversions.
Add botan_cipher_query_keylen to ffi
|
|/
|
|
|
| |
Components that rely on the new Lambda-functions, do not
run under Python3 - so they are blocked if Python3 is detected.
|
| |
|
| |
|
|
|
|
|
| |
OpenSSL doesn't use RFC 6979 nonces, so if openssl was enabled ECDSA
tests would fail.
|
| |
|
|
|
|
|
|
| |
For RSA, RC4, and ECDSA put the openssl versions in the same directory
as the base version. They just rely on a macro check for the openssl
module to test for the desire to use OpenSSL.
|
|\ |
|
| |
| |
| |
| | |
In OAEP expand the const time block to cover MGF1 also
|
| |
| |
| |
| |
| |
| |
| |
| | |
via timing channels.
Add annotations for checking constant-time code using ctgrind to
PKCS #1 and OAEP, as well as IDEA and Curve25519 which were already
written as constant time code.
|
|/ |
|
|\
| |
| | |
Support for 64 bit ARM
|
| |
| |
| |
| | |
See also -march in https://gcc.gnu.org/onlinedocs/gcc/ARM-Options.html
|
| |
| |
| |
| |
| |
| |
| |
| | |
* Update Xcode from 6.4 to 7, which also updates the iOS SDK from 8 to 9
* Remove iOS shared library build, which is not very useful
* Add 64 bit iOS static library build
* Refactor build script to use xcrun instead of manually specifying a
sysroot
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds support for 64 bit ARM cores as used in many high-end phones
such as all iPhones beginning with the 5s. While these newer phones
still run 32 bit ARM code, Apple doesn't allow apps to be submitted to
the app store if they don't provide a 64 bit build.
This commit adds a new arm64 arch and renames arm to arm32 to stay
consistent with the other architectures. The name arm can still be used
for configuring because it has been added as an alias for arm32.
Additionally, the one piece of ARM inline assembly that can be found in
Botan doesn't work on 64 bit ARM, so I use the solution that has been
proposed in #180: Use __builtin_bswap32 instead of inline assembly.
|
| | |
|
| | |
|
| |
| |
| |
| | |
Based on GH #272
|
| |
| |
| |
| |
| |
| | |
Some cleanups in random_prime. Increase probability in prime tests from
1/2**64 to 1/2**128. Also break out of the sieve loop early if it has
failed.
|
| | |
|
| |
| |
| |
| | |
deriving it by squaring the previous value.
|
| |
| |
| |
| |
| |
| | |
Previously you couldn't have an unique_ptr<RNG> that might point to
either a system rng or an autoseed rng depending on availability. That
was already needed in ffi and is useful elsewhere.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
For PK_Encryptor and company they are requested via a new provider param
to the constructors.
The speed command gets a --provider option so you can see benchmark results
with the different versions.
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
but the meaning of the option is probably easier to understand with
this name.
|
|/
|
|
|
| |
Removes filters as as an internal dependency pretty much entirely
(outside of some dusty corners in misc).
|
| |
|
|
|
|
|
| |
Just print an error message and return. Reduces false fails with
smaller builds
|