| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Only user-visible change is the removal of get_byte.h
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously we were hanging on the type destructors to pull in
the relevant objects. However that fails in many simple cases
where the object is never deleted.
For every type involved in the algo registry add static create
and providers functions to access the algo registry. Modify
lookup.h to be inline and call those functions, and move
a few to sub-headers (eg, get_pbkdf going to pbkdf.h). So
accessing the registry involves going through the same file
that handles the initialization, so there is no way to end up
with missing objs.
|
| |
|
|
|
|
|
|
|
|
| |
With this change the tests pass when linked against a static library
built in the normal (non-amalgamation) fashion.
Remove the restriction in configure.py, and have circleci build the
clang static build as a non-amalg.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The support problems from having static libraries not work in the
obvious way will be endless trouble. Instead have each set of
registrations tag along in a source file for the basic type, at the
cost of some extra ifdefs. On shared libs this is harmless -
everything is going into the shared object anyway. With static libs,
this means pulling in a single block cipher pulls in the text of all
the them. But that's still strictly better than the amalgamation
(which is really pulling in everything), and it works (unlike status quo).
|
|
|
|
|
|
|
|
| |
* Rename variable to avoid confusion of build_shared and
options.build_shared_lib
* Don't automatically change shared -> static. Force user to do that
Fixes #211
|
|
|
|
| |
Found by JOM on MinGW.
|
|
|
|
| |
Closes #188
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
In raw mode pad out plaintext inputs with zeros as needed as otherwise
OpenSSL rejects the input as too small. And when decrypting, strip
leading zeros to match the behavior of the base implementation.
|
|
|
|
|
|
| |
Previously 0 was the highest priority and 255 was the lowest. But this
is really quite confusing, instead treat 0 as lowest and 255 as highest
so normal integer intuitions apply.
|
| |
|
|
|
|
|
|
|
|
| |
No need to include the pk_utils.h header until we know ECDSA
is enabled in the build.
Move OpenSSL_Error to an internal header, was previously defined
twice when all sources were combined.
|
|\
| |
| |
| |
| | |
Make secure_allocator conforming with C++11 allocator concept.
Add a template constructor and make the equality operators standard-compliant. Missing this broke iterator debugging with MSVC 2015.
|
| |
| |
| | |
The equality operators need to support different specializations as well; this is also part of the standard allocator requirements.
|
| |
| |
| | |
This is required by the Standard for an allocator. As far as I can tell, not having it breaks compilation in MSVC 2015, at least when iterator debugging is enabled. More details here: http://stackoverflow.com/q/31802806/4326278.
|
| |
| |
| |
| | |
protocol handler was specified to the Server constructor. GH #252
|
| |
| |
| |
| |
| | |
Unfortunately the signer cannot be tested in current framework because
OpenSSL does not use RFC 6979 deterministic signatures.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Was attempting to test that the all-zero signature is invalid, then
tested some mutated signatures. Unfortunately it zeroed out the
signature before doing the mutation tests, so the mutated signatures
were all very-low Hamming weight strings instead of being close to
the original valid signature.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Increment the input message so each value is different rather than
repeatedly hashing the same message until we regen a new random one.
In ECDSA speed test be explicit about what group is being used.
Remove 160 bit groups from ECC benchmarking; 80 bits is not enough anymore
so doesn't much matter.
|
| |
| |
| |
| | |
Some tweaks for point multiplication using fixed windows.
|
| | |
|
| | |
|
| |
| |
| |
| | |
GH #264
|
|\ \
| | |
| | | |
Fix zlib error when compressing an empty buffer
|
| | |
| | |
| | |
| | |
| | | |
zlib treats a nullptr output buffer as an error. This commit fixes the
failing compression tests.
|
| | |
| | |
| | |
| | |
| | |
| | | |
&emptyVector[n] triggers undefined behavior because it is an out-of-
bounds access, even if n == 0. emptyVector.data() does not (but may
return nullptr).
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This test currently fails:
$ ./botan-test compression
Failure testing zlib - zlib deflate error -2
Failure testing deflate - zlib deflate error -2
Failure testing gzip - zlib deflate error -2
Compression 3 tests 3 FAILs
===============
Tests 3 FAILs
|
|\ \ \
| | | |
| | | | |
Improve readability and usability of test-output of botan.py GH #247
|
| | | | |
|
| |\ \ \
| | | | |
| | | | | |
Merging mainstream updates
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Add PKCS#8 private/public key processing tool GH #163
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This tool works similar to 'openssl pkey' in that it allows to
read a private key from file and output the private or
corresponding public key to file. It also allows changing a
private key passphrase this way. This tool comes in handy when
replacing use of openssl in scripts.
The syntax is:
botan pkcs8 --in=private.pem --out=key_out.pem [--pubout] [--passin=] [--passout=] [--pbe=]
|
| | | | |
| | | | |
| | | | |
| | | | | |
Fixes #241
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
missing on Solaris at least. On such systems it's probably safe to
assume that no amount of memory can be mlock'ed from userspace, so
just return zero to disable the allocator entirely.
GH #262
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
under Python3. Ironically there doesn't seem to be any way to portably
handle non-ASCII in a way that is compatible with Python 2.7 and 3 at
the same time.
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
rather than after. After blinding the value is always reduced mod n
so the condition is never met.
This may be the cause of RSA test failures described in GH #174
The scenario was that during randomized corruption tests we
occasionally provide an input which was greater than the modulus.
When that happened the value was effectively reduced mod n, so the
self-check would later fail, because the decrypted result (reduced mod n)
would be compared with the original (larger than n) input.
|