aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Merge GH #783 Expose TLS message types to applicationsJack Lloyd2016-12-2421-31/+45
|\
| * Export tls_messages.h as a public headerRené Korthaus2016-12-2321-31/+45
| | | | | | | | | | | | | | TLS::Callbacks::inspect_handshake_message() allows applications to inspect all handshake messages, but this requires access to the types in tls_messages.h. As a matter of fact, this also exports tls_extensions.h as a public header.
* | Compile fixJack Lloyd2016-12-231-0/+1
| |
* | Fix file descriptor leak introduced in bcae34c0cJack Lloyd2016-12-232-5/+1
|/ | | | Caused tests to fail on CI
* Ignore the right thingJack Lloyd2016-12-231-1/+1
|
* Fix minimized buildJack Lloyd2016-12-231-0/+4
|
* Remove nested anon namespaceJack Lloyd2016-12-231-4/+0
|
* Add DL_Group testsJack Lloyd2016-12-234-7/+153
| | | | | | | | | Fix a bug in how the 6144 and 8192 IETF MODP groups were encoded; they have g and q values switched. Fixed by just switching the PEM header to match the actual encoded format. Rename DL_Group::X942_DH_PARAMETERS to ANSI_X9_42_DH_PARAMETERS to avoid a macro conflict with Windows cryptography headers (GH #482)
* Fix ECDH testJack Lloyd2016-12-221-13/+10
|
* More filter testsJack Lloyd2016-12-225-35/+83
| | | | | Expose Data{Source,Sink}_Stream types even if no filesystem is available. Instead just guard the constructors taking a pathname.
* Add tests for AEAD name and nonce size APIsJack Lloyd2016-12-221-0/+3
|
* Add tests for 4-pass Tiger hashJack Lloyd2016-12-221-0/+12
|
* Add AES GCM tests from WycheproofJack Lloyd2016-12-221-0/+35
|
* Add Wycheproof EAX test casesJack Lloyd2016-12-211-18/+170
|
* Merge GH #779 Add ECDH/ECIES blinding and DH small subgroup checkingJack Lloyd2016-12-214-18/+55
|\
| * Add missing q == 0 check in DL_Scheme_PublicKey::check_key() as q may not be ↵Never2016-12-201-7/+19
| | | | | | | | available in all groups
| * Blind the ECDH/ECIES agree operation.Never2016-12-192-12/+21
| |
| * Added DH public key check y^q mod p = 1 against small-subgroup attacks as ↵Never2016-12-191-0/+2
| | | | | | | | described in rfc2785
| * Improved DL_Group verification. The group is invalid, if g^q mod p !=1 and ↵Never2016-12-191-5/+19
| | | | | | | | increased number of Miller-Rabin iterations, if strong is set (we pass 128 as prob in make_prm.cpp).
* | Add RSA PKCS1v1.5 signature verification tests from Wycheproof suite.Jack Lloyd2016-12-205-1/+229
| | | | | | | | | | A set of carefully generated invalid signatures which are sometimes accepted by implementations due to bugs in padding verification.
* | Remove obsolete test dataJack Lloyd2016-12-1934-152/+0
| | | | | | | | | | Remove test files for CVC as well as various tests which have subsequently been rewritten.
* | Remove duplicate test dataJack Lloyd2016-12-19153-0/+6
| | | | | | | | | | | | All 76 of the NIST certificate tests use the same root certificate and that issuer has an identical CRL for each test. So, just have the one copy.
* | Add additional primality testsJack Lloyd2016-12-192-64/+222
| | | | | | | | | | | | | | Add a long list of 'false' primes from Google's Wycheproof tests: https://github.com/google/wycheproof/blob/master/java/com/google/security/wycheproof/testcases/BigIntegerTest.java Split vector file format into Prime and NonPrime sections for easier reading.
* | Merge GH #781 Fix Doxygen comments for ISO 9796 paddingJack Lloyd2016-12-191-4/+4
|\ \
| * | ISO-9796-2 doxygen build fixesDaniel Neus2016-12-191-4/+4
| | |
* | | add some PKCS#11 negative testsDaniel Neus2016-12-191-0/+52
|/ / | | | | | | | | - for PKCS11::Slot - for PKCS11::Session
* | Fix ECIES testJack Lloyd2016-12-191-1/+1
| |
* | Minor refactoring of Text_Based_TestJack Lloyd2016-12-1939-149/+129
| | | | | | | | | | | | Turns out astyle has some bugs wrt C++11 initialize lists. Rather than having astyle mangle all of the tests, convert to using a string which is split once at the start instead of a vector of keys.
