| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
|
| |
Re-encoding the server key exchange meant that any leading zeros
in the values for DHE (or SRP) would be stripped out. This would
cause the signature check to fail.
|
|
|
|
| |
DB::spin now returns the number of rows affected
|
| |
|
|
|
|
| |
since the primality tests are expensive in CPU time.
|
| |
|
|
|
|
|
| |
the first block satisfy the request, since it was possible another
record header appeared in some appended corrupted data.
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a bug which rejected any short server key exchanges. These can
occur with a plain PSK with short or empty identity hints.
Disable SHA-224 by default.
Remove some vestigal RC4 cruft.
Push more on the TLS corruption tests.
|
|
|
|
|
|
|
|
|
| |
The Boost directory iterator throws an exception in that case.
Interestingly the current VC version does not seem to. In the
interests of portability just avoid this operation rather than trying
to hack around it in the Boost fs version.
GH #328
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Increase the iterations of the BigInt::random_integer test. Since things
get slow quickly, leave the larger range tests to higher soak levels.
In TLS, if the corrupted data causes an exception immediately that's ok
because it's corrupted data.
|
|
|
|
| |
[ci skip]
|
|
|
|
|
|
|
|
|
|
|
| |
The tests previously had used 4 to 6 different schemes internally (the vec file
reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests
which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a
design that works everywhere, and update all the things.
Fix also a few bugs found by the test changes: SHA-512-256 name incorrect,
OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy
was wrong.
|
| |
|
|\
| |
| | |
Split up build options
|
| |
| |
| |
| |
| |
| | |
sanitizers and coverage as all 4 are usefully set independently.
Use GCC 4.9 on CircleCI as it seems to be supported. Add ASan + UBSan test.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously a build had optimizations disabled completely when debug info was
emitted. But there are many reasons to use optimized builds with debug symbols
(running under valgrind, against afl, with Asan/Ubsan, in prod, etc).
And personally I find even debugging at -O2 or -O3 is fine most of the time and
worth it for the speed. Use the (now documented!) --no-optimizations flag if no
optimization is desired while debugging.
This also removes the distinction between library and application compile flags;
there is a single optimization level that is probably good enough for everything.
On Win32 it removes definding _CONSOLE for the application. This seems to be
some mythical value that may have been required at some point, but is not
documented anywhere I can find. Who knows what VC thinks, hoping I don't have to
add this back. It also drops defining `EBUG` which is what happens when you
tell cl.exe to '/DEBUG'. LOL.
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The tests which generate McEliece keys using a deterministic RNG and
fixed seed failed on PowerPC (or other big endian systems) because the
vectors assumed we were creating elements little endian, which is
what happend with rng.randomize(&u16, 2) on x86
Fix it to always be little endian. No particular reason to prefer one vs the
other here (we're just trying for compatability with ourselves) and choosing
little endian avoids having to regen the vectors.
|
| |
| |
| |
| | |
[ci skip]
|
| | |
|
|\ \
| |/
|/| |
TLS improvements
|
| | |
|
| |
| |
| |
| | |
Convert to a const time algo
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use constant time operations when checking CBC padding in TLS decryption
Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes
from working: on decode the session id and hello cookie would be
swapped, causing confusion between client and server.
Various changes in the service of finding the above DTLS bug that
should have been done before now anyway - better control of handshake
timeouts (via TLS::Policy), better reporting of handshake state in the
case of an error, and finally expose the facility for per-message
application callbacks.
|
| | |
|
|\ \
| | |
| | | |
Fix cert validation bugs found by x509test.
|
| | |
| | |
| | |
| | |
| | |
| | | |
These will need to be regen'ed with corrected values.
Fix for minimized builds.
|
| | |
| | |
| | |
| | | |
Add test suite with certs from x509test
|
|\ \ \
| |_|/
|/| | |
Update docs to avoid Shpinx errors and warnings
|
| | |
| | |
| | |
| | | |
[ci skip]
|
|\ \ \
| | | |
| | | | |
Make Montgomery reduction constant time.
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It was already close, but the carry loop would break early and
selecting which value to copy out was indexed on the borrow bit. Have
the carry loop run through, and add a const-time conditional copy
operation and use that to copy the output.
Convert ct_utils to CT namespace. Templatize the utils, which I was
hesitant to do initially but is pretty useful when dealing with
arbitrary word sizes.
Remove the poison macros, replace with inline funcs which reads
cleaner at the call site.
|
|/ / |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Add toplevel note explaining what is going on with this module.
Print the interpreter version at startup
[ci skip]
|
| | |
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
Remove any need for callers to do version checks or encode values
specially to handle Python2 vs Python3 ctypes differences. API users
shouldn't have to care about that - encapsulate the differences in a
few functions for handling the conversions.
Add botan_cipher_query_keylen to ffi
|
|/
|
|
|
| |
Components that rely on the new Lambda-functions, do not
run under Python3 - so they are blocked if Python3 is detected.
|
| |
|
| |
|
|
|
|
|
| |
OpenSSL doesn't use RFC 6979 nonces, so if openssl was enabled ECDSA
tests would fail.
|
| |
|
|
|
|
|
|
| |
For RSA, RC4, and ECDSA put the openssl versions in the same directory
as the base version. They just rely on a macro check for the openssl
module to test for the desire to use OpenSSL.
|
|\ |
|