aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* IncludeOS has random device files nowJack Lloyd2016-12-181-0/+1
| | | | | | GH #726 [ci skip]
* Disable TLS signature and finished message checks in fuzzer modeJack Lloyd2016-12-173-3/+23
| | | | | Also use a const time comparison for the finished message, though I don't see any real way of exploiting that timing channel.
* Merge GH #776 Support brainpool curves in OpenSSL providerJack Lloyd2016-12-171-1/+17
|\
| * Add support for brainpool curves in openssl providerRené Korthaus2016-12-171-1/+17
| | | | | | | | | | OpenSSL 1.0.2 added support for brainpool curves, so we can use it provided the version check succeeds.
* | Add OCSP fuzzerJack Lloyd2016-12-173-11/+27
|/ | | | | | | | | Some attempts at reducing overhead in ECC math tests, unclear if really changed anything for my machine but probably can't hurt. Fix LLVM build flags [ci skip]
* Fix clang-analyzer warning in AES codeJack Lloyd2016-12-161-6/+4
| | | | | | The previous assert had been already put there for the benefit of clang-analyzer, but in Clang 3.9 it does not help. Instead test X value directly, which works.
* Just expect a byte stream in the TLS fuzzer input, with no length fields.Jack Lloyd2016-12-162-27/+3
| | | | | | | Matches how OpenSSL/BoringSSL fuzzers work which is useful because fuzzer corpus can be cross-pollinated among implementations. [ci skip]
* Add fuzzer for power_modJack Lloyd2016-12-162-6/+69
| | | | [ci skip]
* Remove debug codeJack Lloyd2016-12-141-1/+1
|
* Add some additional ressol testsJack Lloyd2016-12-141-0/+20
|
* Fix exponentiation bug, related fixesJack Lloyd2016-12-1410-37/+134
| | | | | | | | | | | | | | | GH #754 exposed a bug in the non-Montgomery exponentiation case. It turned out then when the fixed window was picked to any value > 1, the result would be incorrect due to an off by one. This is the one line fix in powm_fw.cpp Also fix a bug in bigint_mul which caused incorrect results, because the output BigInt was not being zeroed out before use. This is only exposed in rare cases, found (somewhat indirectly) in OSS-Fuzz #287. Add more modular exponentiation tests, which would have caught these issues earlier.
* Update fuzzers with comments from OSS-Fuzz reviewJack Lloyd2016-12-1419-19/+56
| | | | | | | | | | | | Add explicit length limitations, to prevent the fuzzer from just giving us increasingly long inputs until timeout occurs due to non-linear algorithms. Use LLVM fuzzer interface in all cases, and just have AFL driver call that API when a define is set to include a main function. OSS-Fuzz will be using the LLVM API, regardless of the fuzzing engine. [ci skip]
* Fix Sphinx PDF build. GH #746Jack Lloyd2016-12-141-1/+1
| | | | [ci skip]
* Update test data to reflect change in e8009766ca2Jack Lloyd2016-12-111-24/+0
|
* In ressol, prohibit a >= pJack Lloyd2016-12-111-3/+5
| | | | Technically defined, but should never be seen in practical crypto context.
* Merge GH #770 Public_Key constructors take std::vector for buffersJack Lloyd2016-12-1124-40/+38
|\
| * Public_Key derived class ctors take an std::vector<byte>René Korthaus2016-12-1124-40/+38
| | | | | | | | | | | | | | Changes all the Public_Key derived classes ctors to take a std::vector instead of a secure_vector for the DER encoded public key bits. There is no point in transporting a public key in secure storage. (GH #768)
* | Fix fuzzer build flags [ci skip]Jack Lloyd2016-12-111-2/+3
|/
* Merge GH #765 Rewrite CBC unpadding operations as const timeJack Lloyd2016-12-103-47/+74
|\
| * forgot to unpoison return valsNever2016-12-091-0/+4
| |
| * Rewrote bc unpad functions as const time operations.Never2016-12-093-47/+70
| | | | | | | | | | | | The unpad functions return the blocksize as padding position, if the padding is invalid. .
