aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Add helper for test output files. Remove last uses of hardcoded data dir macrosJack Lloyd2015-11-165-60/+88
|
* Avoid multiplication by zero here as get_affine will reject itJack Lloyd2015-11-131-1/+1
|
* Fix bug causing TLS client to sometimes reject DHE server kexJack Lloyd2015-11-132-35/+16
| | | | | | Re-encoding the server key exchange meant that any leading zeros in the values for DHE (or SRP) would be stripped out. This would cause the signature check to fail.
* Add remove_all to TLS session manager interfaceJack Lloyd2015-11-138-48/+67
| | | | DB::spin now returns the number of rows affected
* Remove call to abort on a zero point in PointGFp::get_affine_{x,y}Jack Lloyd2015-11-131-4/+0
|
* Drop the DH group check to a weaker version of the checksJack Lloyd2015-11-131-2/+3
| | | | since the primality tests are expensive in CPU time.
* Include the version string in the test outputJack Lloyd2015-11-131-0/+2
|
* The TLS test for corrupted data was too strict in requiring thatJack Lloyd2015-11-131-30/+32
| | | | | the first block satisfy the request, since it was possible another record header appeared in some appended corrupted data.
* Add TLS_PSK testsJack Lloyd2015-11-136-88/+210
| | | | | | | | | | | Fix a bug which rejected any short server key exchanges. These can occur with a plain PSK with short or empty identity hints. Disable SHA-224 by default. Remove some vestigal RC4 cruft. Push more on the TLS corruption tests.
* Avoid calling get_files_recursive on a possible non-directory.Jack Lloyd2015-11-112-9/+10
| | | | | | | | | The Boost directory iterator throws an exception in that case. Interestingly the current VC version does not seem to. In the interests of portability just avoid this operation rather than trying to hack around it in the Boost fs version. GH #328
* Test all providers for PK operationsJack Lloyd2015-11-111-24/+103
|
* Add missing overridesJack Lloyd2015-11-112-2/+2
|
* Fix occasional test failsJack Lloyd2015-11-114-7/+70
| | | | | | | | Increase the iterations of the BigInt::random_integer test. Since things get slow quickly, leave the larger range tests to higher soak levels. In TLS, if the corrupted data causes an exception immediately that's ok because it's corrupted data.
* Add missing copyright/license notices.Jack Lloyd2015-11-112-0/+12
| | | | [ci skip]
* Update and consolidate the test framework.Jack Lloyd2015-11-1188-21675/+8717
| | | | | | | | | | | The tests previously had used 4 to 6 different schemes internally (the vec file reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a design that works everywhere, and update all the things. Fix also a few bugs found by the test changes: SHA-512-256 name incorrect, OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy was wrong.
* Add check for path validation result in Credentials_Manager. GH #324Jack Lloyd2015-11-043-6/+12
|
* Merge pull request #317 from randombit/cc-flag-sanityJack Lloyd2015-10-2718-60/+63
|\ | | | | Split up build options
| * Remove --build-mode and add individual toggles for optimization, debug,Jack Lloyd2015-10-269-11/+20
| | | | | | | | | | | | sanitizers and coverage as all 4 are usefully set independently. Use GCC 4.9 on CircleCI as it seems to be supported. Add ASan + UBSan test.
| * Remove the strange conjoining of debug and optimization flags.Jack Lloyd2015-10-2611-50/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously a build had optimizations disabled completely when debug info was emitted. But there are many reasons to use optimized builds with debug symbols (running under valgrind, against afl, with Asan/Ubsan, in prod, etc). And personally I find even debugging at -O2 or -O3 is fine most of the time and worth it for the speed. Use the (now documented!) --no-optimizations flag if no optimization is desired while debugging. This also removes the distinction between library and application compile flags; there is a single optimization level that is probably good enough for everything. On Win32 it removes definding _CONSOLE for the application. This seems to be some mythical value that may have been required at some point, but is not documented anywhere I can find. Who knows what VC thinks, hoping I don't have to add this back. It also drops defining `EBUG` which is what happens when you tell cl.exe to '/DEBUG'. LOL.
* | Add some tests of basic load/store opsJack Lloyd2015-10-271-2/+109
| |
* | Reduce workfactors in ffi tests to speed things alongJack Lloyd2015-10-271-2/+2
| |
* | Remove unused xor_buf.h (internal header merged into mem_ops.h)Jack Lloyd2015-10-271-144/+0
| |
* | Fix McEliece key gen endian dependency.Jack Lloyd2015-10-273-20/+27
| | | | | | | | | | | | | | | | | | | | | | The tests which generate McEliece keys using a deterministic RNG and fixed seed failed on PowerPC (or other big endian systems) because the vectors assumed we were creating elements little endian, which is what happend with rng.randomize(&u16, 2) on x86 Fix it to always be little endian. No particular reason to prefer one vs the other here (we're just trying for compatability with ourselves) and choosing little endian avoids having to regen the vectors.