* | Add CertificatePathStatusCodes typedefJack Lloyd2016-12-182-31/+37
| | | | | | | | Little easier to read perhaps, and helps prevent some astyle confusion.
* | Convert to using standard uintN_t integer typesJack Lloyd2016-12-18578-5572/+5573
| | | | | | | | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* | Add libs target to makefilesJack Lloyd2016-12-182-0/+4
| | | | | | | | [ci skip]
* | IncludeOS has random device files nowJack Lloyd2016-12-181-0/+1
| | | | | | | | | | | | GH #726 [ci skip]
* | Disable TLS signature and finished message checks in fuzzer modeJack Lloyd2016-12-173-3/+23
| | | | | | | | | | Also use a const time comparison for the finished message, though I don't see any real way of exploiting that timing channel.
* | Merge GH #776 Support brainpool curves in OpenSSL providerJack Lloyd2016-12-171-1/+17
|\ \
| * | Add support for brainpool curves in openssl providerRené Korthaus2016-12-171-1/+17
| | | | | | | | | | | | | | | OpenSSL 1.0.2 added support for brainpool curves, so we can use it provided the version check succeeds.
* | | Add OCSP fuzzerJack Lloyd2016-12-173-11/+27
|/ / | | | | | | | | | | | | | | | | Some attempts at reducing overhead in ECC math tests, unclear if really changed anything for my machine but probably can't hurt. Fix LLVM build flags [ci skip]
* | Fix clang-analyzer warning in AES codeJack Lloyd2016-12-161-6/+4
| | | | | | | | | | | | The previous assert had been already put there for the benefit of clang-analyzer, but in Clang 3.9 it does not help. Instead test X value directly, which works.
* | Just expect a byte stream in the TLS fuzzer input, with no length fields.Jack Lloyd2016-12-162-27/+3
| | | | | | | | | | | | | | Matches how OpenSSL/BoringSSL fuzzers work which is useful because fuzzer corpus can be cross-pollinated among implementations. [ci skip]
* | Add fuzzer for power_modJack Lloyd2016-12-162-6/+69
| | | | | | | | [ci skip]
* | Remove debug codeJack Lloyd2016-12-141-1/+1
| |
* | Add some additional ressol testsJack Lloyd2016-12-141-0/+20
| |
* | Fix exponentiation bug, related fixesJack Lloyd2016-12-1410-37/+134
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | GH #754 exposed a bug in the non-Montgomery exponentiation case. It turned out then when the fixed window was picked to any value > 1, the result would be incorrect due to an off by one. This is the one line fix in powm_fw.cpp Also fix a bug in bigint_mul which caused incorrect results, because the output BigInt was not being zeroed out before use. This is only exposed in rare cases, found (somewhat indirectly) in OSS-Fuzz #287. Add more modular exponentiation tests, which would have caught these issues earlier.
* | Update fuzzers with comments from OSS-Fuzz reviewJack Lloyd2016-12-1419-19/+56
| | | | | | | | | | | | | | | | | | | | | | | | Add explicit length limitations, to prevent the fuzzer from just giving us increasingly long inputs until timeout occurs due to non-linear algorithms. Use LLVM fuzzer interface in all cases, and just have AFL driver call that API when a define is set to include a main function. OSS-Fuzz will be using the LLVM API, regardless of the fuzzing engine. [ci skip]
* | Fix Sphinx PDF build. GH #746Jack Lloyd2016-12-141-1/+1
|/ | | | [ci skip]
* Update test data to reflect change in e8009766ca2Jack Lloyd2016-12-111-24/+0
|
* In ressol, prohibit a >= pJack Lloyd2016-12-111-3/+5
| | | | Technically defined, but should never be seen in practical crypto context.
* Merge GH #770 Public_Key constructors take std::vector for buffersJack Lloyd2016-12-1124-40/+38
|\
| * Public_Key derived class ctors take an std::vector<byte>René Korthaus2016-12-1124-40/+38
| | | | | | | | | | | | | | Changes all the Public_Key derived classes ctors to take a std::vector instead of a secure_vector for the DER encoded public key bits. There is no point in transporting a public key in secure storage. (GH #768)
* | Fix fuzzer build flags [ci skip]Jack Lloyd2016-12-111-2/+3
|/
* Merge GH #765 Rewrite CBC unpadding operations as const timeJack Lloyd2016-12-103-47/+74
|\