| Commit message (Collapse) | Author | Age | Files | Lines |
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
GMAC needs a per-message nonce specified with `start`, and other
MACs are capable of using nonces (Skein-MAC, for instance) so move
this API up to MAC class.
Change GMAC::clone to clone the owned cipher.
|
| |
| |
| |
| |
| | |
Adds support for Galois Message Authentication Code calculation based on
GHASH, rather than GCM_Mode.
|
| |
| |
| |
| |
| |
| | |
- Added GMAC class
- Integrated GMAC into MAC-Class test bench. Run GMAC tests using
./botan-test mac
|
| |
| |
| |
| |
| | |
Not currently called but leaves us the opening to use them in the future
without breaking ABI.
|
| | |
|
| | |
|
| |
| |
| |
| | |
[ci skip]
|
|\ \ |
|
| |/ |
|
| | |
|
| |
| |
| |
| |
| | |
No real way to test what/if `clear` does, but at least we know it
runs and doesn't crash which is an improvement over the status quo.
|
| | |
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In this round of write some tests and find a bug, Threaded_Fork
seems to be completely broken. I don't think the semaphore approach
it uses really works (consistently) because a single worker thread
can acquire the semaphore more than once. This can be seen in the
(disabled) test of Threaded_Fork.
Not sure what to do about Threaded_Fork - it has been broken since
introduction and nobody has mentioned any problems so likely nobody has
ever used it. May actually be better to remove it entirely rather than
to fix it.
|
| |
| |
| |
| |
| |
| | |
Using sqlite3 for one and memory for another meant only half of
each implementation was tested. Instead use sqlite3 for a while,
then switch to in-memory, to ensure both are covered.
|
| |
| |
| |
| |
| |
| |
| |
| | |
Otherwise we may end up trying to renegotiate EtM to MtE which is
an error. Only occured sporadically due to low timeout set on session
cache; only if we retried really quickly did it fail.
Feels kind of hacky, but disabling EtM is a corner case anyway.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The client would attempt to resume a session, even if the session was
for a version other than what it wanted to offer. If the server
resumed with the original version, the client would then reject the
'incorrect' version. Instead, if the session is for a version other
than what we want to offer, just start a fresh handshake.
Fix resuming in the EtM case - even if the policy says otherwise,
always resume EtM sessions as EtM. Servers are required to reject a
MtE resumption on an EtM session.
The new client hello already ordered extensions to prevent an empty
extension from ever being last (working around a bug in some dumb
stack somewhere), but this was not true for the resume case. Fix that.
Beef up tests a bit - test ECDSA suites, alerts, and sqlite3 session db.
Sharing the session state across all the tests is what tipped me off
on the resumption bugs in the first place - as usual, what is not tested
does not work correctly.
|
| |
|
|
|
|
| |
[ci skip]
|
|
|
|
|
|
|
| |
The fork test actually closed the pipe early so this test had been busted.
Previously missed because the return value of read was not checked. Missed
by me in e8908d4fb671 because I changed the test but did not run it before
checking in. Hey, it compiled. :(
|
| |
|
|
|
|
|
|
|
|
|
| |
Check return value of read, found by Clang. See also #677
Remove unused member variable in OpenSSL ECC, found by Clang.
In ECDSA tests, if the pointer is null we should return rather
than dereferencing it. Found by Coverity.
|
|
|
|
| |
We were not previously hitting the 4 way unrolled loop in AES-NI in tests
|
|\ |
|
| | |
|
|\ \ |
|
| | | |
|
| |/ |
|
| |
| |
| |
| |
| |
| |
| | |
SoftHSMv1 included in 14.04 is too old and many tests fail,
so grabs prebuilt SoftHSMv2 binaries from www.randombit.net.
This can change to use the packaged SoftHSM in 16.04, whenever
Travis makes that available.
|
| | |
|
|/
|
|
|
| |
One of the constructors initialized the member, the others did not.
Found by Coverity scanner.
|
|
|
|
|
|
| |
The pool allocator itself is portable code, but it doesn't do anything
useful unless we have the ability to mlock/VirtualLock memory, which
is OS specific.
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| |
| | |
Client interops with google.com, server not tested against an
independent client yet.
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | | |
(or a countermeasure that is very similar to it).
Timing differences in the test suite show at most 120 clock cycle difference (SHA-1/256/384).
|
| | | |
|
| | | |
|
|\ \ \ |
|
| | | | |
|
|\ \ \ \
| |/ / /
|/| | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|