* | Fix dist.py to handle signed git tagsJack Lloyd2015-10-261-5/+14
| | | | | | | | [ci skip]
* | Compile fixJack Lloyd2015-10-261-1/+1
| |
* | Merge pull request #314 from randombit/ct-tls-cbc-paddingJack Lloyd2015-10-2622-330/+878
|\ \ | |/ |/| TLS improvements
| * Missing include dependencyJack Lloyd2015-10-261-1/+1
| |
| * Asan fix - referencing &vec[vec.size()] instead of vec.end()Jack Lloyd2015-10-263-39/+22
| | | | | | | | Convert to a const time algo
| * TLS improvementsJack Lloyd2015-10-2520-290/+855
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Use constant time operations when checking CBC padding in TLS decryption Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes from working: on decode the session id and hello cookie would be swapped, causing confusion between client and server. Various changes in the service of finding the above DTLS bug that should have been done before now anyway - better control of handshake timeouts (via TLS::Policy), better reporting of handshake state in the case of an error, and finally expose the facility for per-message application callbacks.
* | Add missing includeJack Lloyd2015-10-261-0/+1
| |
* | Merge pull request #313 from randombit/path-validation-fixesJack Lloyd2015-10-2654-119/+2851
|\ \ | | | | | | Fix cert validation bugs found by x509test.
| * | Disable two tests from x509test which no longer have correct dates.Jack Lloyd2015-10-262-2/+5
| | | | | | | | | | | | | | | | | | These will need to be regen'ed with corrected values. Fix for minimized builds.
| * | Fix cert validation bugs found by x509test.Jack Lloyd2015-10-2354-119/+2848
| | | | | | | | | | | | Add test suite with certs from x509test
* | | Merge pull request #306 from webmaster128/update-docsSimon Warta2015-10-262-8/+2
|\ \ \ | |_|/ |/| | Update docs to avoid Shpinx errors and warnings
| * | Update doc for issuer_dn() and subject_dn()Simon Warta2015-10-202-8/+2
| | | | | | | | | | | | [ci skip]
* | | Merge pull request #312 from randombit/const-time-montyJack Lloyd2015-10-248-121/+109
|\ \ \ | | | | | | | | Make Montgomery reduction constant time.
| * | | Make Montgomery reduction constant time.Jack Lloyd2015-10-248-121/+109
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It was already close, but the carry loop would break early and selecting which value to copy out was indexed on the borrow bit. Have the carry loop run through, and add a const-time conditional copy operation and use that to copy the output. Convert ct_utils to CT namespace. Templatize the utils, which I was hesitant to do initially but is pretty useful when dealing with arbitrary word sizes. Remove the poison macros, replace with inline funcs which reads cleaner at the call site.
* / | Test botan.py using Python2 and Python3 on Linux and OS XSimon Warta2015-10-222-0/+10
|/ /
* | Add workaround for Python 3.2/3.3 behavior in binascii. GH #305Jack Lloyd2015-10-221-1/+1
| |
* | Fix a bug in botan.py found by PyPy's ctypesJack Lloyd2015-10-221-3/+12
| | | | | | | | | | | | | | | | Add toplevel note explaining what is going on with this module. Print the interpreter version at startup [ci skip]
* | Reverted version comparison relaxation, per Jack Lloyd's comment.Uri Blumenthal2015-10-211-1/+1
| |
* | Merge branch 'master' of https://github.com/randombit/botanUri Blumenthal2015-10-204-294/+277
|\ \
| * | Fix botan.py for Python3Jack Lloyd2015-10-204-246/+270
| |/ | | | | | | | | | | | | | | | | Remove any need for callers to do version checks or encode values specially to handle Python2 vs Python3 ctypes differences. API users shouldn't have to care about that - encapsulate the differences in a few functions for handling the conversions. Add botan_cipher_query_keylen to ffi
* / Made most of botan.py run under Python3.Uri Blumenthal2015-10-201-60/+101
|/ | | | | Components that rely on the new Lambda-functions, do not run under Python3 - so they are blocked if Python3 is detected.
* FixJack Lloyd2015-10-191-2/+2
|
* Make OpenSSL ECDSA and RSA request only until they can be testedJack Lloyd2015-10-191-2/+2
|
* ECDSA KATs only work for base implJack Lloyd2015-10-191-2/+2
| | | | | OpenSSL doesn't use RFC 6979 nonces, so if openssl was enabled ECDSA tests would fail.
* Add missing BOTAN_DLL to Decompression_Filter. GH #304Jack Lloyd2015-10-191-1/+1
|
* Break up openssl providerJack Lloyd2015-10-1910-23/+46
| | | | | | For RSA, RC4, and ECDSA put the openssl versions in the same directory as the base version. They just rely on a macro check for the openssl module to test for the desire to use OpenSSL.
* Make PKCS #1 and OAEP decryption operations constant time.Jack Lloyd2015-10-1910-174/+239
|\