* | Fix PK EME decoding tests when algo is missingJack Lloyd2016-12-101-2/+6
| |
* | Ignore too-large inputs in ressol fuzzerJack Lloyd2016-12-101-1/+6
| | | | | | | | | | | | | | | | | | OSS-Fuzz just gave us a gigantic input and then timed out. In practice ressol is only called with specific primes of various common ECC parameter sets, so limit to 768 bits max. [ci skip]
* | Remove bogus abort from ECC math fuzzerJack Lloyd2016-12-101-3/+0
| | | | | | | | | | | | Chromium oss-fuzz bug 275 [ci skip]
* | Fix fuzzer builds [ci skip]Jack Lloyd2016-12-091-3/+4
| |
* | Avoid use of system RNG in fuzzersJack Lloyd2016-12-086-16/+41
| | | | | | | | | | | | Seemingly /dev/urandom not accessible in ClusterFuzz env [ci skip]
* | Merge GH #759 Add ISO 9796-2 signature schemesJack Lloyd2016-12-086-12/+470
|\ \
| * | ISO 9796: Change header guard formatNever2016-12-061-2/+2
| | |
| * | Add ISO9796-2 Signature Schemes giving message recovery 2 and 3.Never2016-12-056-12/+470
| | |
* | | Another rename in the service of filename uniquenessJack Lloyd2016-12-081-0/+0
| | |
* | | Remove <source> block from info.txt filesJack Lloyd2016-12-0816-119/+1
| | | | | | | | | | | | | | | | | | Kind of a vestigial thing from an earlier iteration of the module design, and never useful to specify anymore since taking all the cpp files is what you want exactly 100% of the time.
* | | Inline Twofish::rs_mul into its only callerJack Lloyd2016-12-082-24/+19
| | |
* | | Rename both DL and EC named group files.Jack Lloyd2016-12-082-0/+0
| | | | | | | | | | | | | | | | | | | | | Avoid having any files within src/lib (in any subdirs) with the same name. That seems worth avoiding even just on the basis of avoiding basic confusion (looked in named.cpp - no the other one...) and may allow simplifying the build in various ways.
* | | Rename Serpent SIMD and Twofish SBOX source filesJack Lloyd2016-12-082-0/+0
| | | | | | | | | | | | Some attempt at consistency
* | | Merge GH #744 Allow custom extensions when creating certsJack Lloyd2016-12-088-29/+328
|\ \ \
| * | | Rename some methods, add more tests and docsRené Korthaus2016-12-044-32/+80
| | | |
| * | | Allow custom extensions in X509_Cert_OptionsRené Korthaus2016-12-028-25/+276
| | | | | | | | | | | | | | | | | | | | Allow custom extensions in CA-signed cert requests Add templated getter for extensions
* | | | Merge GH #763 Document test vector originsJack Lloyd2016-12-085-0/+12
|\ \ \ \
| * | | | Add sources for some test vectors [ci skip]René Korthaus2016-12-085-0/+12
| | |_|/ | |/| |
* / | | Fix off by one in PKCS #1 v1.5 decryption decodingJack Lloyd2016-12-088-20/+156
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the code was changed in b8966d0f89e, the offset was not changed, so it would reject ciphertexts with exactly 8 bytes of random padding (the required minimum). Found by pkcs1 fuzzer which also had problems due to not having been updated at the same time. Add a test suite for decoding of PK decryption padding to cover the problem cases.
* | | Avoid crash in PKCS1v1.5 unpadding if input len <= 2Jack Lloyd2016-12-081-0/+6
| | | | | | | | | | | | Don't think this can't happen outside of a fuzzer test
* | | Merge GH #760 Fix docs buildJack Lloyd2016-12-071-1/+1
|\ \ \
| * | | adjust package name for Travis CINever2016-12-071-1/+1
| | | |
* | | | Add missing netinet includes for sockaddr_inlouiz’2016-12-081-0/+1
|/ / /
* | | Another try at fixing docsJack Lloyd2016-12-061-2/+2
| | |
* | | Another try at fixing Sphinx build on CIJack Lloyd2016-12-051-3/+4
| | |
* | | Merge GH #757 Fix X509 and PKCS8 formatting functions for PK keysJack Lloyd2016-12-0537-83/+104
|\ \ \
| * | | Fix TPM private_key_bits() exception messageRené Korthaus2016-12-051-1/+1
| | | |
| * | | Add Private_Key::private_key_info()René Korthaus2016-12-0528-43/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds new Private_Key::private_key_info() that returns a PKCS#8 PrivateKeyInfo structure. Renames the current Private_Key::pkcs8_private_key() to private_key_bits(). BER_encode() just invokes private_key_info().
| * | | Add Public_Key::subject_public_key()René Korthaus2016-12-0525-39/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds new Public_Key::subject_public_key() that returns a X.509 SubjectPublicKey structure. Renames the current Public_Key::x509_subject_public_key() to public_key_bits(). BER_encode() just invokes subject_public_key().