| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Little easier to read perhaps, and helps prevent some astyle confusion.
|
|
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
|
|
|
| |
[ci skip]
|
|
|
|
|
|
| |
GH #726
[ci skip]
|
|
|
|
|
| |
Also use a const time comparison for the finished message, though
I don't see any real way of exploiting that timing channel.
|
|\ |
|
| |
| |
| |
| |
| | |
OpenSSL 1.0.2 added support for brainpool curves, so we
can use it provided the version check succeeds.
|
|/
|
|
|
|
|
|
|
| |
Some attempts at reducing overhead in ECC math tests, unclear if
really changed anything for my machine but probably can't hurt.
Fix LLVM build flags
[ci skip]
|
|
|
|
|
|
| |
The previous assert had been already put there for the benefit
of clang-analyzer, but in Clang 3.9 it does not help. Instead
test X value directly, which works.
|
|
|
|
|
|
|
| |
Matches how OpenSSL/BoringSSL fuzzers work which is useful because fuzzer
corpus can be cross-pollinated among implementations.
[ci skip]
|
|
|
|
| |
[ci skip]
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GH #754 exposed a bug in the non-Montgomery exponentiation case.
It turned out then when the fixed window was picked to any value
> 1, the result would be incorrect due to an off by one. This is
the one line fix in powm_fw.cpp
Also fix a bug in bigint_mul which caused incorrect results,
because the output BigInt was not being zeroed out before use. This
is only exposed in rare cases, found (somewhat indirectly) in
OSS-Fuzz #287.
Add more modular exponentiation tests, which would have caught
these issues earlier.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add explicit length limitations, to prevent the fuzzer from just
giving us increasingly long inputs until timeout occurs due
to non-linear algorithms.
Use LLVM fuzzer interface in all cases, and just have AFL driver
call that API when a define is set to include a main function.
OSS-Fuzz will be using the LLVM API, regardless of the fuzzing engine.
[ci skip]
|
|
|
|
| |
[ci skip]
|
| |
|
|
|
|
| |
Technically defined, but should never be seen in practical crypto context.
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
Changes all the Public_Key derived classes ctors to take a
std::vector instead of a secure_vector for the DER encoded
public key bits. There is no point in transporting a public
key in secure storage. (GH #768)
|
|/ |
|
|\ |
|
| | |
|
| |
| |
| |
| |
| |
| | |
The unpad functions return the blocksize as padding position, if the padding is invalid.
.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OSS-Fuzz just gave us a gigantic input and then timed out.
In practice ressol is only called with specific primes of various
common ECC parameter sets, so limit to 768 bits max.
[ci skip]
|
| |
| |
| |
| |
| |
| | |
Chromium oss-fuzz bug 275
[ci skip]
|
| | |
|
| |
| |
| |
| |
| |
| | |
Seemingly /dev/urandom not accessible in ClusterFuzz env
[ci skip]
|
|\ \ |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
Kind of a vestigial thing from an earlier iteration of the module
design, and never useful to specify anymore since taking all the cpp
files is what you want exactly 100% of the time.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Avoid having any files within src/lib (in any subdirs) with
the same name. That seems worth avoiding even just on the basis
of avoiding basic confusion (looked in named.cpp - no the other one...)
and may allow simplifying the build in various ways.
|
| | |
| | |
| | |
| | | |
Some attempt at consistency
|
|\ \ \ |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Allow custom extensions in CA-signed cert requests
Add templated getter for extensions
|
|\ \ \ \ |
|
| | |_|/
| |/| | |
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When the code was changed in b8966d0f89e, the offset was not changed,
so it would reject ciphertexts with exactly 8 bytes of random padding
(the required minimum).
Found by pkcs1 fuzzer which also had problems due to not having been
updated at the same time.
Add a test suite for decoding of PK decryption padding to cover the
problem cases.
|
| | |
| | |
| | |
| | | |
Don't think this can't happen outside of a fuzzer test
|
|\ \ \ |
|
| | | | |
|
|/ / / |
|
| | | |
|
| | | |
|
|\ \ \ |
|