| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Closes GH #1557
|
| |
|
|
|
|
|
| |
It seems otherwise VC generates a mix of SSE and AVX code resulting
in lots of transition penalties.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| | |
Fixes #1695
|
|/ |
|
|
|
|
| |
From NIST CAVP, OpenSSL test data, and elsewhere
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several problems in CBC found by adding tests
- If you set a key, then set a nonce, then set a new key,
you could encrypt without setting a new nonce.
- It was possible to call CBC finish without setting a nonce,
which would crash.
- If you had an CBC decryption object, set a key, set a nonce, then
reset message state, it should throw because no nonce is set.
Instead it would carry on using an all-zero nonce.
Disable CommonCrypto with PKCS7 padding as it seems to have some
problem that I cannot figure out from the build logs.
This work sponsored by Ribose Inc
|
|
|
|
|
|
|
|
| |
If a function returning variable length output was called with a
null output buffer but a non-zero output buffer length, FFI layer
would call memset(nullptr, 0, buffer_len) and crash.
Caught by Coverity.
|
|
|
|
| |
Not an actual problem, but flagged by Coverity
|
| |
|
|
|
|
|
| |
Previously this would just mmap but pointlessly as the memory was
not locked; might as well use the standard heap in that case.
|
|
|
|
|
|
|
|
| |
Avoid any getenv toggles or reading /proc if we are setuid/setgid.
It is possible there is or will someday be some file in /proc that
is world-readable, but if read by a privileged user causes some side
effect.
|
| |
|
|\ |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
The reference version of 1and0 padding would crash on an all-zero input.
OSS-Fuzz 10628
|
| |
| |
| |
| | |
This tests the delim scanning section which must be const time.
|
| |
| |
| |
| |
| |
| |
| | |
Both PKCS7 and X9.23 padding modes did not examine the first byte
of the purported padding if the padding took an entire block. So
for example for a 64-bit cipher, PKCS7 would accept XX08080808080808
as a valid padding for any byte value.
|
| |
| |
| |
| |
| | |
Rearranging this code seems to let both GCC and Clang do a little
better on the core loop, 4-7% depending on buffer size on my i7-6700k
|
| |
| |
| |
| | |
Disabled by default as it requires a relatively recent kernel and glibc.
|
| |
| |
| |
| |
| | |
Seems to have been removed from OpenBSD which AFAIK was the only
place it occured.
|
| | |
|
| |
| |
| |
| | |
Avoid needless allocations during PSS and OAEP operations.
|
| | |
|
| |
| |
| |
| | |
This is what Debian calls little endian 64-bit PPC
|
| |
| |
| |
| |
| |
| |
| | |
RISC-V is always little endian by definition.
SPARC is technically bi-endian but basically 100% of userspace is
big endian, so assume it.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commit 513d19781a558fbd1ff03c7152f61b5e7f294297 removed support for
i586, put it back otherwise the following build failure is raised:
(cd /accts/mlweber1/instance-0/output/build/botan-2.7.0; PATH="/accts/mlweber1/instance-0/output/host/bin:/accts/mlweber1/instance-0/output/host/sbin:/usr/bin:/bin" ./configure.py --cpu="i586" --os=linux --cc=gcc --cc-bin="/accts/mlweber1/instance-0/output/host/bin/i586-linux-g++" --prefix=/usr --disable-static-library --enable-shared-library --without-stack-protector --with-boost --with-bzip2 --with-openssl --with-sqlite --with-lzma --with-zlib --disable-altivec --disable-neon)
INFO: ./configure.py invoked with options "--cpu=i586 --os=linux --cc=gcc --cc-bin=/accts/mlweber1/instance-0/output/host/bin/i586-linux-g++ --prefix=/usr --disable-static-library --enable-shared-library --without-stack-protector --with-boost --with-bzip2 --with-openssl --with-sqlite --with-lzma --with-zlib --disable-altivec --disable-neon"
INFO: Autodetected platform information: OS="Linux" machine="x86_64" proc="x86_64"
ERROR: Unknown or unidentifiable processor "i586"
Fixes:
- http://autobuild.buildroot.org/results/aaa2ea8c3fb5fe954c0af0061f83ad70e0a862f9
Signed-off-by: Fabrice Fontaine <[email protected]>
|
| |
| |
| |
| | |
And forbid 0 length substrings, which did not work correctly anyway.
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Invoking on this means we use RandomNumberGenerator::randomize_with_ts_input
which just adds timestamps. Whereas Stateful_RNG::randomize_with_ts_input
(as implemented by the owned RNG) also adds the reseed counter and the last pid.
Probably no real difference, but can't hurt and not any slower.
|
| |
| |
| |
| |
| |
| |
| | |
They were only in the same place because of the desire to share
the sbox tables, but that can be handled by adding a dependency.
This makes it possible to disable CAST-256 while leaving CAST-128.
|
|\ \ |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|